Utilizing Performance Counters for Compromising Public Key Ciphers

Hardware performance counters (HPCs) are useful artifacts for evaluating the performance of software implementations. Recently, HPCs have been made more convenient to use without requiring explicit kernel patches or superuser privileges. However, in this article, we highlight that the information revealed by HPCs can be also exploited to attack standard implementations of public key algorithms. In particular, we analyze the vulnerability due to the event branch miss leaked via the HPCs during execution of the target ciphers. We present an iterative attack that targets the key bits of 1,024-bit RSA and 256-bit ECC, whereas in the offline phase, the system’s underlying branch predictor is approximated by a theoretical predictor in the literature. Subsimulations are performed corresponding to each bit guess to classify the message space into distinct partitions based on the event branch misprediction and the target key bit value. In the online phase, branch mispredictions obtained from the hardware performance monitors on the target system reveal the secret key bits. We also theoretically prove that the probability of success of the attack is equivalent to the accurate modeling of the theoretical predictor to the underlying system predictor. In addition, we propose an improved version of the attack that requires fewer branch misprediction traces from the HPCs to recover the secret. Experimentations using both attack strategies have been provided on Intel Core 2 Duo, Core i3, and Core i5 platforms for 1,024-bit implementation of RSA and 256-bit scalar multiplication over the secp256r1 curve followed by results on the effect of change of parameters on the success rate. The attack can successfully reveal the exponent bits and thus seeks attention to model secure branch predictors such that it inherently prevents information leakage.