A novel cache bank timing attack

Jiang, Zhen Hang; Fei, Yunsi

doi:10.1109/iccad.2017.8203771

Cited by 12 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Not only GPUs, modern high-performance CPUs (e.g., Intel's SandyBridge and ARM's Cortex-A) are also designed with multi-banked L1 and L2 caches. Yarom et al [40] and Jiang et al [12] investigate how sensitive information can be leaked when a cryptographic application runs on a CPU with multi-banked caches. A GPU generates a much more complex access pattern to Shared Memory banks, and our prior work [14] is the first one that identified the memory bank conflictbased timing channel and exploited it for a successful timing attack.…”

Section: Introductionmentioning

confidence: 99%

Exploiting Bank Conflict-based Side-channel Timing Leakage of GPUs

Jiang

Fei

Kaeli

2019

ACM Trans. Archit. Code Optim.

Self Cite

View full text Add to dashboard Cite

To prevent information leakage during program execution, modern software cryptographic implementations target constant-time function, where the number of instructions executed remains the same when program inputs change. However, the underlying microarchitecture behaves differently when processing different data inputs, impacting the execution time of the same instructions. These differences in execution time can covertly leak confidential information through a timing channel. Given the recent reports of covert channels present on commercial microprocessors, a number of microarchitectural features on CPUs have been reexamined from a timing leakage perspective. Unfortunately, a similar microarchitectural evaluation of the potential attack surfaces on GPUs has not been adequately performed. Several prior work has considered a timing channel based on the behavior of a GPU's coalescing unit. In this article, we identify a second finer-grained microarchitectural timing channel, related to the banking structure of the GPU's Shared Memory. By considering the timing channel caused by Shared Memory bank conflicts, we have developed a differential timing attack that can compromise table-based cryptographic algorithms. We implement our timing attack on an Nvidia Kepler K40 GPU and successfully recover the complete 128-bit encryption key of an Advanced Encryption Standard (AES) GPU implementation using 900,000 timing samples. We also evaluate the scalability of our attack method by attacking an implementation of the AES encryption algorithm that fully occupies the compute resources of the GPU. We extend our timing analysis onto other Nvidia architectures: Maxwell, Pascal, Volta, and Turing GPUs. We also discuss countermeasures and experiment with a novel multi-key implementation, evaluating its resistance to our side-channel timing attack and its associated performance overhead. CCS Concepts: • Security and privacy → Hardware security implementation; Side-channel analysis and countermeasures; • Computer systems organization → Single instruction, multiple data;

show abstract

Section: Introductionmentioning

confidence: 99%

Exploiting Bank Conflict-based Side-channel Timing Leakage of GPUs

Jiang

Fei

Kaeli

2019

ACM Trans. Archit. Code Optim.

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [28], Weiβ et al perform Bernstein's cache-timing attack on a virtualization environment, which runs on an ARM CPU platform. In a recent research that claims a novel attack [29], the stalling delay caused by cache bank conflicts is exploited to infer the secret key. In [30], Moghimi et al conduct a cache attack on a Software Guard eXtensions (SGX) 2 supported Intel platform with different AES implementations.…”

mentioning

confidence: 99%

Cache-timing attacks without a profiling phase

Atıcı¹,

Yılmaz²,

Savaş³

2018

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

Abstract:Theoretically secure cryptographic algorithms can be vulnerable to attacks due to their implementation flaws.Bernstein's attack is a well-known cache-timing attack that uses execution times as the side-channel. The major drawback of this attack is that it needs an identical target machine to perform its profiling phase where the attacker models the cache timing-behavior of the target machine. This assumption makes the attack unrealistic in many circumstances. In this work, we present an effective method to eliminate the profiling phase. We propose a methodology to model the cache timing-behavior of the target machine by trying hypothetical cache behaviors exhaustively. Our implementation resultsshow that the proposed nonprofiled Bernstein's attack has comparable (and better in some test instances) performance to the original attack with the profiling phase.

show abstract

An Efficient Profiling-Based Side-Channel Attack on Graphics Processing Units

Wang

Zhang

2019

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

A novel cache bank timing attack

Cited by 12 publications

References 9 publications

Exploiting Bank Conflict-based Side-channel Timing Leakage of GPUs

Exploiting Bank Conflict-based Side-channel Timing Leakage of GPUs

Cache-timing attacks without a profiling phase

An Efficient Profiling-Based Side-Channel Attack on Graphics Processing Units

Contact Info

Product

Resources

About