Last-level cache side-channel attacks are practical

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2015-July, Issue , 2015, Pages 605-622

  Liu, Fangfei ^a   Yarom, Yuval ^b,c   Ge, Qian ^c,d   Heiser, Gernot ^c,d   Lee, Ruby B ^a  

^a Princeton University   (United States)

^b UNIVERSITY OF ADELAIDE   (Australia)

^c CSIRO   (Australia)

^d and Management   (Australia)

Author keywords

covert channel; cross VM side channel; ElGamal; last level cache; side channel attack

Indexed keywords

VIRTUAL MACHINE;

COVERT CHANNELS; ELGAMAL; LAST-LEVEL CACHES; SHARING MEMORY; SIDE-CHANNEL; VIRTUAL MACHINE MONITORS;

SIDE CHANNEL ATTACK;

EID: 84945191701     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2015.43     Document Type: Conference Paper

References (48)

1. O. Aciiçmez, "Yet another microarchitectural attack: exploiting I-Cache," in Comp. Security Arch. WS, Fairfax, VA, US, Nov 2007, pp. 11-18.
2. O. Aciiçmez and W. Schindler, "A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL," in CT-RSA, San Francisco, CA, US, Apr 2008, pp. 256-273.
3. O. Aciiçmez, Ç. K. Koç, and J.-P. Seifert, "On the power of simple branch prediction analysis," in ASIACCS, Singapore, Mar 2007, pp. 312-320.
4. O. Aciiçmez, B. B. Brumley, and P. Grabher, "New results on instruction cache attacks," in CHES, Santa Barbara, CA, US, Apr 2010, pp. 110-124.
5. N. Benger, J. van de Pol, N. P. Smart, and Y. Yarom, "'Ooh aah., just a little bit': A small amount of side channel can go a long way," in CHES, Busan, KR, Sep 2014, pp. 75-92.
6. D. J. Bernstein, T. Lange, and P. Schwabe, "The security impact of a new cryptographic library," in Conf. Cyptol-ogy & Inform. Security Latin America, Santiago, CL, Oct 2012, pp. 159-176.
7. J. Bos and M. Coster, "Addition chain heuristics," in CRYPTO, Santa Barbara, CA, US, Aug 1989, pp. 400-407.
8. B. B. Brumley and R. M. Hakala, "Cache-timing template attacks," in ASIACRYPT, 2009, pp. 667-684.
9. C. Clavier and M. Joye, "Universal exponentiation algorithm a first step towards Provable SPA-resistance," in CHES, Paris, FR, May 2001, pp. 300-308.
10. D. Cock, Q. Ge, T. Murray, and G. Heiser, "The last mile: An empirical study of some timing channels on seL4," in CCS, Scottsdale, AZ, US, Nov 2014, pp. 570-581.
11. T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," Trans. Inform. Theory, no. 4, pp. 469-472, Jul 1985.
12. D. Genkin, A. Shamir, and E. Tromer, "RSA key extraction via low-bandwidth acoustic cryptanalysis," in CRYPTO, Santa Barbara, CA, US, Aug 2014, pp. 444-461.
13. D. Genkin, L. Pachmanov, I. Pipman, and E. Tromer, "Stealing keys from PCs by radio: Cheap electromagnetic attacks on windowed exponentiation," Cryptology ePrint Archive, Report 2015/170, Feb 2015, http://eprint. iacr.org/.
14. I. Glover and P. Grant, Digital Communications. Prentice Hall, 2010.
15. D. M. Gordon, "A survey of fast exponentiation methods," J. Algorithms, no. 1, pp. 129-146, Apr 1998.
16. D. Gullasch, E. Bangerter, and S. Krenn, "Cache games - bringing access-based cache attacks on AES to practice," in Symp. Security & Privacy, Oakland, CA, US, may 2011, pp. 490-595.
17. T. Hastie, R. Tibshirani, and J. Friedman, The Elements of Statistical Learning: Data Mining, Inference and Prediction, 2nd ed. New York, NY, US: Springer Science+Business Media, 2009.
18. W.-M. Hu, "Reducing timing channels with fuzzy time," in Symp. Security & Privacy, Oakland, CA, US, May 1991, pp. 8-20.
19. R. Hund, C. Willems, and T. Holz, "Practical timing side channel attacks against kernel space ASLR," in Symp. Security & Privacy, San Francisco, CA, US, May 2013, pp. 191-205.
20. Intel 64 and IA-32 Architectures Optimization Reference Manual, Intel Corporation, Apr 2012.
21. Intel 64 and IA-32 Architectures Software Developer's Manual Volume 3B: System Programming Guide, Part 2, Intel Corporation, Jun 2014.
22. G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar, "Wait a minute! a fast, cross-VM attack on AES," in RAID, Gothenburg, SE, Sep 2014, pp. 299-319.
23. G. Irazoqui, T. Eisenbarth, and B. Sunar, "S$A: A shared cache attack that works across cores and defies VM sandboxing-and its application to AES," in IEEE: Security & Privacy, San Jose, CA, US, May 2015.
24. T. Kim, M. Peindo, and G. Mainer-Ruiz, "STEALTH-MEM: System-level protection against cache-based side channel attacks in the Cloud," in USENIX Security, Bellevue, WA, US, Aug 2012.
25. V. I. Levenshtein, "Binary codes capable of correcting deletions, insertions and reversals," Soviet Physics Doklady, p. 707, Feb 1966.
26. J. Liedtke, N. Islam, and T. Jaeger, "Preventing denial-of-service attacks on a μ-kernel for WebOSes," in 6th HotOS, Cape Cod, MA, US, May 1997, pp. 73-79.
27. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, C. Press, Ed. CRC Press, 1997.
28. D. A. Osvik, A. Shamir, and E. Tromer, "Cache attacks and countermeasures: the case of AES," http://www.cs. tau.ac.il/~tromer/papers/cache.pdf, Nov 2005.
29. C. Paar and J. Pelzl, Understanding Cryptography: A Textbook for Students and Practitioners. SpringerVerlag New York Inc, 2010.
30. G. Paoloni, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures, Intel Corporation, Sep 2010.
31. C. Percival, "Cache missing for fun and profit," http://www.daemonology.net/papers/htt.pdf, 2005.
32. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, "Hey, you, get off my cloud: Exploring information leakage in third-party compute clouds," in CCS, Chicago, IL, US, Nov 2009, pp. 199-212.
33. R. L. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," CACM, no. 2, pp. 120-126, Feb 1978.
34. E. Tromer, D. A. Osvik, and A. Shamir, "Efficient cache attacks in AES, and countermeasures," J. Cryptology, no. 2, pp. 37-71, Jan 2010.
35. J. van de Pol, N. P. Smart, and Y. Yarom, "Just a little bit more," in CT-RSA, 2015.
36. V. Varadarajan, T. Ristenpart, and M. Swift, "Scheduler-based defenses against cross-VM side-channels," in USENIX Security, San Diego, CA, US, Aug 2014, pp. 687-702.
37. B. C. Vattikonda, S. Das, and H. Shacham, "Eliminating fine grained timers in Xen," in CCSW, Chicago, IL, US, Oct 2011, pp. 41-46.
38. Large Page Performance, VMware Inc., Palo Alto, CA, US, 2008.
39. VMware Inc., "Security considerations and disallowing inter-virtual machine transparent page sharing," VMware Knowledge Base 2080735 http://kb.vmware. com/selfservice/microsites/search.do?language=en-US& cmd=displayKC&externalId=2080735, Oct 2014.
40. Z. Wang and R. B. Lee, "New Cache Designs for Thwarting Software Cache-based Side Channel Attacks," in ISCA, San Diego, CA, US, Jun 2007, pp. 494-505.
41. -, "A Novel Cache Architecture with Enhanced Performance and Security," in MICRO, Como, IT, Nov 2008, pp. 83-93.
42. Z. Wu, Z. Xu, and H. Wang, "Whispers in the hyperspace: High-speed covert channel attacks in the cloud," in USENIX Security, Bellevue, WA, US, 2012, pp. 159-173.
43. Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting, "An exploration of L2 cache covert channels in virtualized environments," in CCSW, Chicago, IL, US, Oct 2011, pp. 29-40.
44. Y. Yarom and N. Benger, "Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack," Cryptology ePrint Archive, Report 2014/140, Feb 2014, http://eprint.iacr.org/.
45. Y. Yarom and K. Falkner, "FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack," in USENIX Security, San Diego, CA, US, Aug 2014, pp. 719-732.
46. Y. Zhang, A. Juels, A. Oprea, and M. K. Reiter, "Homealone: Co-residency detection in the cloud via side-channel analysis," in Symp. Security & Privacy, Berkeley, CA, US, May 2011, pp. 313-328.
47. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, "Cross-VM side channels and their use to extract private keys," in CCS, Raleigh, NC, US, Oct 2012, pp. 305-316.
48. -, "Cross-tenant side-channel attacks in PaaS clouds," in CCS, Scottsdale, AZ, US, Nov 2014, pp. 990-1003.