Paper 2022/1669

Jolt: Recovering TLS Signing Keys via Rowhammer Faults

Koksal Mus, Worcester Polytechnic Institute
Yarkın Doröz, Worcester Polytechnic Institute
M. Caner Tol, Worcester Polytechnic Institute
Kristi Rahman, Worcester Polytechnic Institute
Berk Sunar, Worcester Polytechnic Institute
Abstract

Digital Signature Schemes such as DSA, ECDSA, and RSA are widely deployed to protect the integrity of security protocols such as TLS, SSH, and IPSec. In TLS, for instance, RSA and (EC)DSA are used to sign the state of the agreed upon protocol parameters during the handshake phase. Naturally, RSA and (EC)DSA implementations have become the target of numerous attacks, including powerful side-channel attacks. Hence, cryptographic libraries were patched repeatedly over the years. Here we introduce Jolt, a novel attack targeting signature scheme implementations. Our attack exploits faulty signatures gained by injecting faults during signature generation. By using the signature verification primitive, we correct faulty signatures and, in the process deduce bits of the secret signing key. Compared to recent attacks that exploit single bit biases in the nonce that require $2^{45}$ signatures, our attack requires less than a thousand faulty signatures for a $256$-bit (EC)DSA. The performance improvement is due to the fact that our attack targets the secret signing key, which does not change across signing sessions. We show that the proposed attack also works on Schnorr and RSA signatures with minor modifications. We demonstrate the viability of Jolt by running experiments targeting TLS handshakes in common cryptographic libraries such as WolfSSL, OpenSSL, Microsoft SymCrypt, LibreSSL, and Amazon s2n. On our target platform, the online phase takes less than 2 hours to recover $192$ bits of a $256$-bit ECDSA key, which is sufficient for full key recovery. We note that while RSA signatures are protected in popular cryptographic libraries, OpenSSL remains vulnerable to double fault injection. We have also reviewed their Federal Information Processing Standard (FIPS) hardened versions which are slightly less efficient but still vulnerable to our attack. We found that (EC)DSA signatures remain largely unprotected against software-only faults, posing a threat to real-life deployments such as TLS, and potentially other security protocols such as SSH and IPSec. This highlights the need for a thorough review and implementation of faults checking in security protocol implementations.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Published elsewhere. IEEE Symposium on Security and Privacy 2023
Keywords
TLS attacksignature correction attackRowhammer attackfault attacksmicroarchitectural attacks
Contact author(s)
kmus @ wpi edu
ydoroz @ wpi edu
mtol @ wpi edu
krahman @ wpi edu
sunar @ wpi edu
History
2023-04-13: revised
2022-11-30: received
See all versions
Short URL
https://ia.cr/2022/1669
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1669,
      author = {Koksal Mus and Yarkın Doröz and M. Caner Tol and Kristi Rahman and Berk Sunar},
      title = {Jolt: Recovering TLS Signing Keys via Rowhammer Faults},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1669},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1669}},
      url = {https://eprint.iacr.org/2022/1669}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.