Sharing memory pages between non-trusting processes is a common method of reducing the memory footprint of multi-tenanted systems In this paper we demonstrate that, due to a weakness in the Intel X86 processors, page sharing exposes processes to information leaks We present FLUSH+RELOAD, a cache side-channel attack technique that exploits this weakness to monitor access to memory lines in shared pages Unlike previous cache side-channel attacks, FLUSH+RELOAD targets the Last-Level Cache (ie L3 on processors with three cache levels) Consequently, the attack program and the victim do not need to share the execution core

We demonstrate the efficacy of the FLUSH+RELOAD attack by using it to extract the private encryption keys from a victim program running GnuPG 1413 We tested the attack both between two unrelated processes in a single operating system and between processes running in separate virtual machines On average, the attack is able to recover 967% of the bits of the secret key by observing a single signature or decryption round

/pdf/flush-reload-a-high-resolution-low-noise-l3-cache-side-37lhk3vaa5.pdf

FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack

This paper describes the use of physical unclonable functions (PUFs) in low-cost authentication and key generation applications. First, it motivates the use of PUFs versus conventional secure nonvolatile memories and defines the two primary PUF types: “strong PUFs” and “weak PUFs.” It describes strong PUF implementations and their use for low-cost authentication. After this description, the paper covers both attacks and protocols to address errors. Next, the paper covers weak PUF implementations and their use in key generation applications. It covers error-correction schemes such as pattern matching and index-based coding. Finally, this paper reviews several emerging concepts in PUF technologies such as public model PUFs and new PUF implementation technologies.

Physical Unclonable Functions and Applications: A Tutorial

This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the workloads of mutually distrustful customers. Constructing such a side-channel requires overcoming challenges including core migration, numerous sources of channel noise, and the difficulty of preempting the victim with sufficient frequency to extract fine-grained information from it. This paper addresses these challenges and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victim using the most recent version of the libgcrypt cryptographic library.

/pdf/cross-vm-side-channels-and-their-use-to-extract-private-keys-26spi1wh90.pdf

Cross-VM side channels and their use to extract private keys

Sharing memory pages between non-trusting processes is a common method of reducing the memory footprint of multi-tenanted systems. In this paper we demonstrate that, due to a weakness in the Intel X86 processors, page sharing exposes processes to information leaks. We present FLUSH+RELOAD, a cache side-channel attack technique that exploits this weakness to monitor access to memory lines in shared pages. Unlike previous cache side-channel attacks, FLUSH+RELOAD targets the LastLevel Cache (i.e. L3 on processors with three cache levels). Consequently, the attack program and the victim do not need to share the execution core. We demonstrate the efficacy of the FLUSH+RELOAD attack by using it to extract the private encryption keys from a victim program running GnuPG 1.4.13. We tested the attack both between two unrelated processes in a single operating system and between processes running in separate virtual machines. On average, the attack is able to recover 96.7% of the bits of the secret key by observing a single signature or decryption round.

/pdf/flush-reload-a-high-resolution-low-noise-l3-cache-side-12nhgwzbju.pdf

Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack.

A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications.

/pdf/a-survey-on-cyber-security-for-smart-grid-communications-3ah12orzeu.pdf

A Survey on Cyber Security for Smart Grid Communications

Embedded security systems based on Physical Unclonable Functions (PUFs) offer interesting protection properties, such as tamper resistance and unclonability. However, to establish PUFs as a high security primitive in the long run, their vulnerability to side-channel attacks has to be investigated. For this purpose, we analysed the side-channel leakage of PUF architectures and fuzzy extractor implementations. We identified several attack vectors within common PUF constructions and introduce two side-channel attacks on fuzzy extractors. Our proof-of-concept attack on an FPGA implementation of a fuzzy extractor shows that it is possible to extract the cryptographic key derived from a PUF by side-channel analysis.

Side-channel analysis of PUFs and fuzzy extractors

We show in this paper that the isolation characteristic of system virtualization can be bypassed by the use of a cache timing attack. Using Bernstein’s correlation in this attack, an adversary is able to extract sensitive keying material from an isolated trusted execution domain. We demonstrate this cache timing attack on an embedded ARM-based platform running an L4 microkernel as virtualization layer. An attacker who gained access to the untrusted domain can extract the key of an AES-based authentication protocol used for a financial transaction. We provide measurements for different public domain AES implementations. Our results indicate that cache timing attacks are highly relevant in virtualization-based security architectures, such as trusted execution environments.

http://fc12.ifca.ai/pre-proceedings/paper_70.pdf

A Cache Timing Attack on AES in Virtualization Environments

It is often argued that Physical Unclonable Functions (PUFs) are resistant against invasive and semi-invasive attacks since these attacks would damage the underlying PUF structure resulting in a different PUF response. In this paper, we demonstrate exemplarily that this assumption does not hold for a Ring Oscillator (RO) PUF implemented on a Xilinx Spartan 3 FPGA, where we were able to perform a semi-invasive attack. We present analysis methods to identify ring oscillator frequencies and to map them to their corresponding oscillators. We practically prove that it is possible to recover the generated RO PUF response bits with this approach. To harden RO PUFs against side-channel analysis, we also propose a RO PUF concept not leaking useful information through the side-channel of electro-magnetic radiation.

Semi-invasive EM attack on FPGA RO PUFs and countermeasures

Trusted Computing Platforms provide the functionality of remote attestation, i.e. attesting the configuration and status of a system to a remote entity. Remote attestation hereby proves integrity and authenticity of system environments. This is crucial for policy enforcement, which in turn is needed in many usage scenarios, e.g., DRM. However, applying remote attestation solely allows masquerading attacks. These attacks are possible since the concept of remote attestation does not provide any means for establishing secured communication channels. In this paper we describe this kind of attacks against protocols for remote attestation and present a protocol for preventing masquerading attacks.

A Robust Integrity Reporting Protocol for Remote Attestation

Physical Unclonable Functions (PUFs) based on Ring Oscillators (ROs) are a promising primitive for FPGA security. However, the quality of their implementation depends on several design parameters. In this paper, we show that ring oscillator frequencies strongly depend on surrounding logic. Based on these findings, we propose a strategy for improving the quality of RO PUF designs by placing and comparing ROs in a chain-like structure. We also show that an increased RO runtime and RO disabling has a clear positive effect on the quality of a RO PUF. We implemented a RO PUF key generation system on an FPGA using our design strategy. Our results clearly indicate that our proposed design strategy can significantly improve the quality of a RO PUF implementation.

Frederic Stumpf

Papers

Side-channel analysis of PUFs and fuzzy extractors

A Cache Timing Attack on AES in Virtualization Environments

Semi-invasive EM attack on FPGA RO PUFs and countermeasures

A Robust Integrity Reporting Protocol for Remote Attestation

Improving the quality of ring oscillator PUFs on FPGAs