Cache template attacks: automating attacks on inclusive last-level caches
Daniel Gruss,Raphael Spreitzer,Stefan Mangard +2 more
- pp 897-912
Reads0
Chats0
TLDR
An automated attack on the T-table-based AES implementation of OpenSSL that is as efficient as state-of-the-art manual cache attacks and can reduce the entropy per character from log2(26) = 4.7 to 1.4 bits on Linux systems is performed.Abstract:
Recent work on cache attacks has shown that CPU caches represent a powerful source of information leakage. However, existing attacks require manual identification of vulnerabilities, i.e., data accesses or instruction execution depending on secret information. In this paper, we present Cache Template Attacks. This generic attack technique allows us to profile and exploit cache-based information leakage of any program automatically, without prior knowledge of specific software versions or even specific system information. Cache Template Attacks can be executed online on a remote system without any prior offline computations or measurements.
Cache Template Attacks consist of two phases. In the profiling phase, we determine dependencies between the processing of secret information, e.g., specific key inputs or private keys of cryptographic primitives, and specific cache accesses. In the exploitation phase, we derive the secret values based on observed cache accesses. We illustrate the power of the presented approach in several attacks, but also in a useful application for developers. Among the presented attacks is the application of Cache Template Attacks to infer keystrokes and--even more severe--the identification of specific keys on Linux and Windows user interfaces. More specifically, for lowercase only passwords, we can reduce the entropy per character from log2(26) = 4.7 to 1.4 bits on Linux systems. Furthermore, we perform an automated attack on the T-table-based AES implementation of OpenSSL that is as efficient as state-of-the-art manual cache attacks.read more
Citations
More filters
Proceedings ArticleDOI
Spectre Attacks: Exploiting Speculative Execution
Paul C. Kocher,Jann Horn,Anders Fogh,Daniel Genkin,Daniel Gruss,Werner Haas,Mike Hamburg,Moritz Lipp,Stefan Mangard,Thomas Prescher,Michael Schwarz,Yuval Yarom +11 more
TL;DR: Spectre as mentioned in this paper is a side channel attack that can leak the victim's confidential information via side channel to the adversary. And it can read arbitrary memory from a victim's process.
Proceedings Article
Meltdown: reading kernel memory from user space
Moritz Lipp,Michael Schwarz,Daniel Gruss,Thomas Prescher,Werner Haas,Anders Fogh,Jann Horn,Stefan Mangard,Paul C. Kocher,Daniel Genkin,Yuval Yarom,Mike Hamburg +11 more
TL;DR: It is shown that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding Meltdown, which breaks all security guarantees provided by address space isolation as well as paravirtualized environments.
Journal ArticleDOI
Meltdown: reading kernel memory from user space
Moritz Lipp,Michael Schwarz,Daniel Gruss,Thomas Prescher,Werner Haas,Jann Horn,Stefan Mangard,Paul C. Kocher,Daniel Genkin,Yuval Yarom,Mike Hamburg,Raoul Strackx +11 more
TL;DR: Meltdown as mentioned in this paper exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords, and it does not rely on any software vulnerabilities.
Book ChapterDOI
Flush+Flush: A Fast and Stealthy Cache Attack
TL;DR: The Flush+Flush attack as mentioned in this paper uses the execution time of the flush instruction, which depends on whether data is cached or not, to reduce the number of cache misses.
Proceedings Article
Peeking behind the curtains of serverless platforms
TL;DR: This work conducts the largest measurement study to date, launching more than 50,000 function instances across AWS Lambda, Azure Functions, and Google Cloud Functions, in order to characterize their architectures, performance, and resource management efficiency.
References
More filters
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.
Book
The Design of Rijndael: AES - The Advanced Encryption Standard
Joan Daemen,Vincent Rijmen +1 more
TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.
Proceedings ArticleDOI
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
TL;DR: It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.
Proceedings Article
Template Attacks
TL;DR: This work presents template attacks, the strongest form of side channel attack possible in an information theoretic sense, and describes in detail how an implementation of RC4, not amenable to techniques such as SPA and DPA, can be broken using template attacks with a single sample.