Title: A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?
Johanna Henrich, Nicolai Schmitt, Nouri Alnahawi and Andreas Heinemann
Abstract: In a previous study, Henrich et al. (ISC '23) demonstrate how TLS handshake performance is affected not only by different Post Quantum Cryptography (PQC) Key Encapsulation Mechanisms KEMs and security levels, but also by varying physical network conditions. In particular, they show that prior to selecting a PQC scheme replacement for TLS, it is important to conduct an analysis of the anticipated network conditions for applications that require a high level of responsiveness. In this paper, we build upon the afore mentioned work and complement the previous experiments to include digital signature PQC schemes and hybrid variants, as well as various compositions of certificate chains. Moreover, an analysis is conducted on the effects of deploying real physical servers and varying the underlying network stack configuration. Our results show that incorporating PQC signature schemes does not negatively impact the overall transmission time as substantially as poor network conditions. However, operating at high security levels frequently results in delays using PQC schemes. These findings are consistent across hybrid schemes as well. We conclude that migrating TLS to PQ-only or hybrid usage can generally be undertaken with a high degree of confidence. However, considering suboptimal network conditions or the use of higher security levels, a cautious transition is recommended. In such cases, the configuration of certificate chains or increasing the TCP Congestion Window might prove beneficial.
Title: Simulation-based Software Leakage Evaluation for the RISC-V Platform
Nicolai Schmitt, Jannik Zeitschner (Ruhr Universität Bochum) and Andreas Heinemann
Abstract: Side-channel attacks are critical as they, despite the mathematical security of the algorithm, break the security assumption that private data stays hidden from the adversary. Developing secure hardware can be expensive, as multiple iterations of prototyping may be required to achieve a satisfactory level of security against side-channel attacks. Currently, the fairly new and open-source CPU-platform RISC-V is gaining traction by entering the IoT- and consumer market and also gains interest in security oriented projects such as OpenTitan. In case of security-critical applications, especially when the hardware is exposed to third party, the implementations of cryptographic algorithms must be secure against side-channel attacks. For the RISC-V platform currently only a small number of tools exist to assess the probing security. Further, we could identify a lack of simulation-based tooling to do so, with the ability to analyze larger implementations as e.g., full ciphers. To address this demand, we use PROLEAD_SW as a starting point and extend it to support the RISC-V platform. By analyzing micro-architectural leakage effects on the RISC-V platform we show that the CPU-independent leakage model used by PROLEAD_SW for the ARM architecture is suitable for the RISC-V platform. To verify the correctness of the new tooling, test-vectors are executed with the new tooling. In a final step, the performance of the new tooling is compared to the performance of the original version of PROLEAD_SW by analyzing two masked AES C implementations with both tools.
UCS – User-Centered Security research group