A Novel Side-Channel Timing Attack on GPUs

Jiang, Zhen Hang; Fei, Yunsi; Kaeli, David

doi:10.1145/3060403.3060462

Cited by 48 publications

(22 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Parallel programming libraries, such as CUDA or OpenCL, provide an attacker with a more extensive toolset and have already been proven to be effective when implementing sidechannel attacks [24], [25], [34]. However, we decided to restrict our abilities to what is provided by the OpenGL ES 2.0 API in order to relax our threat model to remote WebGL-based attacks.…”

Section: Generalizationmentioning

confidence: 99%

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

Frigo

Giuffrida

Bos

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

102

View full text Add to dashboard Cite

Dark silicon is pushing processor vendors to add more specialized units such as accelerators to commodity processor chips. Unfortunately this is done without enough care to security. In this paper we look at the security implications of integrated Graphical Processor Units (GPUs) found in almost all mobile processors. We demonstrate that GPUs, already widely employed to accelerate a variety of benign applications such as image rendering, can also be used to "accelerate" microarchitectural attacks (i.e., making them more effective) on commodity platforms. In particular, we show that an attacker can build all the necessary primitives for performing effective GPU-based microarchitectural attacks and that these primitives are all exposed to the web through standardized browser extensions, allowing side-channel and Rowhammer attacks from JavaScript. These attacks bypass state-of-the-art mitigations and advance existing CPU-based attacks: we show the first end-toend microarchitectural compromise of a browser running on a mobile phone in under two minutes by orchestrating our GPU primitives. While powerful, these GPU primitives are not easy to implement due to undocumented hardware features. We describe novel reverse engineering techniques for peeking into the previously unknown cache architecture and replacement policy of the Adreno 330, an integrated GPU found in many common mobile platforms. This information is necessary when building shader programs implementing our GPU primitives. We conclude by discussing mitigations against GPU-enabled attackers.

show abstract

Section: Generalizationmentioning

confidence: 99%

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

Frigo

Giuffrida

Bos

et al. 2018

2018 IEEE Symposium on Security and Privacy (SP)

102

View full text Add to dashboard Cite

show abstract

“…In fact, it is almost impossible to conduct side-channel attacks successfully in known-plaintext or highly-occupied scenarios against GPU-based cryptographic implementations. After that Jiang et al proposed two cache-based timing attacks against T-table-based GPU AES implementation based on the time differences induced by L1 cache line access serialization (Jiang et al 2016) and shared memory bank conflict (Jiang et al 2017). They recovered the 16-byte secret key of a GPUbased AES implementation by correlation timing analysis and differential timing analysis, respectively.…”

Section: Related Workmentioning

confidence: 99%

Efficient electro-magnetic analysis of a GPU bitsliced AES implementation

2020

View full text Add to dashboard Cite

The advent of CUDA-enabled GPU makes it possible to provide cloud applications with high-performance data security services. Unfortunately, recent studies have shown that GPU-based applications are also susceptible to side-channel attacks. These published work studied the side-channel vulnerabilities of GPU-based AES implementations by taking the advantage of the cache sharing among multiple threads or high parallelism of GPUs. Therefore, for GPU-based bitsliced cryptographic implementations, which are immune to the cache-based attacks referred to above, only a power analysis method based on the high-parallelism of GPUs may be effective. However, the leakage model used in the power analysis is not efficient at all in practice. In light of this, we investigate electromagnetic (EM) side-channel vulnerabilities of a GPU-based bitsliced AES implementation from the perspective of bit-level parallelism and thread-level parallelism in order to make the best of the localization effect of EM leakage with parallelism. Specifically, we propose efficient multi-bit and multi-thread combinational analysis techniques based on the intrinsic properties of bitsliced ciphers and the effect of multi-thread parallelism of GPUs, respectively. The experimental result shows that the proposed combinational analysis methods perform better than non-combinational and intuitive ones. Our research suggests that multi-thread leakages can be used to improve attacks if the multi-thread leakages are not synchronous in the time domain.

show abstract

“…In our prior work [14], we identified a novel memory bank conflict-based timing channel in GPUs and developed an effective differential timing attack to retrieve the secret key. We demonstrated the attack on an AES implementation (based on the OpenSSL 0.9.7 library) on an Nvidia Kepler GPU.…”

Section: Introductionmentioning

confidence: 99%

“…Yarom et al [40] and Jiang et al [12] investigate how sensitive information can be leaked when a cryptographic application runs on a CPU with multi-banked caches. A GPU generates a much more complex access pattern to Shared Memory banks, and our prior work [14] is the first one that identified the memory bank conflictbased timing channel and exploited it for a successful timing attack.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Exploiting Bank Conflict-based Side-channel Timing Leakage of GPUs

Jiang

Fei

Kaeli

2019

ACM Trans. Archit. Code Optim.

Self Cite

View full text Add to dashboard Cite

To prevent information leakage during program execution, modern software cryptographic implementations target constant-time function, where the number of instructions executed remains the same when program inputs change. However, the underlying microarchitecture behaves differently when processing different data inputs, impacting the execution time of the same instructions. These differences in execution time can covertly leak confidential information through a timing channel. Given the recent reports of covert channels present on commercial microprocessors, a number of microarchitectural features on CPUs have been reexamined from a timing leakage perspective. Unfortunately, a similar microarchitectural evaluation of the potential attack surfaces on GPUs has not been adequately performed. Several prior work has considered a timing channel based on the behavior of a GPU's coalescing unit. In this article, we identify a second finer-grained microarchitectural timing channel, related to the banking structure of the GPU's Shared Memory. By considering the timing channel caused by Shared Memory bank conflicts, we have developed a differential timing attack that can compromise table-based cryptographic algorithms. We implement our timing attack on an Nvidia Kepler K40 GPU and successfully recover the complete 128-bit encryption key of an Advanced Encryption Standard (AES) GPU implementation using 900,000 timing samples. We also evaluate the scalability of our attack method by attacking an implementation of the AES encryption algorithm that fully occupies the compute resources of the GPU. We extend our timing analysis onto other Nvidia architectures: Maxwell, Pascal, Volta, and Turing GPUs. We also discuss countermeasures and experiment with a novel multi-key implementation, evaluating its resistance to our side-channel timing attack and its associated performance overhead. CCS Concepts: • Security and privacy → Hardware security implementation; Side-channel analysis and countermeasures; • Computer systems organization → Single instruction, multiple data;

show abstract

A Novel Side-Channel Timing Attack on GPUs

Cited by 48 publications

References 9 publications

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU

Efficient electro-magnetic analysis of a GPU bitsliced AES implementation

Exploiting Bank Conflict-based Side-channel Timing Leakage of GPUs

Contact Info

Product

Resources

About