Skip to main content
SpringerLink
Log in
Book cover

International Conference on Cryptology and Network Security

CANS 2008: Cryptology and Network Security pp 349–365Cite as

Workload Characterization of a Lightweight SSL Implementation Resistant to Side-Channel Attacks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5339))

Abstract

Ever-growing mobility and ubiquitous wireless Internet access raise the need for secure communication with devices that may be severely constrained in terms of processing power, memory capacity and network speed. In this paper we describe a lightweight implementation of the Secure Sockets Layer (SSL) protocol with a focus on small code size and low memory usage. We integrated a generic public-key crypto library into this SSL stack to support elliptic curve cryptography over arbitrary prime and binary fields. Furthermore, we aimed to secure the SSL handshake against side-channel attacks (in particular simple power analysis) by eliminating all data-dependent or key-dependent branches and memory accesses from the arithmetic operations and compare the resulting performance with an unprotected implementation. Our lightweight SSL stack has only 6% of the code size and RAM requirements of OpenSSL, but outperforms it in point multiplication over prime fields when no appropriate countermeasures against side-channel attacks are implemented. With such countermeasures, however, the execution time of a typical SSL handshake increases by roughly 50%, but still completes in less than 160 msec on a 200 MHz iPAQ PDA when using an elliptic curve over a 192-bit prime field.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Improving Brumley and Boneh timing attack on unprotected SSL implementations. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), pp. 139–146. ACM Press, New York (2005)

    Google Scholar 

  2. Avanzi, R.M.: Side channel attacks on implementations of curve-based cryptographic primitives. Cryptology ePrint Archive, Report 2005/017 (2005), http://eprint.iacr.org

  3. Bernstein, D.J.: Cache-timing attacks on AES (preprint, 2005), http://cr.yp.to/mac.html#cachetiming

  4. Blake, I.F., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)

    Book  MATH  Google Scholar 

  5. Blake, I.F., Seroussi, G., Smart, N.P.: Advances in Elliptic Curve Cryptography. Cambridge University Press, Cambridge (2005)

    Book  MATH  Google Scholar 

  6. Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., Möller, B.: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). Internet Engineering Task Force, Network Working Group, RFC 4492 (2006)

    Google Scholar 

  7. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of 12th USENIX Security Symposium (SECURITY 2003), pp. 1–14. USENIX (2003)

    Google Scholar 

  8. Canvel, B., Hiltgen, A.P., Vaudenay, S., Vuagnoux, M.: Password interception in an SSL/TLS channel. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 583–599. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers 53(6), 760–768 (2004)

    Article  MATH  Google Scholar 

  10. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  11. Dierks, T., Rescorla, E.K.: The Transport Layer Security (TLS) Protocol Version 1.1. Internet Engineering Task Force, Network Working Group, RFC 4346 (2006)

    Google Scholar 

  12. Freier, A.O., Karlton, P., Kocher, P.C.: The SSL Protocol Version 3.0. Internet Draft (1996), http://wp.netscape.com/eng/ssl3/draft302.txt

  13. Goubin, L.: A refined power-analysis attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  14. Gupta, V., Gupta, S., Chang Shantz, S., Stebila, D.: Performance analysis of elliptic curve cryptography for SSL. In: Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe 2002), pp. 87–94. ACM Press, New York (2002)

    Chapter  Google Scholar 

  15. Gura, N., Eberle, H., Chang Shantz, S.: Generic implementations of elliptic curve cryptography using partial reduction. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 108–116. ACM Press, New York (2002)

    Chapter  Google Scholar 

  16. Hankerson, D.R., Menezes, A.J., Vanstone, S.A.: Guide to Elliptic Curve Cryptography. Springer, Heidelberg (2004)

    MATH  Google Scholar 

  17. Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  18. Kaufman, C., Perlman, R., Speciner, M.: Network Security: Private Communication in a Public World. Prentice Hall, Englewood Cliffs (2002)

    Google Scholar 

  19. Koç, Ç.K., Acar, T.: Montgomery multiplication in GF(2k). Designs, Codes and Cryptography 14(1), 57–69 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  20. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  21. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  22. Lenzlinger, B., Zingg, A.: Mini Web Server supporting SSL. M.Sc. Thesis, Zurich University of Applied Sciences Winterthur (2000)

    Google Scholar 

  23. López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(2m) without precomputation. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 316–327. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  24. López, J., Dahab, R.: High-speed software multiplication in \(\mathrm{I\!F}_{2^{m}}\). In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 203–212. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  25. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  26. Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 324–334. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  27. Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  28. National Institute of Standards and Technology (NIST). Recommend Elliptic Curves for Federal Government use. Technical report (1999), http://csrc.nist.gov/CryptoToolkit

  29. Okeya, K., Sakurai, K.: A second-order DPA attack breaks a window-method based countermeasure against side channel attacks. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 389–401. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  30. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  31. PeerSec Networks, Inc. MatrixSSL 1.7.1 (September 2005), http://www.matrixssl.org

  32. Solinas, J.A.: Low-Weight Binary Representations for Pairs of Integers. Technical report CORR 2001-41, University of Waterloo, Waterloo, Canada (2001)

    Google Scholar 

  33. Stebila, D., Thériault, N.: Unified point addition formulæ and side-channel attacks. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 354–368. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  34. Walter, C.D., Thompson, S.: Distinguishing exponent digits by observing modular subtractions. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 192–207. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  35. Walter, C.D.: Simple power analysis of unified code for ECC double and add. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 191–204. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  36. Yanık, T., Savaş, E., Koç, Ç.K.: Incomplete reduction in modular arithmetic. IEE Proceedings – Computers and Digital Techniques 149(2), 46–52 (2002)

    Article  Google Scholar 

  37. Zhao, L., Iyer, R., Makineni, S., Bhuyan, L.: Anatomy and performance of SSL processing. In: Proceedings of the 5th International Symposium on Performance Analysis of Systems and Software (ISPASS 2005), pp. 197–206. IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. FH Campus Wien – University of Applied Sciences, Daumegasse 3, A–1100, Vienna, Austria

    Manuel Koschuch, Matthias Hudler & Michael Krüger

  2. Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom

    Johann Großschädl

  3. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A–8010, Graz, Austria

    Udo Payer

Authors
  1. Manuel Koschuch
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Johann Großschädl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Udo Payer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Matthias Hudler
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Michael Krüger
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of California, Davis, USA

    Matthew K. Franklin

  2. Department of Computer Science, The University of Hong Kong, Pokfulam Road, Hong Kong, China

    Lucas Chi Kwong Hui

  3. Department of Computer Science, City University of Hong Kong, Hong Kong, Hong Kong

    Duncan S. Wong

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Koschuch, M., Großschädl, J., Payer, U., Hudler, M., Krüger, M. (2008). Workload Characterization of a Lightweight SSL Implementation Resistant to Side-Channel Attacks. In: Franklin, M.K., Hui, L.C.K., Wong, D.S. (eds) Cryptology and Network Security. CANS 2008. Lecture Notes in Computer Science, vol 5339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89641-8_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89641-8_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89640-1

  • Online ISBN: 978-3-540-89641-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation