Attacking OpenSSL using Side-channel Attacks: The RSA case study

Presented at Still Hacking Anyway (SHA2017), Aug. 4, 2017, 5:40 p.m. (75 minutes).

Side channel attacks (SCA) gained attention in the past years. New low cost tools like Chip-Whisperer proved that these attacks are not any more a theoretical, academic risk but a real threat to the security of the embedded systems. Many cryptographic products are now being developed having this attacks in mind and countermeasures are being implemented. This is the case of the omnipresent OpenSSL, which implement protections against side channel attacks to prevent the extraction of the secret key. In our presentation, we will briefly introduce SCA to the audience and discuss later the countermeasures implemented in the OpenSSL RSA and our attack that allows us to bypass them. #NetworkSecurity

Presenters:

• Praveen Vadnala
  
• Lukasz Chmielewski
  An security analyst working in the field of computer security. Specialties: side channel analysis, fault injection, and public key cryptography, especially ECC.

Links:

• https://program.sha2017.org/events/169.html

Similar Presentations:

• 30C3 (2013) / Extracting keys from FPGAs, OTP Tokens and Door Locks: Side-Channel (and other) Attacks in Practice
• ToorCon San Diego 16 (2014) / Time Trial: Racing Towards Practical Timing Attacks
• Black Hat Asia 2017 / Breaking Korea Transit Card with Side-Channel Attack - Unauthorized Recharging