Advertisement

Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

A Survey of Side-Channel Attacks on Caches and Countermeasures

Abstract

With the increasing proliferation of Internet-of-Things (IoT) in our daily lives, security and trustworthiness are key considerations in designing computing devices. A vast majority of IoT devices use shared caches for improved performance. Unfortunately, the data sharing introduces the vulnerability in these systems. Side-channel attacks in shared caches have been explored for over a decade. Existing approaches utilize side-channel (non-functional) behaviors such as time, power, and electromagnetic radiation to attack encryption schemes. In this paper, we survey the widely used target encryption algorithms, the common attack techniques, and recent attacks that exploit the features of cache. In particular, we focus on the cache timing attacks against the cloud computing and embedded systems. We also survey existing countermeasures at different abstraction levels.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

References

  1. 1.

    Acıiçmez O (2007) Yet another microarchitectural attack:: exploiting i-cache. In: Proceedings of the 2007 ACM workshop on computer security architecture. ACM, New York CSAW ’07, pp 11–18. https://doi.org/10.1145/1314466.1314469

  2. 2.

    Acıiçmez O, Koç ÇK (2009) Microarchitectural attacks and countermeasures. Springer, Boston, pp 475–504. https://doi.org/10.1007/978-0-387-71817-0_18

  3. 3.

    Acıiçmez O, Schindler W, Koç ÇK (2005) Improving Brumley and Boneh timing attack on unprotected SSL implementations. In: Proceedings of the 12th ACM conference on computer and communications security, ACM, New York, CCS ’05, pp 139–146. https://doi.org/10.1145/1102120.1102140

  4. 4.

    Acıiçmez O, Schindler W, Koç ÇK (2006) Cache based remote timing attack on the AES. Springer, Berlin, pp 271–286. https://doi.org/10.1007/11967668_18

  5. 5.

    Acıiçmez O, Koç ÇK, Seifert JP (2007) On the power of simple branch prediction analysis. In: Proceedings of the 2Nd ACM symposium on information, computer and communications security, ACM, New York, ASIACCS ’07, pp 312–320. https://doi.org/10.1145/1229285.1266999

  6. 6.

    Bates A, Mood B, Pletcher J, Pruse H, Valafar M, Butler K (2012) Detecting co-residency with active traffic analysis techniques. In: Proceedings of the 2012 ACM workshop on cloud computing security workshop, ACM, New York, CCSW ’12, pp 1–12. https://doi.org/10.1145/2381913.2381915

  7. 7.

    Bernstein DJ (2005) Cache-timing attacks on AES. Preprint available at http://cr.yp.to/papers.html#cachetiming

  8. 8.

    Bernstein DJ, Lange T, Schwabe P (2012) The security impact of a new cryptographic library. Springer , Berlin, pp 159–176. https://doi.org/10.1007/978-3-642-33481-8_9

  9. 9.

    Bhatkar S, DuVarney D C, Sekar R (2003) Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: USENIX security symposium

  10. 10.

    Biham E (1997) A fast new DES implementation in software. Springer, Berlin, pp 260–272. https://doi.org/10.1007/BFb0052352

  11. 11.

    Bogdanov A, Eisenbarth T, Paar C, Wienecke M (2010) Differential cache-collision timing attacks on AES with applications to embedded CPUs. Springer, Berlin, pp 235–251. https://doi.org/10.1007/978-3-642-11925-5_17

  12. 12.

    Brickell E (2011) Technologies to improve platform security. CHES’11 Invited Talk, Sep 2011, https://www.iacr.org/workshops/ches/ches2011/presentations/Invited%201/CHES2011_Invited_1.pdf

  13. 13.

    Brickell E, Graunke G, Neve M, Seifert J (2006) Software mitigations to hedge AES, against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive 2006:52

  14. 14.

    Brumley D, Boneh D (2003) Remote timing attacks are practical. In: Proceedings of the 12th conference on USENIX security symposium, vol 12. USENIX Association, Berkeley SSYM’03, pp 1–1

  15. 15.

    Chiappetta M, Savas E, Yilmaz C (2015) Real time detection of cache-based side-channel attacks using hardware performance counters. IACR Cryptology ePrint Archive 2015:1034

  16. 16.

    Cleemput J V, Coppens B, De Sutter B (2012) Compiler mitigations for time attacks on modern x86 processors. ACM Trans Archit Code Optim 8(4):23:1–23:20. https://doi.org/10.1145/2086696.2086702

  17. 17.

    Cock D, Ge Q, Murray T, Heiser G (2014) The last mile: an empirical study of timing channels on sel4. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, ACM, New York, CCS ’14, pp 570–581 . https://doi.org/10.1145/2660267.2660294

  18. 18.

    Coppens B, Verbauwhede I, Bosschere KD, Sutter BD (2009) Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 2009 30th IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2009.19, pp 45–60

  19. 19.

    Crane S, Homescu A, Brunthaler S, Larsen P, Franz M (2015) Thwarting cache side-channel attacks through dynamic software diversity. In: 22Nd annual network and distributed system security symposium, NDSS 2015, San diego

  20. 20.

    Daemen J, Rijmen V (1999) AES proposal: Rijndael. version 2, AES submission document, http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf

  21. 21.

    Erlingsson Ú, Abadi M (2007) Operating system protection against side-channel attacks that exploit memory latency. Tech. rep., https://www.microsoft.com/en-us/research/publication/operating-system-protection-against-side-channel-attacks-that-exploit-memory-latency/

  22. 22.

    Ge Q, Yarom Y, Cock D, Heiser G (2016) A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. IACR, Cryptology ePrint Archive 2016:613

  23. 23.

    Godfrey M, Zulkernine M (2014) Preventing cache-based side-channel attacks in a cloud environment. IEEE Transactions on Cloud Computing 2(4):395–408. https://doi.org/10.1109/TCC.2014.2358236

  24. 24.

    Gruss D, Spreitzer R, Mangard S (2015) Cache template attacks: automating attacks on inclusive last-level caches. In: 24Th USENIX security symposium (USENIX security 15). USENIX Association, Washington, D.C., pp 897–912

  25. 25.

    Gruss D, Maurice C, Wagner K, Mangard S (2016) Flush + flush: a fast and stealthy cache attack. In: Proceedings of the 13th international conference on detection of intrusions and malware, and vulnerability assessment, vol 9721, Springer, New York, Inc., DIMVA 2016, pp 279–299. https://doi.org/10.1007/978-3-319-40667-1_14

  26. 26.

    Gullasch D, Bangerter E, Krenn S (2011) Cache games—bringing access-based cache attacks on AES to practice. In: Proceedings of the 2011 IEEE symposium on security and privacy, IEEE Computer Society, Washington, SP ’11, pp 490–505. https://doi.org/10.1109/SP.2011.22

  27. 27.

    Gülmezoğlu B, İnci MS, Irazoqui G, Eisenbarth T, Sunar B (2015) A faster and more realistic flush + reload attack on AES. Springer International Publishing, Cham, pp 111–126. https://doi.org/10.1007/978-3-319-21476-4_8

  28. 28.

    Hamburg M (2009) Accelerating AES with vector permute instructions. Springer, Berlin, pp 18–32

  29. 29.

    Hund R, Willems C, Holz T (2013) Practical timing side channel attacks against kernel space ASLR. In: 2013 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2013.23, pp 191–205

  30. 30.

    İnci MS, Gülmezoğlu B, Eisenbarth T, Sunar B (2016) Co-location detection on the cloud. Springer International Publishing, Cham, pp 19–34. https://doi.org/10.1007/978-3-319-43283-0_2

  31. 31.

    İnci MS, Gülmezoğlu B, Irazoqui G, Eisenbarth T, Sunar B (2016) Cache attacks enable bulk key recovery on the cloud. In: Cryptographic hardware and embedded systems - CHES 2016 - 18th international conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings, . https://doi.org/10.1007/978-3-662-53140-2_18, pp 368–388

  32. 32.

    Irazoqui G, Inci MS, Eisenbarth T, Sunar B (2014) Fine grain cross-vm attacks on xen and vmware. In: Proceedings of the 2014 IEEE fourth international conference on big data and cloud computing, IEEE Computer Society, Washington, BDCLOUD ’14, pp 737–744. https://doi.org/10.1109/BDCloud.2014.102

  33. 33.

    Irazoqui G, Inci MS, Eisenbarth T, Sunar B (2014) Wait a minute! A fast, cross-VM attack on AES. Springer International Publishing, Cham, pp 299–319. https://doi.org/10.1007/978-3-319-11379-1_15

  34. 34.

    Irazoqui G, Eisenbarth T, Sunar B (2015) S$A: a shared cache attack that works across cores and defies VM sandboxing—and its application to AES. In: 2015 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2015.42, pp 591–604

  35. 35.

    Käsper E, Schwabe P (2009) Faster and timing-attack resistant AES-GCM. Springer , Berlin, pp 1–17. https://doi.org/10.1007/978-3-642-04138-9_1

  36. 36.

    Kelsey J, Schneier B, Wagner D, Hall C (2000) Side channel cryptanalysis of product ciphers. J Comput Secur 8(2,3):141–158

  37. 37.

    kernelorg (2009) Address space layout randomization (ASLR). https://www.kernel.org/doc/Documentation/vm/ksm.txt

  38. 38.

    Kim T, Peinado M, Mainar-Ruiz G (2012) Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: Presented as part of the 21st USENIX security symposium (USENIX security 12). Bellevue, USENIX, pp 189–204

  39. 39.

    Kocher PC (1996) Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. Springer , Berlin, pp 104–113. https://doi.org/10.1007/3-540-68697-5_9

  40. 40.

    Kong J, Aciicmez O, Seifert JP, Zhou H (2009) Hardware-software integrated approaches to defend against software cache-based side channel attacks. In: 2009 IEEE 15th international symposium on high performance computer architecture. https://doi.org/10.1109/HPCA.2009.4798277, pp 393–404

  41. 41.

    Lipp M (2016) Cache attacks on arm. Master thesis, Graz, University Of Technology

  42. 42.

    Lipp M, Gruss D, Spreitzer R, Maurice C, Mangard S (2016) Armageddon: cache attacks on mobile devices. In: 25Th USENIX security symposium (USENIX security 16). USENIX association, Austin, pp 549–564

  43. 43.

    Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical. In: 2015 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2015.43, pp 605–622

  44. 44.

    Martin R, Demme J, Sethumadhavan S (2012) Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. SIGARCH Comput Archit News 40(3):118–129. https://doi.org/10.1145/2366231.2337173

  45. 45.

    Matsui M, Nakajima J (2007) On the power of bitslice implementation on Intel core2 processor. Springer, Berlin, pp 121–134. https://doi.org/10.1007/978-3-540-74735-2_9

  46. 46.

    Montgomery PL (1985) Modular multiplication without trial division. Math Comput 44:519–521

  47. 47.

    Oren Y, Kemerlis VP, Sethumadhavan S, Keromytis AD (2015) The spy in the sandbox: practical cache attacks in javascript and their implications. In: Proceedings of the 22Nd ACM SIGSAC conference on computer and communications security, ACM, New York, CCS ’15, pp 1406–1418 . https://doi.org/10.1145/2810103.2813708

  48. 48.

    Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of AES. Springer , Berlin, pp 1–20. https://doi.org/10.1007/11605805_1

  49. 49.

    Owens R, Wang W (2011) Non-interactive OS fingerprinting through memory de-duplication technique in virtual machines. In: 30th IEEE international performance computing and communications conference. https://doi.org/10.1109/PCCC.2011.6108094, pp 1–8

  50. 50.

    Page D (2002) Theoretical use of cache memory as a cryptanalytic side-channel. Cryptology ePrint Archive, Report 2002/169, http://eprint.iacr.org/2002/169

  51. 51.

    Page D (2005) Partitioned cache architecture as a side-channel defence mechanism. Cryptology ePrint Archive, Report 2005/280, http://eprint.iacr.org/2005/280

  52. 52.

    Payer M (2016) HexPADS: a platform to detect “Stealth” attacks. Springer International Publishing, Cham, pp 138–154. https://doi.org/10.1007/978-3-319-30806-7_9

  53. 53.

    Percival C (2005) Cache missing for fun and profit. BSDCan 2005

  54. 54.

    Raj H, Nathuji R, Singh A, England P (2009) Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM workshop on cloud computing security, ACM, New York, CCSW ’09, pp 77–84. https://doi.org/10.1145/1655008.1655019

  55. 55.

    Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security, ACM, New York, CCS ’09, pp 199–212. https://doi.org/10.1145/1653662.1653687

  56. 56.

    Spreitzer R, Gérard B (2014) Towards more practical time-driven cache attacks. Springer , Berlin , pp 24–39. https://doi.org/10.1007/978-3-662-43826-8_3

  57. 57.

    Spreitzer R, Plos T (2013) On the applicability of time-driven cache attacks on mobile devices. Springer , Berlin, pp 656–662. https://doi.org/10.1007/978-3-642-38631-2_53

  58. 58.

    Team P (2003) Address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt

  59. 59.

    Tromer E, Osvik D A, Shamir A (2010) Efficient cache attacks on AES, and countermeasures. J Cryptol 23(1):37–71. https://doi.org/10.1007/s00145-009-9049-y

  60. 60.

    Tsunoo Y, Saito T, Suzaki T, Shigeri M, Miyauchi H (2003) Cryptanalysis of DES implemented on computers with cache. Springer, Berlin, pp 62–76. https://doi.org/10.1007/978-3-540-45238-6_6

  61. 61.

    Varadarajan V, Ristenpart T, Swift M (2014) Scheduler-based defenses against cross-vm side-channels. In: 23Rd USENIX security symposium (USENIX security 14). USENIX Association, San Diego, pp 687–702

  62. 62.

    Varadarajan V, Zhang Y, Ristenpart T, Swift M (2015) A placement vulnerability study in multi-tenant public clouds. In: 24Th USENIX security symposium (USENIX security 15). USENIX Association, Washington, pp 913–928

  63. 63.

    Vattikonda BC, Das S, Shacham H (2011) Eliminating fine grained timers in xen. In: Proceedings of the 3rd ACM workshop on cloud computing security workshop, ACM, New York, CCSW ’11, pp 41–46. https://doi.org/10.1145/2046660.2046671

  64. 64.

    Wang Z, Lee R B (2007) New cache designs for thwarting software cache-based side channel attacks. SIGARCH Comput Archit News 35(2):494–505. https://doi.org/10.1145/1273440.1250723

  65. 65.

    Weiß M, Heinz B, Stumpf F (2012) A cache timing attack on AES in virtualization environments. Springer , Berlin , pp 314–328. https://doi.org/10.1007/978-3-642-32946-3_23

  66. 66.

    Wu Z, Xu Z, Wang H (2012) Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: Presented as part of the 21st USENIX security symposium (USENIX security 12). Bellevue, USENIX, pp 159–173

  67. 67.

    Xu J, Kalbarczyk Z, Iyer RK (2003) Transparent runtime randomization for security. In: 22nd international symposium on reliable distributed systems, 2003. Proceedings. https://doi.org/10.1109/RELDIS.2003.1238076, pp 260–269

  68. 68.

    Xu Z, Wang H, Wu Z (2015) A measurement study on co-residence threat inside the cloud. In: 24Th USENIX security symposium (USENIX security 15). USENIX Association, Washington, pp 929–944

  69. 69.

    Yarom Y, Benger N (2014) Recovering OpenSSL ECDSA nonces using the FLUSH + RELOAD cache side-channel attack. IACR Cryptology ePrint Archive 2014:140

  70. 70.

    Yarom Y, Falkner K (2014) FLUSH + RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: 23Rd USENIX security symposium (USENIX security 14). USENIX association, San Diego, pp 719–732

  71. 71.

    Yarom Y, Genkin D, Heninger N (2017) Cachebleed: a timing attack on OpenSSL constant-time RSA. J Cryptogr Eng :1–14. https://doi.org/10.1007/s13389-017-0152-y

  72. 72.

    Zhang X, Xiao Y, Zhang Y (2016) Return-oriented flush-reload side channels on arm and their implications for android devices. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, CCS ’16. https://doi.org/10.1145/2976749.2978360, pp 858–870

  73. 73.

    Zhang Y, Reiter MK (2013) Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: 20th ACM SIGSAC conference on computer and communications security. ACM, New York, pp 827–838

  74. 74.

    Zhang Y, Juels A, Oprea A, Reiter MK (2011) Homealone: co-residency detection in the cloud via side-channel analysis. In: 2011 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2011.31, pp 313–328

  75. 75.

    Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, New York, CCS ’12, pp 305–316. https://doi.org/10.1145/2382196.2382230

  76. 76.

    Zhang Y, Juels A, Reiter MK, Ristenpart T (2014) Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, New York, CCS ’14, pp 990–1003 . https://doi.org/10.1145/2660267.2660356

  77. 77.

    Zhou Z, Reiter MK, Zhang Y (2016) A software approach to defeating side channels in last-level caches. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, CCS ’16, pp 871–882, . https://doi.org/10.1145/2976749.2978324

Download references

Author information

Correspondence to Yangdi Lyu.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Lyu, Y., Mishra, P. A Survey of Side-Channel Attacks on Caches and Countermeasures. J Hardw Syst Secur 2, 33–50 (2018). https://doi.org/10.1007/s41635-017-0025-y

Download citation

Keywords

  • Side-channel attack
  • Cache
  • Timing