Date of Graduation

8-2022

Document Type

Thesis

Degree Name

Master of Science in Computer Science (MS)

Degree Level

Graduate

Department

Computer Science & Computer Engineering

Advisor/Mentor

Nelson, Alexander H.

Committee Member

Huang, Miaoqing

Second Committee Member

Andrews, David

Keywords

Post-Quantum Cryptography; Rowhammer; Security; Side-Channel

Abstract

Modern cryptographic algorithms such as AES and RSA are effectively used for securing data transmission. However, advancements in quantum computing pose a threat to modern cryptography algorithms due to the potential of solving hard mathematical problems faster than conventional computers. Thus, to prepare for quantum computing, NIST has started a competition to standardize quantum-resistant public-key cryptography algorithms. These algorithms are evaluated for strong theoretical security and run-time performance. NIST is in the third round of the competition, and the focus has shifted to analyzing the vulnerabilities to side-channel attacks. One algorithm that has gained notice is the Round 3 alternate FrodoKEM, a lattice-based scheme whose security is based on the hardness of the Learning with Errors problem. Although FrodoKEM possesses strong security proofs and comparatively efficient implementations, the side-channel security of the scheme has not been fully explored. This thesis introduces a side-channel attack to recover the secret key against the post-quantum FrodoKEM algorithm. This attack is accomplished by violating the integrity of the FrodoKEM key generation using the rowhammer side-channel. The rowhammer exploit is a result of fast memory accesses to specific locations in DRAM, causing bits to flip in nearby memory. Using rowhammer, specific bits are flipped in the FrodoKEM error matrix, causing the key generation to output a "poisoned" public key. With the location of the flipped bits known, an adversary can obtain decryption failures at a higher rate compared to an honest user. This allows for secret information to be obtained via a decryption failure attack. Multiple engineering strategies are implemented in this thesis to accomplish this attack. The attack requires extremely precise rowhammering: too many bit flips and the decryption failures will be too great for honest users, and too little bit flips will not give the adversary enough decryption failures. Additionally, a memory massaging technique known as the "Feng Shui" is performed to force the victim's memory into vulnerable pages pre-selected from profiling. Finally, performance degradation is implemented to impede the key generation, allowing for a larger window of time to accomplish the rowhammer attack. This thesis demonstrates a full attack on the FrodoKEM-640 algorithm to recover the encapsulated session key.

Share

COinS