| Title | Side-Channel Timing Attack of RSA on a GPU |
| Publication Type | Journal Article |
| Year of Publication | 2019 |
| Authors | Luo, Chao, Fei, Yunsi, Kaeli, David |
| Journal | ACM Transactions on Architecture and Code Optimization (TACO) |
| Volume | 16 |
| Pagination | 32:1-32:18 |
| Date Published | aug |
| ISSN | 1544-3566 |
| Keywords | exponentiation, GPU, pubcrawl, resilience, Resiliency, RSA, Scalability, Timing attack |
| Abstract | To increase computation throughput, general purpose Graphics Processing Units (GPUs) have been leveraged to accelerate computationally intensive workloads. GPUs have been used as cryptographic engines, improving encryption/decryption throughput and leveraging the GPU's Single Instruction Multiple Thread (SIMT) model. RSA is a widely used public-key cipher and has been ported onto GPUs for signing and decrypting large files. Although performance has been significantly improved, the security of RSA on GPUs is vulnerable to side-channel timing attacks and is an exposure overlooked in previous studies. GPUs tend to be naturally resilient to side-channel attacks, given that they execute a large number of concurrent threads, performing many RSA operations on different data in parallel. Given the degree of parallel execution on a GPU, there will be a significant amount of noise introduced into the timing channel given the thousands of concurrent threads executing concurrently. In this work, we build a timing model to capture the parallel characteristics of an RSA public-key cipher implemented on a GPU. We consider optimizations that include using Montgomery multiplication and sliding-window exponentiation to implement cryptographic operations. Our timing model considers the challenges of parallel execution, complications that do not occur in single-threaded computing platforms. Based on our timing model, we launch successful timing attacks on RSA running on a GPU, extracting the private key of RSA. We also present an effective error detection and correction mechanism. Our results demonstrate that GPU acceleration of RSA is vulnerable to side-channel timing attacks. We propose several countermeasures to defend against this class of attacks. |
| DOI | 10.1145/3341729 |
| Citation Key | luo_side-channel_2019 |
Side-Channel Timing Attack of RSA on a GPU