research-article

A novel cache bank timing attack

Authors:

Zhen Hang Jiang,

Yunsi FeiAuthors Info & Claims

ICCAD '17: Proceedings of the 36th International Conference on Computer-Aided Design

Pages 139 - 146

Published: 13 November 2017 Publication History

Abstract

To avoid information leakage through execution, modern software implementations of cryptographic algorithms target constant timing complexity, i.e., the number of instructions does not vary with different inputs. However, often times, the underlying microarchitecture behaves differently under different data inputs, which covertly leaks confidential information through the timing channel. Cache timing channel due to cache miss penalties has been explored in recent years to break system security. In this paper, we exploit a finer-grained L1 cache bank timing channel, the stalling delay due to cache bank conflicts, and develop a new timing attack against table lookup-based cryptographic algorithms. We implement the timing attack with three different methods on Sandy Bridge micro-architecture, and successfully recover the complete 128-bit AES encryption key. The most effective attack can achieve 50% success rate using 75,000 samples and 100% success rate using 200,000 samples. The whole attack process from collecting samples to recoverying all key bytes takes less than 3 minutes. We anticipate the new timing attack to be a threat to various platforms, including ARM-based smart phones and performance-critical accelerators like GPUs.

References

[1]

P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," in Int. Cryptology Conf., pp. 388--397, 1999.

Digital Library

[2]

P. C. Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems," in Proc. Int. Cryptology Conf. - Advances in Cryptology, 1996.

Digital Library

[3]

C. Percival, "Cache missing for fun and profit," 2005.

[4]

D. J. Bernstein, "Cache-timing attacks on AES," tech. rep., University of Illinois at Chicago, 2005.

[5]

J. Bonneau and I. Mironov, "Cache-collision timing attacks against aes," in International Workshop on Cryptographic Hardware and Embedded Systems, pp. 201--215, Springer, 2006.

Digital Library

[6]

D. A. Osvik, A. Shamir, and E. Tromer, "Cache attacks and counter measures: the case of aes," in The RSA Conference, pp. 1--20, Springer, 2006.

Digital Library

[7]

Y. Yarom and K. Falkner, "Flush+ reload: a high resolution, low noise, l3 cache side-channel attack," in USENIX Security Symp., pp. 719--732, 2014.

Digital Library

[8]

F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, "Last-level cache side-channel attacks are practical," in IEEE Symp. on Security & Privacy, 2015.

Digital Library

[9]

G. Irazoqui, T. Eisenbarth, and B. Sunar, "S$a: A shared cache attack that works across cores and defies vm sandboxing-and its application to aes," in Security and Privacy (SP), 2015 IEEE Symposium on, pp. 591--604, IEEE, 2015.

Digital Library

[10]

Z. Wang and R. B. Lee, "New cache designs for thwarting software cache-based side channel attacks," ACM Computer Architecture News, 2007.

Digital Library

[11]

F. Liu and R. B. Lee, "Random fill cache architecture," in Int. Symp. on Microarchitecture, 2014.

Digital Library

[12]

Z. Wang and R. B. Lee, "A novel cache architecture with enhanced performance and security," in IEEE/ACM Int. Symp. on Microarchitecture, 2008.

Digital Library

[13]

Z. Zhou, M. K. Reiter, and Y. Zhang, "A software approach to defeating side channels in last-level caches," in Proc. of the 2016 ACM SIGSAC Conf. on Computer and Communications Security.

Digital Library

[14]

Y. Yarom, D. Genkin, and N. Heninger, "Cachebleed: A timing attack on OpenSSL constant time RSA," Aug. 2016.

[15]

Intel, "Intel 64 and ia-32 architectures optimization reference manual," 2016.

[16]

ARM, "Cortex-a15 mpcore technical reference manual," 2016.

[17]

Nvidia, "Nvidia cuda toolkit v7.0 documentation," 2015.

Cited By

Abel AReineke JRauchwerger LCameron KNikolopoulos DPnevmatikatos D(2022)uiCAProceedings of the 36th ACM International Conference on Supercomputing10.1145/3524059.3532396(1-14)Online publication date: 28-Jun-2022
https://dl.acm.org/doi/10.1145/3524059.3532396
Wang XZhang W(2019)Cracking Randomized Coalescing Techniques with An Efficient Profiling-Based Side-Channel Attack to GPUProceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3337167.3337169(1-8)Online publication date: 23-Jun-2019
https://dl.acm.org/doi/10.1145/3337167.3337169

A novel cache bank timing attack
1. Security and privacy

Recommendations

A novel cache bank timing attack
2017 IEEE/ACM International Conference on Computer-Aided Design (ICCAD)
To avoid information leakage through execution, modern software implementations of cryptographic algorithms target constant timing complexity, i.e., the number of instructions does not vary with different inputs. However, often times, the underlying ...
A Distributed Security Approach against ARP Cache Poisoning Attack
CySSS '22: Proceedings of the 1st Workshop on Cybersecurity and Social Sciences

The Address Resolution Protocol (ARP) has a critical function in the Internet protocol suite, however, it was not designed for security as it does not verify that a response to an ARP request really comes from an authorized party. This weak point in the ...
A cross-platform cache timing attack framework via deep learning
DATE '22: Proceedings of the 2022 Conference & Exhibition on Design, Automation & Test in Europe

While deep learning methods have been adopted in power side-channel analysis, they have not been applied to cache timing attacks due to the limited dimension of cache timing data. This paper proposes a persistent cache monitor based on cache line ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICCAD '17: Proceedings of the 36th International Conference on Computer-Aided Design

November 2017

1077 pages

Conference Chair:
Sri Parameswaran
GENERAL CHAIR

Sponsors

CEDA: Council on Electronic Design Automation
SIGDA: ACM Special Interest Group on Design Automation
IEEE-CAS: Circuits & Systems

In-Cooperation

IEEE-EDS: Electronic Devices Society

Publisher

IEEE Press

Publication History

Published: 13 November 2017

Check for updates

Qualifiers

Research-article

Conference

ICCAD '17

Sponsor:

CEDA
SIGDA
IEEE-CAS

ICCAD '17: IEEE/ACM INTERNATIONAL CONFERENCE ON COMPUTER-AIDED DESIGN

November 13 - 16, 2017

California, Irvine

Acceptance Rates

Overall Acceptance Rate 457 of 1,762 submissions, 26%

Upcoming Conference

ICCAD '24

Sponsor:
sigda

IEEE/ACM International Conference on Computer-Aided Design

October 27 - 31, 2024

New York , NY , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
119
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 15 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Abel AReineke JRauchwerger LCameron KNikolopoulos DPnevmatikatos D(2022)uiCAProceedings of the 36th ACM International Conference on Supercomputing10.1145/3524059.3532396(1-14)Online publication date: 28-Jun-2022
https://dl.acm.org/doi/10.1145/3524059.3532396
Wang XZhang W(2019)Cracking Randomized Coalescing Techniques with An Efficient Profiling-Based Side-Channel Attack to GPUProceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3337167.3337169(1-8)Online publication date: 23-Jun-2019
https://dl.acm.org/doi/10.1145/3337167.3337169

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents