Are AES x86 cache timing attacks still feasible?

Mowery, Keaton; Keelveedhi, Sriram; Shacham, Hovav

doi:10.1145/2381913.2381917

Cited by 38 publications

(27 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We use hypothetical modeling to obtain the timingbehavior of the cache and need only the size of the lookup tables and the cache line size of the computing platform. for k = 0 to 255 do 5:…”

Section: A Closer Look At the Profiling Phasementioning

confidence: 99%

Cache-timing attacks without a profiling phase

Atıcı¹,

Yılmaz²,

Savaş³

2018

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

Abstract:Theoretically secure cryptographic algorithms can be vulnerable to attacks due to their implementation flaws.Bernstein's attack is a well-known cache-timing attack that uses execution times as the side-channel. The major drawback of this attack is that it needs an identical target machine to perform its profiling phase where the attacker models the cache timing-behavior of the target machine. This assumption makes the attack unrealistic in many circumstances. In this work, we present an effective method to eliminate the profiling phase. We propose a methodology to model the cache timing-behavior of the target machine by trying hypothetical cache behaviors exhaustively. Our implementation resultsshow that the proposed nonprofiled Bernstein's attack has comparable (and better in some test instances) performance to the original attack with the profiling phase.

show abstract

Section: A Closer Look At the Profiling Phasementioning

confidence: 99%

Cache-timing attacks without a profiling phase

Atıcı¹,

Yılmaz²,

Savaş³

2018

Turk J Elec Eng & Comp Sci

View full text Add to dashboard Cite

show abstract

“…Some of this noise is caused by the architectural peculiarities of modern CPUs [22]: to reach a high parallelism and work load, CPU developers came up with many different performance optimizations like hardware prefetching, speculative execution, multi-core architectures, or branch prediction. We have adapted our measuring code to take the effects of these optimizations into account.…”

Section: Handling Noisementioning

confidence: 99%

“…Furthermore, all documented cache attacks were implemented either for embedded processors or for older processors such as Intel Pentium M (released in March 2003) [24], Pentium 4E (released in February 2004) [25], or Intel Core Duo (released in January 2006) [23]. In contrast, we focus on the latest processor architectures and need to solve many obstacles related to modern performance optimizations in current CPUs [22]. To the best of our knowledge, we are the first to present timing attacks against ASLR implementations and to discuss limitations of kernel space ASLR against a local attacker.…”

Section: Related Workmentioning

confidence: 99%

“…We take advantage of the fact that the memory hierarchy present in computer systems leads to shared resources between user and kernel space code that can be abused to construct a side channel. In practice, timing attacks against a modern CPU are very complicated due to the many performance optimizations used by current processors such as hardware prefetching, speculative execution, multi-core architectures, or branch prediction that significantly complicate timing measurements [22]. Previous work on side-channels attacks against CPUs [23]- [25] focused on older processors without such optimization and we had to overcome many challenges to solve the intrinsic problems related to modern CPU features [22].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Practical Timing Side Channel Attacks against Kernel Space ASLR

Hund

Willems

Holz

2013

2013 IEEE Symposium on Security and Privacy

299

179

View full text Add to dashboard Cite

Due to the prevalence of control-flow hijacking attacks, a wide variety of defense methods to protect both user space and kernel space code have been developed in the past years.A few examples that have received widespread adoption include stack canaries, non-executable memory, and Address Space Layout Randomization (ASLR). When implemented correctly (i.e., a given system fully supports these protection methods and no information leak exists), the attack surface is significantly reduced and typical exploitation strategies are severely thwarted. All modern desktop and server operating systems support these techniques and ASLR has also been added to different mobile operating systems recently.In this paper, we study the limitations of kernel space ASLR against a local attacker with restricted privileges. We show that an adversary can implement a generic side channel attack against the memory management system to deduce information about the privileged address space layout. Our approach is based on the intrinsic property that the different caches are shared resources on computer systems. We introduce three implementations of our methodology and show that our attacks are feasible on four different x86-based CPUs (both 32-and 64-bit architectures) and also applicable to virtual machines. As a result, we can successfully circumvent kernel space ASLR on current operating systems. Furthermore, we also discuss mitigation strategies against our attacks, and propose and implement a defense solution with negligible performance overhead.

show abstract

“…The first challenge stems from the fact that most LLCs are physically indexed. As such, attackers must have prior knowledge of the physical addresses of the memory regions of the victim application [23], which is usually allocated dynamically and may vary each time it is run. Second, exploiting last level caches when the victim and attacker run on different cores can be sensitive to cache coherence properties.…”

Section: Limitationsmentioning

confidence: 99%

Düppel

Zhang

Reiter

2013

Proceedings of the 2013 ACM SIGSAC Conference on Computer &Amp; Communications Security - CCS '13

111

View full text Add to dashboard Cite

This paper presents the design, implementation and evaluation of a system called Düppel that enables a tenant virtual machine to defend itself from cache-based side-channel attacks in public clouds. Düppel includes defenses for timeshared caches such as per-core L1 and L2 caches. Experiments in the lab and on public clouds show that Düppel effectively obfuscates timing signals available to an attacker VM via these caches and incurs modest performance overheads (at most 7% and usually much less) in the common case of no side-channel attacks. Moreover, Düppel requires no changes to hypervisors or support from cloud operators.

show abstract

Are AES x86 cache timing attacks still feasible?

Cited by 38 publications

References 13 publications

Cache-timing attacks without a profiling phase

Cache-timing attacks without a profiling phase

Practical Timing Side Channel Attacks against Kernel Space ASLR

Düppel

Contact Info

Product

Resources

About