A Survey of Side-Channel Attacks on Caches and Countermeasures

Abstract

With the increasing proliferation of Internet-of-Things (IoT) in our daily lives, security and trustworthiness are key considerations in designing computing devices. A vast majority of IoT devices use shared caches for improved performance. Unfortunately, the data sharing introduces the vulnerability in these systems. Side-channel attacks in shared caches have been explored for over a decade. Existing approaches utilize side-channel (non-functional) behaviors such as time, power, and electromagnetic radiation to attack encryption schemes. In this paper, we survey the widely used target encryption algorithms, the common attack techniques, and recent attacks that exploit the features of cache. In particular, we focus on the cache timing attacks against the cloud computing and embedded systems. We also survey existing countermeasures at different abstraction levels.

References

1. 1.

   Acıiçmez O (2007) Yet another microarchitectural attack:: exploiting i-cache. In: Proceedings of the 2007 ACM workshop on computer security architecture. ACM, New York CSAW ’07, pp 11–18. https://doi.org/10.1145/1314466.1314469

2. 2.

   Acıiçmez O, Koç ÇK (2009) Microarchitectural attacks and countermeasures. Springer, Boston, pp 475–504. https://doi.org/10.1007/978-0-387-71817-0_18

3. 3.

   Acıiçmez O, Schindler W, Koç ÇK (2005) Improving Brumley and Boneh timing attack on unprotected SSL implementations. In: Proceedings of the 12th ACM conference on computer and communications security, ACM, New York, CCS ’05, pp 139–146. https://doi.org/10.1145/1102120.1102140

4. 4.

   Acıiçmez O, Schindler W, Koç ÇK (2006) Cache based remote timing attack on the AES. Springer, Berlin, pp 271–286. https://doi.org/10.1007/11967668_18

5. 5.

   Acıiçmez O, Koç ÇK, Seifert JP (2007) On the power of simple branch prediction analysis. In: Proceedings of the 2Nd ACM symposium on information, computer and communications security, ACM, New York, ASIACCS ’07, pp 312–320. https://doi.org/10.1145/1229285.1266999

6. 6.

   Bates A, Mood B, Pletcher J, Pruse H, Valafar M, Butler K (2012) Detecting co-residency with active traffic analysis techniques. In: Proceedings of the 2012 ACM workshop on cloud computing security workshop, ACM, New York, CCSW ’12, pp 1–12. https://doi.org/10.1145/2381913.2381915

7. 7.

   Bernstein DJ (2005) Cache-timing attacks on AES. Preprint available at http://cr.yp.to/papers.html#cachetiming

8. 8.

   Bernstein DJ, Lange T, Schwabe P (2012) The security impact of a new cryptographic library. Springer , Berlin, pp 159–176. https://doi.org/10.1007/978-3-642-33481-8_9

9. 9.

   Bhatkar S, DuVarney D C, Sekar R (2003) Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: USENIX security symposium

10. 10.

    Biham E (1997) A fast new DES implementation in software. Springer, Berlin, pp 260–272. https://doi.org/10.1007/BFb0052352

11. 11.

    Bogdanov A, Eisenbarth T, Paar C, Wienecke M (2010) Differential cache-collision timing attacks on AES with applications to embedded CPUs. Springer, Berlin, pp 235–251. https://doi.org/10.1007/978-3-642-11925-5_17

12. 12.

    Brickell E (2011) Technologies to improve platform security. CHES’11 Invited Talk, Sep 2011, https://www.iacr.org/workshops/ches/ches2011/presentations/Invited%201/CHES2011_Invited_1.pdf

13. 13.

    Brickell E, Graunke G, Neve M, Seifert J (2006) Software mitigations to hedge AES, against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive 2006:52

14. 14.

    Brumley D, Boneh D (2003) Remote timing attacks are practical. In: Proceedings of the 12th conference on USENIX security symposium, vol 12. USENIX Association, Berkeley SSYM’03, pp 1–1

15. 15.

    Chiappetta M, Savas E, Yilmaz C (2015) Real time detection of cache-based side-channel attacks using hardware performance counters. IACR Cryptology ePrint Archive 2015:1034

16. 16.

    Cleemput J V, Coppens B, De Sutter B (2012) Compiler mitigations for time attacks on modern x86 processors. ACM Trans Archit Code Optim 8(4):23:1–23:20. https://doi.org/10.1145/2086696.2086702

17. 17.

    Cock D, Ge Q, Murray T, Heiser G (2014) The last mile: an empirical study of timing channels on sel4. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, ACM, New York, CCS ’14, pp 570–581 . https://doi.org/10.1145/2660267.2660294

18. 18.

    Coppens B, Verbauwhede I, Bosschere KD, Sutter BD (2009) Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: 2009 30th IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2009.19, pp 45–60

19. 19.

    Crane S, Homescu A, Brunthaler S, Larsen P, Franz M (2015) Thwarting cache side-channel attacks through dynamic software diversity. In: 22Nd annual network and distributed system security symposium, NDSS 2015, San diego

20. 20.

    Daemen J, Rijmen V (1999) AES proposal: Rijndael. version 2, AES submission document, http://csrc.nist.gov/archive/aes/rijndael/Rijndael-ammended.pdf

21. 21.

    Erlingsson Ú, Abadi M (2007) Operating system protection against side-channel attacks that exploit memory latency. Tech. rep., https://www.microsoft.com/en-us/research/publication/operating-system-protection-against-side-channel-attacks-that-exploit-memory-latency/

22. 22.

    Ge Q, Yarom Y, Cock D, Heiser G (2016) A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. IACR, Cryptology ePrint Archive 2016:613

23. 23.

    Godfrey M, Zulkernine M (2014) Preventing cache-based side-channel attacks in a cloud environment. IEEE Transactions on Cloud Computing 2(4):395–408. https://doi.org/10.1109/TCC.2014.2358236

24. 24.

    Gruss D, Spreitzer R, Mangard S (2015) Cache template attacks: automating attacks on inclusive last-level caches. In: 24Th USENIX security symposium (USENIX security 15). USENIX Association, Washington, D.C., pp 897–912

25. 25.

    Gruss D, Maurice C, Wagner K, Mangard S (2016) Flush + flush: a fast and stealthy cache attack. In: Proceedings of the 13th international conference on detection of intrusions and malware, and vulnerability assessment, vol 9721, Springer, New York, Inc., DIMVA 2016, pp 279–299. https://doi.org/10.1007/978-3-319-40667-1_14

26. 26.

    Gullasch D, Bangerter E, Krenn S (2011) Cache games—bringing access-based cache attacks on AES to practice. In: Proceedings of the 2011 IEEE symposium on security and privacy, IEEE Computer Society, Washington, SP ’11, pp 490–505. https://doi.org/10.1109/SP.2011.22

27. 27.

    Gülmezoğlu B, İnci MS, Irazoqui G, Eisenbarth T, Sunar B (2015) A faster and more realistic flush + reload attack on AES. Springer International Publishing, Cham, pp 111–126. https://doi.org/10.1007/978-3-319-21476-4_8

28. 28.

    Hamburg M (2009) Accelerating AES with vector permute instructions. Springer, Berlin, pp 18–32

29. 29.

    Hund R, Willems C, Holz T (2013) Practical timing side channel attacks against kernel space ASLR. In: 2013 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2013.23, pp 191–205

30. 30.

    İnci MS, Gülmezoğlu B, Eisenbarth T, Sunar B (2016) Co-location detection on the cloud. Springer International Publishing, Cham, pp 19–34. https://doi.org/10.1007/978-3-319-43283-0_2

31. 31.

    İnci MS, Gülmezoğlu B, Irazoqui G, Eisenbarth T, Sunar B (2016) Cache attacks enable bulk key recovery on the cloud. In: Cryptographic hardware and embedded systems - CHES 2016 - 18th international conference, Santa Barbara, CA, USA, August 17-19, 2016, Proceedings, . https://doi.org/10.1007/978-3-662-53140-2_18, pp 368–388

32. 32.

    Irazoqui G, Inci MS, Eisenbarth T, Sunar B (2014) Fine grain cross-vm attacks on xen and vmware. In: Proceedings of the 2014 IEEE fourth international conference on big data and cloud computing, IEEE Computer Society, Washington, BDCLOUD ’14, pp 737–744. https://doi.org/10.1109/BDCloud.2014.102

33. 33.

    Irazoqui G, Inci MS, Eisenbarth T, Sunar B (2014) Wait a minute! A fast, cross-VM attack on AES. Springer International Publishing, Cham, pp 299–319. https://doi.org/10.1007/978-3-319-11379-1_15

34. 34.

    Irazoqui G, Eisenbarth T, Sunar B (2015) S$A: a shared cache attack that works across cores and defies VM sandboxing—and its application to AES. In: 2015 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2015.42, pp 591–604

35. 35.

    Käsper E, Schwabe P (2009) Faster and timing-attack resistant AES-GCM. Springer , Berlin, pp 1–17. https://doi.org/10.1007/978-3-642-04138-9_1

36. 36.

    Kelsey J, Schneier B, Wagner D, Hall C (2000) Side channel cryptanalysis of product ciphers. J Comput Secur 8(2,3):141–158

37. 37.

    kernelorg (2009) Address space layout randomization (ASLR). https://www.kernel.org/doc/Documentation/vm/ksm.txt

38. 38.

    Kim T, Peinado M, Mainar-Ruiz G (2012) Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: Presented as part of the 21st USENIX security symposium (USENIX security 12). Bellevue, USENIX, pp 189–204

39. 39.

    Kocher PC (1996) Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. Springer , Berlin, pp 104–113. https://doi.org/10.1007/3-540-68697-5_9

40. 40.

    Kong J, Aciicmez O, Seifert JP, Zhou H (2009) Hardware-software integrated approaches to defend against software cache-based side channel attacks. In: 2009 IEEE 15th international symposium on high performance computer architecture. https://doi.org/10.1109/HPCA.2009.4798277, pp 393–404

41. 41.

    Lipp M (2016) Cache attacks on arm. Master thesis, Graz, University Of Technology

42. 42.

    Lipp M, Gruss D, Spreitzer R, Maurice C, Mangard S (2016) Armageddon: cache attacks on mobile devices. In: 25Th USENIX security symposium (USENIX security 16). USENIX association, Austin, pp 549–564

43. 43.

    Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical. In: 2015 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2015.43, pp 605–622

44. 44.

    Martin R, Demme J, Sethumadhavan S (2012) Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. SIGARCH Comput Archit News 40(3):118–129. https://doi.org/10.1145/2366231.2337173

45. 45.

    Matsui M, Nakajima J (2007) On the power of bitslice implementation on Intel core2 processor. Springer, Berlin, pp 121–134. https://doi.org/10.1007/978-3-540-74735-2_9

46. 46.

    Montgomery PL (1985) Modular multiplication without trial division. Math Comput 44:519–521

47. 47.

    Oren Y, Kemerlis VP, Sethumadhavan S, Keromytis AD (2015) The spy in the sandbox: practical cache attacks in javascript and their implications. In: Proceedings of the 22Nd ACM SIGSAC conference on computer and communications security, ACM, New York, CCS ’15, pp 1406–1418 . https://doi.org/10.1145/2810103.2813708

48. 48.

    Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of AES. Springer , Berlin, pp 1–20. https://doi.org/10.1007/11605805_1

49. 49.

    Owens R, Wang W (2011) Non-interactive OS fingerprinting through memory de-duplication technique in virtual machines. In: 30th IEEE international performance computing and communications conference. https://doi.org/10.1109/PCCC.2011.6108094, pp 1–8

50. 50.

    Page D (2002) Theoretical use of cache memory as a cryptanalytic side-channel. Cryptology ePrint Archive, Report 2002/169, http://eprint.iacr.org/2002/169

51. 51.

    Page D (2005) Partitioned cache architecture as a side-channel defence mechanism. Cryptology ePrint Archive, Report 2005/280, http://eprint.iacr.org/2005/280

52. 52.

    Payer M (2016) HexPADS: a platform to detect “Stealth” attacks. Springer International Publishing, Cham, pp 138–154. https://doi.org/10.1007/978-3-319-30806-7_9

53. 53.

    Percival C (2005) Cache missing for fun and profit. BSDCan 2005

54. 54.

    Raj H, Nathuji R, Singh A, England P (2009) Resource management for isolation enhanced cloud services. In: Proceedings of the 2009 ACM workshop on cloud computing security, ACM, New York, CCSW ’09, pp 77–84. https://doi.org/10.1145/1655008.1655019

55. 55.

    Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security, ACM, New York, CCS ’09, pp 199–212. https://doi.org/10.1145/1653662.1653687

56. 56.

    Spreitzer R, Gérard B (2014) Towards more practical time-driven cache attacks. Springer , Berlin , pp 24–39. https://doi.org/10.1007/978-3-662-43826-8_3

57. 57.

    Spreitzer R, Plos T (2013) On the applicability of time-driven cache attacks on mobile devices. Springer , Berlin, pp 656–662. https://doi.org/10.1007/978-3-642-38631-2_53

58. 58.

    Team P (2003) Address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt

59. 59.

    Tromer E, Osvik D A, Shamir A (2010) Efficient cache attacks on AES, and countermeasures. J Cryptol 23(1):37–71. https://doi.org/10.1007/s00145-009-9049-y

60. 60.

    Tsunoo Y, Saito T, Suzaki T, Shigeri M, Miyauchi H (2003) Cryptanalysis of DES implemented on computers with cache. Springer, Berlin, pp 62–76. https://doi.org/10.1007/978-3-540-45238-6_6

61. 61.

    Varadarajan V, Ristenpart T, Swift M (2014) Scheduler-based defenses against cross-vm side-channels. In: 23Rd USENIX security symposium (USENIX security 14). USENIX Association, San Diego, pp 687–702

62. 62.

    Varadarajan V, Zhang Y, Ristenpart T, Swift M (2015) A placement vulnerability study in multi-tenant public clouds. In: 24Th USENIX security symposium (USENIX security 15). USENIX Association, Washington, pp 913–928

63. 63.

    Vattikonda BC, Das S, Shacham H (2011) Eliminating fine grained timers in xen. In: Proceedings of the 3rd ACM workshop on cloud computing security workshop, ACM, New York, CCSW ’11, pp 41–46. https://doi.org/10.1145/2046660.2046671

64. 64.

    Wang Z, Lee R B (2007) New cache designs for thwarting software cache-based side channel attacks. SIGARCH Comput Archit News 35(2):494–505. https://doi.org/10.1145/1273440.1250723

65. 65.

    Weiß M, Heinz B, Stumpf F (2012) A cache timing attack on AES in virtualization environments. Springer , Berlin , pp 314–328. https://doi.org/10.1007/978-3-642-32946-3_23

66. 66.

    Wu Z, Xu Z, Wang H (2012) Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: Presented as part of the 21st USENIX security symposium (USENIX security 12). Bellevue, USENIX, pp 159–173

67. 67.

    Xu J, Kalbarczyk Z, Iyer RK (2003) Transparent runtime randomization for security. In: 22nd international symposium on reliable distributed systems, 2003. Proceedings. https://doi.org/10.1109/RELDIS.2003.1238076, pp 260–269

68. 68.

    Xu Z, Wang H, Wu Z (2015) A measurement study on co-residence threat inside the cloud. In: 24Th USENIX security symposium (USENIX security 15). USENIX Association, Washington, pp 929–944

69. 69.

    Yarom Y, Benger N (2014) Recovering OpenSSL ECDSA nonces using the FLUSH + RELOAD cache side-channel attack. IACR Cryptology ePrint Archive 2014:140

70. 70.

    Yarom Y, Falkner K (2014) FLUSH + RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: 23Rd USENIX security symposium (USENIX security 14). USENIX association, San Diego, pp 719–732

71. 71.

    Yarom Y, Genkin D, Heninger N (2017) Cachebleed: a timing attack on OpenSSL constant-time RSA. J Cryptogr Eng :1–14. https://doi.org/10.1007/s13389-017-0152-y

72. 72.

    Zhang X, Xiao Y, Zhang Y (2016) Return-oriented flush-reload side channels on arm and their implications for android devices. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, CCS ’16. https://doi.org/10.1145/2976749.2978360, pp 858–870

73. 73.

    Zhang Y, Reiter MK (2013) Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: 20th ACM SIGSAC conference on computer and communications security. ACM, New York, pp 827–838

74. 74.

    Zhang Y, Juels A, Oprea A, Reiter MK (2011) Homealone: co-residency detection in the cloud via side-channel analysis. In: 2011 IEEE symposium on security and privacy. https://doi.org/10.1109/SP.2011.31, pp 313–328

75. 75.

    Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on computer and communications security. ACM, New York, CCS ’12, pp 305–316. https://doi.org/10.1145/2382196.2382230

76. 76.

    Zhang Y, Juels A, Reiter MK, Ristenpart T (2014) Cross-tenant side-channel attacks in PaaS clouds. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, New York, CCS ’14, pp 990–1003 . https://doi.org/10.1145/2660267.2660356

77. 77.

    Zhou Z, Reiter MK, Zhang Y (2016) A software approach to defeating side channels in last-level caches. In: Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. ACM, New York, CCS ’16, pp 871–882, . https://doi.org/10.1145/2976749.2978324