Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CipherGuard: Compiler-aided Mitigation against Ciphertext Side-channel Attacks

Ke Jiang, Sen Deng, Yinshuai Li, Shuai Wang, Tianwei Zhang, Yinqian Zhang

TL;DR

CipherGuard tackles ciphertext side channels in TEEs caused by deterministic memory encryption by introducing a compiler-based mitigation that integrates dynamic taint analysis with static program rewriting. It implements three complementary defenses—software-assisted probabilistic encryption, secret-aware register allocation, and diversion-based obfuscation—along with robust nonce management and formal correctness proofs. Empirical results across major cryptographic libraries show substantial improvements over prior work, achieving an average overhead as low as $1.41\times$ and up to $1.95\times$ in their most efficient configuration, with stronger coverage than post-hoc binary masking. The work highlights the practicality and portability of compiler-driven defenses, offering verifiable, high-coverage protection that can be extended to other compilers and cryptographic workloads while maintaining functional correctness."

Abstract

Recently, the new ciphertext side channels resulting from the deterministic memory encryption in Trusted Execution Environments (TEEs), enable ciphertexts to manifest identifiable patterns when being sequentially written to the same memory address. Attackers with read access to encrypted memory in TEEs can potentially deduce plaintexts by analyzing these changing ciphertext patterns. In this paper, we design CipherGuard, a compiler-based mitigation tool to counteract ciphertext side channels with high efficiency and security guarantees. CipherGuard is based on the LLVM ecosystem, and encompasses multiple defense strategies, including software-assisted probabilistic encryption, secret-aware register allocation, and diversion-based obfuscation. The design of CipherGuard demonstrates that compiler techniques are highly effective for fine-grained control over mitigation code generation and assisted component management. Through a comprehensive evaluation, it demonstrates that CipherGuard can strengthen the security of various cryptographic implementations more efficiently than existing state-of-the-art defense, i.e., CipherFix. In its most efficient strategy, CipherGuard incurs an average performance overhead of only 1.41X, with a maximum of 1.95X.

CipherGuard: Compiler-aided Mitigation against Ciphertext Side-channel Attacks

TL;DR

CipherGuard tackles ciphertext side channels in TEEs caused by deterministic memory encryption by introducing a compiler-based mitigation that integrates dynamic taint analysis with static program rewriting. It implements three complementary defenses—software-assisted probabilistic encryption, secret-aware register allocation, and diversion-based obfuscation—along with robust nonce management and formal correctness proofs. Empirical results across major cryptographic libraries show substantial improvements over prior work, achieving an average overhead as low as and up to in their most efficient configuration, with stronger coverage than post-hoc binary masking. The work highlights the practicality and portability of compiler-driven defenses, offering verifiable, high-coverage protection that can be extended to other compilers and cryptographic workloads while maintaining functional correctness."

Abstract

Recently, the new ciphertext side channels resulting from the deterministic memory encryption in Trusted Execution Environments (TEEs), enable ciphertexts to manifest identifiable patterns when being sequentially written to the same memory address. Attackers with read access to encrypted memory in TEEs can potentially deduce plaintexts by analyzing these changing ciphertext patterns. In this paper, we design CipherGuard, a compiler-based mitigation tool to counteract ciphertext side channels with high efficiency and security guarantees. CipherGuard is based on the LLVM ecosystem, and encompasses multiple defense strategies, including software-assisted probabilistic encryption, secret-aware register allocation, and diversion-based obfuscation. The design of CipherGuard demonstrates that compiler techniques are highly effective for fine-grained control over mitigation code generation and assisted component management. Through a comprehensive evaluation, it demonstrates that CipherGuard can strengthen the security of various cryptographic implementations more efficiently than existing state-of-the-art defense, i.e., CipherFix. In its most efficient strategy, CipherGuard incurs an average performance overhead of only 1.41X, with a maximum of 1.95X.

Paper Structure

This paper contains 32 sections, 7 theorems, 11 equations, 11 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Ciphertext Side-Channel Attacks
  4. Existing Countermeasures
  5. Overview
  6. Threat Model
  7. Threat Model
  8. Design Choices of CipherGuard
  9. Mitigation Strategies and Challenges
  10. Detailed Design of CipherGuard
  11. Tainting Secret Locations
  12. Software-assisted Probabilistic Encryption
  13. Secret-aware Register Allocation
  14. Secret-aware Register Allocation
  15. Diversion-based Obfuscation
  16. ...and 17 more sections

Key Result

Lemma 4.1

Let $\sigma \xrightarrow{*} \sigma'_1$ represent a finite micro-trace corresponding to one logical masked store (masking plaintext and updating nonce). If the macro is correctly emitted (single entry, single exit, no early branch), then $\alpha(\sigma) \xrightarrow{store(v)} \alpha(\sigma'_1)$ in th where $f$ represents the nonce update function, so that decoding after the step yields the same log

Figures (11)

  • Figure 1: Ciphertext side-channel examples.
  • Figure 2: Workflow of CipherGuard.
  • Figure 3: Three mitigation strategies proposed in CipherGuard. In (a), rdrand is used to pre-generate nonce buffer, while omitting the AES-NI and XorShift128+ variants for generating a random nonce on-the-fly.
  • Figure 4: In-place code insertion.
  • Figure 5: An example of register allocation from the function bn_mul_add_words of OpenSSL-ECDSA. The white and shaded blocks represent the liveness of stacks, with shaded blocks containing numbers that denote registers holding the sensitive stack slots.
  • ...and 6 more figures

Theorems & Definitions (7)

  • Lemma 4.1: Atomicity of Encode–Update
  • Lemma 4.2: Register Integrity
  • Lemma 4.3: Dummy Erasure
  • Theorem 4.4: Trace Equivalence
  • Lemma 5.1: Ciphertext-channel bound under S1
  • Lemma 5.2: Ciphertext-channel elimination under S2
  • Lemma 5.3: Side-channel non-interference under S3