RegRSA: Using Registers as Buffers to Resist Memory Disclosure Attacks

Abstract : Memory disclosure attacks, such as cold-boot attacks and DMA attacks, allow attackers to access all memory contents, therefore introduce great threats to plaintext sensitive data in memory. Register-based and cache-based schemes have been used to implement RSA securely, at the expense of decreased performance. In this paper, we propose another concept named register buffer, which makes use of all available registers as secure data buffer, no matter scalar registers or vector registers. The plaintext sensitive data only appear in register buffer. Based on this concept, we finish a security implementation of 2048-bit RSA called RegRSA, to defeat against memory disclosure attacks. The 1024-bit Montgomery multiplication in RegRSA runs entirely in register buffer, by performing computations using scalar instructions and registers, maintaining intermediate variables in vector registers. Due to the size limitation of register buffer, several variables out of Montgomery multiplications are spilled into memory. RegRSA encrypts these variables with AES before saving in memory. Furthermore, RegRSA employs a windowing method and the CRT speed-up to accelerate RSA, and minimizes the data exchange between registers and memory to reduce the workload of AES encryption/decryption. The evaluation on Intel Haswell i7-4770R shows that, the performance of RegRSA achieves a factor of 0.74 compared to the regular RSA implementation in OpenSSL and is much greater than PRIME, the existing register-based scheme for 2048-bit RSA. Moreover, RegRSA allows multiple instances to run on a multi-core CPU simultaneously, which makes it more practical for the real-world applications.
Type de document :
Communication dans un congrès
Jaap-Henk Hoepman; Stefan Katzenbeisser. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016, Ghent, Belgium. IFIP Advances in Information and Communication Technology, AICT-471, pp.293-307, 2016, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-33630-5_20〉
Liste complète des métadonnées

Littérature citée [28 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01369563
Contributeur : Hal Ifip <>
Soumis le : mercredi 21 septembre 2016 - 10:57:31
Dernière modification le : mercredi 21 septembre 2016 - 11:18:05
Document(s) archivé(s) le : jeudi 22 décembre 2016 - 12:50:29

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yuan Zhao, Jingqiang Lin, Wuqiong Pan, Cong Xue, Fangyu Zheng, et al.. RegRSA: Using Registers as Buffers to Resist Memory Disclosure Attacks. Jaap-Henk Hoepman; Stefan Katzenbeisser. 31st IFIP International Information Security and Privacy Conference (SEC), May 2016, Ghent, Belgium. IFIP Advances in Information and Communication Technology, AICT-471, pp.293-307, 2016, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-33630-5_20〉. 〈hal-01369563〉

Partager

Métriques

Consultations de la notice

28