IODINE: Verifying Constant-Time Execution of Hardware

Klaus von Gleissenthal; Rami Gökhan Klcl; Deian Stefan; Ranjit Jhala

IODINE: Verifying Constant-Time Execution of Hardware

Klaus von Gleissenthal
, Rami Gökhan Klcl
, Deian Stefan
, Ranjit Jhala

Research output: Chapter in Book / Report / Conference proceeding › Chapter › Academic › peer-review

Abstract

To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its labyrinthine fast-paths and optimizations. A promising way to avoid timing vulnerabilities is to devise – and verify – conditions under which a hardware design is free of timing variability, i.e., executes in constant-time. In this paper, we present IODINE: a clock-precise, constant-time approach to eliminating timing side channels in hardware. IODINE succeeds in verifying various open source hardware designs in seconds and with little developer effort. IODINE also discovered two constant-time violations: one in a floating-point unit and another one in an RSA encryption module.

Original language	English
Title of host publication	28th USENIX Security Symposium 2019
Publisher	USENIX
Publication status	Published - 2019

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy

Persistent URL (handle)

Persistent link

Cite this

@inbook{99c62b837e6b444aa1a851e45cc8742b,

title = "IODINE: Verifying Constant-Time Execution of Hardware",

abstract = "To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its labyrinthine fast-paths and optimizations. A promising way to avoid timing vulnerabilities is to devise – and verify – conditions under which a hardware design is free of timing variability, i.e., executes in constant-time. In this paper, we present IODINE: a clock-precise, constant-time approach to eliminating timing side channels in hardware. IODINE succeeds in verifying various open source hardware designs in seconds and with little developer effort. IODINE also discovered two constant-time violations: one in a floating-point unit and another one in an RSA encryption module.",

author = "\{von Gleissenthal\}, Klaus and Klcl, \{Rami G{\"o}khan\} and Deian Stefan and Ranjit Jhala",

year = "2019",

language = "English",

booktitle = "28th USENIX Security Symposium 2019",

publisher = "USENIX",

}

TY - CHAP

T1 - IODINE: Verifying Constant-Time Execution of Hardware

AU - von Gleissenthal, Klaus

AU - Klcl, Rami Gökhan

AU - Stefan, Deian

AU - Jhala, Ranjit

PY - 2019

Y1 - 2019

N2 - To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its labyrinthine fast-paths and optimizations. A promising way to avoid timing vulnerabilities is to devise – and verify – conditions under which a hardware design is free of timing variability, i.e., executes in constant-time. In this paper, we present IODINE: a clock-precise, constant-time approach to eliminating timing side channels in hardware. IODINE succeeds in verifying various open source hardware designs in seconds and with little developer effort. IODINE also discovered two constant-time violations: one in a floating-point unit and another one in an RSA encryption module.

AB - To be secure, cryptographic algorithms crucially rely on the underlying hardware to avoid inadvertent leakage of secrets through timing side channels. Unfortunately, such timing channels are ubiquitous in modern hardware, due to its labyrinthine fast-paths and optimizations. A promising way to avoid timing vulnerabilities is to devise – and verify – conditions under which a hardware design is free of timing variability, i.e., executes in constant-time. In this paper, we present IODINE: a clock-precise, constant-time approach to eliminating timing side channels in hardware. IODINE succeeds in verifying various open source hardware designs in seconds and with little developer effort. IODINE also discovered two constant-time violations: one in a floating-point unit and another one in an RSA encryption module.

M3 - Chapter

BT - 28th USENIX Security Symposium 2019

PB - USENIX

ER -

IODINE: Verifying Constant-Time Execution of Hardware

Abstract

UN SDGs

Persistent URL (handle)

Fingerprint

Cite this