A complete key recovery timing attack on a GPU

Jiang, Zhen Hang; Fei, Yunsi; Kaeli, David

doi:10.1109/hpca.2016.7446081

Cited by 80 publications

(40 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In fact, it is almost impossible to conduct side-channel attacks successfully in known-plaintext or highly-occupied scenarios against GPU-based cryptographic implementations. After that Jiang et al proposed two cache-based timing attacks against T-table-based GPU AES implementation based on the time differences induced by L1 cache line access serialization (Jiang et al 2016) and shared memory bank conflict (Jiang et al 2017). They recovered the 16-byte secret key of a GPUbased AES implementation by correlation timing analysis and differential timing analysis, respectively.…”

Section: Related Workmentioning

confidence: 99%

“…GPU executes program in a Single-Instruction, Multiple-Thread (SIMT) fashion, so it is well suited for cryptographic applications deployed in cloud computing environment to provide the Securityas-a-Service (SECaaS). Unfortunately, GPU-based applications are vulnerable to many known attacks as proposed in Di et al (2016); Naghibijouybari et al (2018); Jiang et al (2016). Among those published vulnerabilities *Correspondence: zhouyongbin@iie.ac.cn 1 State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China 2 School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China of GPUs, side-channel vulnerabilities are the most serious ones due to their non-invasiveness to target devices.…”

Section: Introductionmentioning

confidence: 99%

“…Until very recently, some literatures mentioned that GPUbased cryptographic implementations are also susceptible to side-channel attacks through electro-magnetic (EM) emanation , power consumption (Luo et al 2015) or execution time leakages (Jiang et al 2016;. Thanks to the bitsliced cipher proposed by Biham Biham (1997) as well as the efficient GPU-based bitsliced AES implementations proposed by Lim et al Lim et al (2016) and Nishikawa et al Nishikawa et al (2017), we are capable of deploying GPU-based AES cryptosystems that are resistant to cache-timing attacks (Jiang et al 2016; and cache-based EM attacks . However, it does not mean that GPU-based AES implementation is not vulnerable to other side-channel attacks, for example the power analysis attack proposed in (Luo et al 2015), though it is not efficient at all in practice.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Efficient electro-magnetic analysis of a GPU bitsliced AES implementation

2020

View full text Add to dashboard Cite

The advent of CUDA-enabled GPU makes it possible to provide cloud applications with high-performance data security services. Unfortunately, recent studies have shown that GPU-based applications are also susceptible to side-channel attacks. These published work studied the side-channel vulnerabilities of GPU-based AES implementations by taking the advantage of the cache sharing among multiple threads or high parallelism of GPUs. Therefore, for GPU-based bitsliced cryptographic implementations, which are immune to the cache-based attacks referred to above, only a power analysis method based on the high-parallelism of GPUs may be effective. However, the leakage model used in the power analysis is not efficient at all in practice. In light of this, we investigate electromagnetic (EM) side-channel vulnerabilities of a GPU-based bitsliced AES implementation from the perspective of bit-level parallelism and thread-level parallelism in order to make the best of the localization effect of EM leakage with parallelism. Specifically, we propose efficient multi-bit and multi-thread combinational analysis techniques based on the intrinsic properties of bitsliced ciphers and the effect of multi-thread parallelism of GPUs, respectively. The experimental result shows that the proposed combinational analysis methods perform better than non-combinational and intuitive ones. Our research suggests that multi-thread leakages can be used to improve attacks if the multi-thread leakages are not synchronous in the time domain.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient electro-magnetic analysis of a GPU bitsliced AES implementation

2020

View full text Add to dashboard Cite

show abstract

“…Jiang et al [26] show a correlation timing attack on GPU to completely recover the AES key. They use 128-bit "electronic codebook" (ECB) mode AES encryption with T-tables, which uses 16B key to encrypt a 16B block.…”

Section: Timing Side-channel Attackmentioning

confidence: 99%

A Survey of Techniques for Improving Security of GPUs

et al. 2018

View full text Add to dashboard Cite

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest 'link' in the security 'chain'. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures.

show abstract

“…In our prior work [19], we presented the first power analysis of AES on a GPU, demonstrating the feasibility of an attack. Our group also launched the first timing attack of AES on a GPU [14].…”

mentioning

confidence: 99%

Power Analysis Attack of an AES GPU Implementation

et al. 2018

Self Cite

View full text Add to dashboard Cite

In the past, Graphics Processing Units (GPUs) were mainly used for graphics rendering. In the past 10 years, they have been redesigned and are used to accelerate a wide range of applications, including deep neural networks, image reconstruction, and cryptographic algorithms. Despite being the accelerator of choice in a number of important application domains, today's GPUs receive little attention on their security, especially their vulnerability to realistic and practical threats, such as sidechannel attacks. In this work, we present our study of side-channel vulnerability targeting a general purpose GPU. We propose and implement a side-channel power analysis methodology to extract all the last round key bytes of an AES (Advanced Encryption Standard) implementation on an NVIDIA TESLA GPU. We first analyze the challenges of capturing GPU power traces due to the degree of concurrency and underlying architectural features of a GPU, and propose techniques to overcome these challenges. We then construct an appropriate power model for the GPU. We describe effective methods to process the GPU power traces and launch a correlation power attack (CPA) on the processed data. We carefully consider the scalability of the attack with increasing degrees of parallelism, a key challenge on the GPU. Both our empirical and theoretical results show that parallel computing hardware systems such as a GPU are vulnerable to power analysis side-channel attacks, and need to be hardened against such threats.

show abstract

A complete key recovery timing attack on a GPU

Cited by 80 publications

References 16 publications

Efficient electro-magnetic analysis of a GPU bitsliced AES implementation

Efficient electro-magnetic analysis of a GPU bitsliced AES implementation

A Survey of Techniques for Improving Security of GPUs

Power Analysis Attack of an AES GPU Implementation

Contact Info

Product

Resources

About