ARMageddon: cache attacks on mobile devices
Moritz Lipp,Daniel Gruss,Raphael Spreitzer,Clémentine Maurice,Stefan Mangard +4 more
- pp 549-564
Reads0
Chats0
TLDR
This work demonstrates how to solve key challenges to perform the most powerful cross-core cache attacks Prime+Probe, Flush+ Reload, Evict+Reload, and Flush-Flush on non-rooted ARM-based devices without any privileges.Abstract:
In the last 10 years, cache attacks on Intel x86 CPUs have gained increasing attention among the scientific community and powerful techniques to exploit cache side channels have been developed. However, modern smartphones use one or more multi-core ARM CPUs that have a different cache organization and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks have been demonstrated on non-rooted Android smartphones. In this work, we demonstrate how to solve key challenges to perform the most powerful cross-core cache attacks Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush on non-rooted ARM-based devices without any privileges. Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen. Eventually, we are the first to attack cryptographic primitives implemented in Java. Our attacks work across CPUs and can even monitor cache activity in the ARM TrustZone from the normal world. The techniques we present can be used to attack hundreds of millions of Android devices.read more
Citations
More filters
Proceedings ArticleDOI
Spectre Attacks: Exploiting Speculative Execution
Paul C. Kocher,Jann Horn,Anders Fogh,Daniel Genkin,Daniel Gruss,Werner Haas,Mike Hamburg,Moritz Lipp,Stefan Mangard,Thomas Prescher,Michael Schwarz,Yuval Yarom +11 more
TL;DR: Spectre as mentioned in this paper is a side channel attack that can leak the victim's confidential information via side channel to the adversary. And it can read arbitrary memory from a victim's process.
Book ChapterDOI
Malware Guard Extension: Using SGX to Conceal Cache Attacks
TL;DR: Intel SGX provides a mechanism that addresses this scenario and aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers.
Journal ArticleDOI
A survey of microarchitectural timing attacks and countermeasures on contemporary hardware
TL;DR: This work surveys recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing, and classify types of attacks according to a taxonomy of the shared resources leveraged for such attacks.
Proceedings ArticleDOI
Drammer: Deterministic Rowhammer Attacks on Mobile Platforms
Victor van der Veen,Yanick Fratantonio,Martina Lindorfer,Daniel Gruss,Clémentine Maurice,Giovanni Vigna,Herbert Bos,Kaveh Razavi,Cristiano Giuffrida +8 more
TL;DR: It is shown that deterministic Rowhammer attacks are feasible on commodity mobile platforms and that they cannot be mitigated by current defenses, and the first Rowhammer-based Android root exploit is presented, relying on no software vulnerability, and requiring no user permissions.
Proceedings ArticleDOI
Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX
Wenhao Wang,Guoxing Chen,Xiaorui Pan,Yinqian Zhang,XiaoFeng Wang,Vincent Bindschaedler,Haixu Tang,Carl A. Gunter +7 more
TL;DR: The research identifies 8 potential attack vectors of Intel SGX, and highlights the common misunderstandings about SGX memory side channels, demonstrating that high frequent AEXs can be avoided when recovering EdDSA secret key through a new page channel and fine-grained monitoring of enclave programs can be done through combining both cache and cross-enclave DRAM channels.
References
More filters
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Book ChapterDOI
Cache attacks and countermeasures: the case of AES
TL;DR: In this article, the authors describe side-channel attacks based on inter-process leakage through the state of the CPU's memory cache, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups.
Proceedings Article
FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack
Yuval Yarom,Katrina Falkner +1 more
TL;DR: This paper presents FLUSH+RELOAD, a cache side-channel attack technique that exploits a weakness in the Intel X86 processors to monitor access to memory lines in shared pages and recovers 96.7% of the bits of the secret key by observing a single signature or decryption round.
Journal ArticleDOI
Efficient Cache Attacks on AES, and Countermeasures
TL;DR: An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts and works by merely monitoring the effect of the cryptographic process on the cache.
Proceedings ArticleDOI
Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice
TL;DR: This paper considers the AES block cipher and presents an attack which is capable of recovering the full secret key in almost real time for AES-128, requiring only a very limited number of observed encryptions, and is the first working attack on AES implementations using compressed tables.