Log In Sign Up

CACHE SNIPER : Accurate timing control of cache evictions

by   Samira Briongos, et al.

Microarchitectural side channel attacks have been very prominent in security research over the last few years. Caches have been an outstanding covert channel, as they provide high resolution and generic cross-core leakage even with simple user-mode code execution privileges. To prevent these generic cross-core attacks, all major cryptographic libraries now provide countermeasures to hinder key extraction via cross-core cache attacks, for instance avoiding secret dependent access patterns and prefetching data. In this paper, we show that implementations protected by 'good-enough' countermeasures aimed at preventing simple cache attacks are still vulnerable. We present a novel attack that uses a special timing technique to determine when an encryption has started and then evict the data precisely at the desired instant. This new attack does not require special privileges nor explicit synchronization between the attacker and the victim. One key improvement of our attack is a method to evict data from the cache with a single memory access and in absence of shared memory by leveraging the transient capabilities of TSX and relying on the recently reverse-engineered L3 replacement policy. We demonstrate the efficiency by performing an asynchronous last level cache attack to extract an RSA key from the latest wolfSSL library, which has been especially adapted to avoid leaky access patterns, and by extracting an AES key from the S-Box implementation included in OpenSSL bypassing the per round prefetch intended as a protection against cache attacks.


page 1

page 2

page 3

page 4


MemJam: A False Dependency Attack against Constant-Time Crypto Implementations

Cache attacks exploit memory access patterns of cryptographic implementa...

TPPD: Targeted Pseudo Partitioning based Defence for Cross-Core Covert Channel Attacks

Contemporary computing employs cache hierarchy to fill the speed gap bet...

Computationally Data-Independent Memory Hard Functions

Memory hard functions (MHFs) are an important cryptographic primitive th...

Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical

We introduce the first microarchitectural side channel attacks that leve...

Timing Cache Accesses to Eliminate Side Channels in Shared Software

Timing side channels have been used to extract cryptographic keys and se...

Speculative Interference Attacks: Breaking Invisible Speculation Schemes

Recent security vulnerabilities that target speculative execution (e.g.,...

Hardware/Software Obfuscation against Timing Side-channel Attack on a GPU

GPUs are increasingly being used in security applications, especially fo...