Skip to main content
SpringerLink
Log in

Memory Tampering Attack on Binary GCD Based Inversion Algorithms

  • Published:
International Journal of Parallel Programming Aims and scope Submit manuscript

Abstract

In the field of cryptography engineering, implementation-based attacks are a major concern due to their proven feasibility. Fault injection is one attack vector, nowadays a major research line. In this paper, we present how a memory tampering-based fault attack can be used to severely limit the output space of binary GCD based modular inversion algorithm implementations. We frame the proposed attack in the context of ECDSA showing how this approach allows recovering the private key from only one signature, independent of the key size. We analyze two memory tampering proposals, illustrating how this technique can be adapted to different implementations. Besides its application to ECDSA, it can be extended to other cryptographic schemes and countermeasures where binary GCD based modular inversion algorithms are employed. In addition, we describe how memory tampering-based fault attacks can be used to mount a previously proposed fault attack on scenarios that were initially discarded, showing the importance of including memory tampering attacks in the frameworks for analyzing fault attacks and their countermeasures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. Runs were serially executed on an Intel i7-3770 3.4 GHz using a Python implementation of the attack.

  2. Detailed format description of this file can be found in [40].

References

  1. Acıiçmez, O., Gueron, S., Seifert, J-P.: New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures. Cryptography and Coding, volume 4887 of Lecture Notes in Computer Science, pp. 185–203. Springer, Berlin (2007)

  2. Aldaya, A.C., Sarmiento, A.J.C., Sánchez-Solano, S.: AES T-Box tampering attack. J. Cryptogr. Eng. 6(1), 31–48 (2016)

    Article  Google Scholar 

  3. Aldaya, A.C., Sarmiento, A.J.C., Sánchez-Solano, S.: SPA vulnerabilities of the binary extended Euclidean algorithm. J. Cryptogr. Eng. 7(4), 273–285 (2017)

    Article  Google Scholar 

  4. Aldaya, A.C., Cuiman Márquez, R., Cabrera Sarmiento, A.J., Sánchez-Solano, S.: Side-channel analysis of the modular inversion step in the RSA key generation algorithm. Int. J. Circuit Theory Appl. 45(2), 199–213 (2017)

    Article  Google Scholar 

  5. Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 105–114. IEEE (2011)

  6. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proc. IEEE 94(2), 370–382 (2006)

    Article  Google Scholar 

  7. Bhasin, S., Danger, J-L., Guilley, S., Ngo, XT, Sauvage, L.: Hardware Trojan horses in cryptographic IP cores. In: 2013 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 15–29. IEEE (2013)

  8. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Annual International Cryptology Conference (CRYPTO). Springer, pp. 131–146 (2000)

  9. Bos, J.W.: Constant time modular inversion. J. Cryptogr. Eng. 4(4), 275–281 (2014)

    Article  Google Scholar 

  10. Boscher, A., Handschuh, H., Trichina, E.: Blinded fault resistant exponentiation revisited. In: 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). IEEE, pp. 3–9 (2009)

  11. Ciet, M., Joye, M.: Elliptic curve cryptosystems in the presence of permanent and transient faults. Des. Codes Cryptogr. 36(1), 33–43 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  12. Danger, J.-L., Guilley, S., Hoogvorst, P., Murdica, C., Naccache, D.: A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards. J. Cryptogr. Eng 3(4), 241–265 (2013)

    Article  Google Scholar 

  13. De Dormale, G.M., Bulens, P., Quisquater, J.-J.: An improved montgomery modular inversion targeted for efficient implementation on FPGA. In: Proceedings of 2004 IEEE International Conference on Field-Programmable Technology, 2004. IEEE, pp. 441–444 (2004)

  14. De Mulder, E., Hutter, M., Marson, M.E., Pearson, P.: Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: extended version. J. Cryptogr. Eng. 4(1), 33–45 (2014)

    Article  Google Scholar 

  15. Escobar, F.A., Chang, X., Valderrama, C.: Suitability analysis of FPGAS for heterogeneous platforms in HPC. IEEE Trans. Parallel Distrib. Syst. 27(2), 600–61 (2016)

    Article  Google Scholar 

  16. Fan, J., Gierlichs, B., Vercauteren, F.: To infinity and beyond: combined attack on ECC using points of low order. In: International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, pp. 143–159 (2011)

  17. García, C.P., Brumley, B.B.: Constant-time callees with variable-time callers. In: 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC. USENIX Association, pp. 83–98 (2017)

  18. Güneysu, T.: Utilizing hard cores of modern FPGA devices for high-performance cryptography. J. Cryptogr. Eng. 1(1), 37–55 (2011)

    Article  Google Scholar 

  19. Johnson, A.P., Saha, S., Chakraborty, R.S., Mukhopadhyay, D., Gören, S.: Fault attack on AES via hardware Trojan insertion by dynamic partial reconfiguration of FPGA over ethernet. In: Proceedings of the 9th Workshop on Embedded Systems Security. ACM, p. 1 (2014)

  20. Kaliski Jr., B.S.: The Montgomery inverse and its applications. IEEE Trans. Comput. 44(8), 1064–1065 (1995)

    Article  MATH  Google Scholar 

  21. Kiss, Á., Krämer, J., Rauzy, P., Seifert, J.-P.: Algorithmic countermeasures against fault attacks and power analysis for RSA-CRT. In: International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE). Springer, pp. 111–129 (2016)

  22. Knuth, D.E.: Seminumerical Algorithms, Volume 2 of The Art of Computer Programming. Addison-Wesley, Boston (1981)

    MATH  Google Scholar 

  23. Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Advances in Cryptology (CRYPTO). Springer, Berlin, pp. 388–397 (1999)

  24. Krämer, J.: Why Cryptography Should Not Rely on Physical Attack Complexity, 1st edn. Springer, Berlin (2015)

    Book  Google Scholar 

  25. Moradi, A., Kasper, M., Paar, C.: Black-box side-channel attacks highlight the importance of countermeasures. In: Topics in Cryptology–CT-RSA 2012, San Francisco, USA. Springer, pp. 1–18 (2012)

  26. Moradi, A., Schneider, T.: Improved side-channel analysis attacks on Xilinx bitstream encryption of 5, 6, and 7 series. In: Standaert, F-X., Oswald, E., (eds.) Constructive Side-Channel Analysis and Secure Design. Springer, Cham, pp. 71–87 (2016)

  27. Moro, N., Heydemann, K., Encrenaz, E., Robisson, B.: Formal verification of a software countermeasure against instruction skip attacks. J. Cryptogr. Eng. 4(3), 145–156 (2014)

    Article  Google Scholar 

  28. National Institute of Standards and Technlogy (NIST). Digital Signature Standard (DSS). FIPS 186-4 (2013)

  29. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptogr. 30(2), 201–217 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  30. Popp, T.: An introduction to implementation attacks and countermeasures. In: Proceedings of the 7th IEEE/ACM International Conference on Formal Methods and Models for Codesign. IEEE Press, pp. 108–115 (2009)

  31. Roy, D.B., Bhasin, S., Guilley, S., Danger, J.-L., Mukhopadhyay, D., Ngo, X.T., Najm, Z.: Reconfigurable lut: a double edged sword for security-critical applications. In: International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, pp. 248–268 (2015)

  32. Savaş, E., Koç, Ç.K.: Montgomery inversion. J. Cryptogr. Eng. 8(3), 201–210 (2018)

    Article  Google Scholar 

  33. Schaumont, P.R.: A Practical Introduction to Hardware/Software Codesign. Springer, Berlin (2012)

    MATH  Google Scholar 

  34. Shah, S., Velegalati, R., Kaps, J.-P., Hwang, D.: Investigation of DPA resistance of block RAMs in cryptographic implementations on FPGAs. In: 2010 International Conference on Reconfigurable Computing and FPGAs (ReConFig). IEEE, pp. 274–279 (2010)

  35. Stein, J.: Computational problems associated with Racah algebra. J. Comput. Phys. 1(3), 397–405 (1967)

    Article  MATH  Google Scholar 

  36. Swierczynski, P., Becker, G.T., Moradi, A., Paar, C.: Bitstream fault injections (BiFI)-automated fault attacks against SRAM-based FPGAs. IEEE Trans. Comput. 67(3), 348–360 (2017)

    Article  MathSciNet  MATH  Google Scholar 

  37. Swierczynski, P., Fyrbiak, M., Koppe, P., Moradi, A., Paar, C.: Interdiction in practice–hardware Trojan against a high-security USB flash drive. J. Cryptogr. Eng. 7(3), 199–211 (2017)

    Article  Google Scholar 

  38. Swierczynski, P., Fyrbiak, M., Koppe, P., Paar, C.: FPGA Trojans through detecting and weakening of cryptographic primitives. IEEE Trans. CAD Integr. Circuits Syst. 34(8), 1236–1249 (2015)

    Article  Google Scholar 

  39. Trichina, E., Bellezza, A.: Implementation of elliptic curve cryptography with built-in counter measures against side channel attacks. In: International Workshop on Cryptographic Hardware and Embedded Systems (CHES). Springer, pp. 98–113 (2002)

  40. Xilinx Inc. Data2MEM User Guide (2010)

  41. Xilinx Inc. Vivado Design Suite User Guide: Embedded Processor Hardware Design (2017)

Download references

Acknowledgements

This work was partially funded by Academy of Finland (Grant No. 303814) and Spanish Government (with support from FEDER) (Project No. TEC2017-83557-R).

Author information

Authors and Affiliations

  1. Universidad Tecnológica de la Habana José Antonio Echeverría (CUJAE), La Habana, Cuba

    Alejandro Cabrera Aldaya & Alejandro J. Cabrera Sarmiento

  2. Tampere University of Technology, Tampere, Finland

    Billy Bob Brumley

  3. Instituto de Microelectrónica de Sevilla, IMSE-CNM, CSIC/Universidad de Sevilla, Seville, Spain

    Santiago Sánchez-Solano

Authors
  1. Alejandro Cabrera Aldaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Billy Bob Brumley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alejandro J. Cabrera Sarmiento
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Santiago Sánchez-Solano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alejandro Cabrera Aldaya.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Xilinx FPGAs Embedded Block Memory Tampering Procedure

Xilinx FPGAs Embedded Block Memory Tampering Procedure

This section describes a procedure for extracting and modifying Xilinx FPGA embedded block memory content from bitstream files. This procedure was partially described in [2] and is based on Xilinx data2mem tool public documentation [40]. The described flow applies for Spartan-6 and below FPGA families, for 7 Series family, the process is very similar following [41]. During this section it is assumed that the adversary obtained the bitstream for a given FPGA and it does not contain any protection.

SRAM-based FPGAs at every power-on cycle are configured with a bitstream file. It is often called a “file” as it is produced at development stage using software tools, however, the content of this file is, usually, stored in non-volatile memory external to the FPGA for ensuring the power-on cycle. This file contains the synthesized hardware encoded in a non-public format. While almost every change in the bitstream requires hardware design re-synthesis, changing embedded flow memory content does not.

This modification is possible using the Xilinx tool data2mem which was specifically developed for this use case [40]. In addition to this usage, this tool has a debug option (i.e. -d flag) that allows extracting the content of any embedded block memory (BRAM) from a bitstream file. Therefore, data2mem could be seen as a BRAM content encoder/decoder from the non-public bitstream format. Thus, employing this tool it is possible to have read/write access to the content of any BRAM used in the design.

The general procedure for tampering embedded block memory content follows:

  1. 1.

    Read the content of all BRAMs in a given bitstream.

  2. 2.

    Identify which BRAM stores the value of interest and its address.

  3. 3.

    Tamper said BRAM with the malicious value.

These steps are deterministic, free of errors and their running times are negligible. The next two sections describe them in detail.

1.1 Reading BRAMs Content

For reading BRAM content from a bitstream file, data2mem requires the bitstream file itself and a BMM (i.e. BRAM Memory Map) file that indicates which BRAM to be read.Footnote 2 An adversary at first does not known at which BRAM the targeted value is stored nor its address. However, using public documentation of the FPGA part number it is possible to create a BMM file that maps every BRAM in that FPGA. Then using the data2mem tool with the -d flag an output file is obtained with the content of every BRAM in the bitstream [40].

Therefore, using this simple and deterministic procedure the adversary can read all BRAM content and identify which one contains the value of interest. In addition, the adversary also extracts at which address of said BRAM the value is stored.

Regarding the application to the BEEA explained in Sect. 4, this targeted value is the input modulus that is usually known for an adversary (see ECDSA example in Sect. 5). Therefore, its identification is immediate.

1.2 Tampering BRAMs Content

Having identified which BRAM and address will be tampered, the adversary can use the tool data2mem for modifying a given BRAM address. In this use case, this tool needs (i) the targeted bitstream (ii) a BMM file indicating which BRAM to modify (iii) a file with the new content [40]. After executing this tool with these input files, a new bitstream file is obtained that is compliant with Xilinx format. Therefore, it can be used to configure an FPGA and observe its behavior with the tampered value.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aldaya, A.C., Brumley, B.B., Sarmiento, A.J.C. et al. Memory Tampering Attack on Binary GCD Based Inversion Algorithms. Int J Parallel Prog 47, 621–640 (2019). https://doi.org/10.1007/s10766-018-0610-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10766-018-0610-x

Keywords

Search

Navigation