Skip to main content

IPA: an Instruction Profiling–Based Micro-architectural Side-Channel Attack on Block Ciphers

Abstract

Hardware performance counters (HPCs) are present in most modern processors and provide an interface to user-level processes to monitor their performance in terms of the number of micro-architectural events, executed during the process execution. In this paper, we analyze the leakage from these HPC events and present a new micro-architectural side-channel attack that observes the number of instruction counts during the execution of an encryption algorithm as side-channel information to recover the secret key. This paper explores the fact that the instruction counts can act as a side channel and then describes the instruction profiling attack (IPA) methodology with the help of two block ciphers, namely AES and CLEFIA, on Intel and AMD processors. We follow the principles of profiled instruction attacks and show that the proposed attack is more potent than the well-known cache timing attacks in literature. We also perform experiments on ciphers implemented with popular time fuzzing schemes to subvert timing attacks. Our results show that while the countermeasure successfully stops leakages through the timing channels, it is vulnerable to the instruction profiling attack. We validate our claims by detailed experiments on contemporary Intel and AMD platforms to demonstrate that seemingly benign instruction counts can serve as side channels even for block cipher implementations that are hardened against timing attacks. In addition to it, we present detailed experimentation to analyze the rationale behind the attack and also explore the performance of IPA on a countermeasure designed to subvert the cache-based attacks considering a case study on CLEFIA.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

References

  1. 1.

    Aciiċmez O (2007) Yet another microarchitectural attack:: exploiting i-cache. In: Proceedings of the 2007 ACM workshop on computer security architecture, pp 11–18. ACM

  2. 2.

    Acıiċmez O, Schindler W, Koċ ĊK (2007) Cache based remote timing attack on the aes. In: Cryptographers’ track at the RSA conference, pp 271–286. Springer

  3. 3.

    Barreto P. (2003) The aes block cipher in c++. website

  4. 4.

    Bernstein DJ (2005) Cache-timing attacks on aes

  5. 5.

    Bhattacharya S, Rebeiro C, Mukhopadhyay D (2013) Unraveling timewarp: What all the fuzz is about?. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, pp 8. ACM

  6. 6.

    Cox M, Engelschall R, Henson S, Laurie B et al (2002) The openssl project. Google Scholar

  7. 7.

    Dongarra J, Jagode H, Moore S, Mucci P, Ralph J, Terpstra D, Weaver V Performance application programming interface

  8. 8.

    Granger R, Page D, Stam M (2005) Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three. IEEE Trans Comput 54(7):852–860

    Article  Google Scholar 

  9. 9.

    Guide P (2011) Intel® 64 and ia-32 architectures software developer’s manual. Volume 3B: System programming Guide, Part 2

  10. 10.

    Levon J, Elie P (2004) Oprofile: a system profiler for linux

  11. 11.

    Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical. In: 2015 IEEE symposium on security and privacy (SP), pp 605–622. IEEE

  12. 12.

    Martin R, Demme J, Sethumadhavan S (2012) Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. pp 118–129. ACM

  13. 13.

    Mukhopadhyay D, Chakraborty RS (2014) Hardware security: design, threats, and safeguards. Chapman and Hall/CRC, Boca Raton

    Book  Google Scholar 

  14. 14.

    Neve M, Seifert JP, Wang Z (2006) A refined look at bernstein’s aes side-channel analysis. In: Proceedings of the 2006 ACM symposium on information, computer and communications security, pp 369–369. ACM

  15. 15.

    Nyberg K (1996) Generalized feistel networks. In: International conference on the theory and application of cryptology and information security, pp 91–104. Springer

  16. 16.

    Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of aes. In: Cryptographers’ track at the RSA conference, pp 1–20. Springer

  17. 17.

    Paar C (1994) Efficient vlsi architectures for bit-parallel computation in galois fields. PhD Thesis, Inst. for Experimental Math., Univ. of Essen

  18. 18.

    Rebeiro C, Mondal M, Mukhopadhyay D. (2010) Pinpointing cache timing attacks on aes. In: 23rd international conference on VLSI design, 2010. VLSID’10., pp 306–311. IEEE

  19. 19.

    Rebeiro C, Mukhopadhyay D (2011) Cryptanalysis of clefia using differential methods with cache trace patterns. In: Cryptographers’ track at the RSA conference, pp 89–103. Springer

  20. 20.

    Rebeiro C, Mukhopadhyay D, Bhattacharya S (2014) Timing channels in cryptography: a micro-architectural perspective. Springer

  21. 21.

    Rebeiro C, Mukhopadhyay D, Takahashi J, Fukunaga T (2009) Cache timing attacks on clefia. In: International conference on cryptology in India, pp 104–118. Springer

  22. 22.

    Shirai T, Shibutani K, Akishita T, Moriai S, Iwata T (2007) The 128-bit blockcipher clefia. In: International workshop on fast software encryption, pp 181–195. Springer

  23. 23.

    Standaert FX, Malkin TG, Yung M (2009) A unified framework for the analysis of side-channel key recovery attacks. In: Annual international conference on the theory and applications of cryptographic techniques, pp 443–461. Springer

  24. 24.

    Standard AE (2001) Federal information processing standards publication 197. FIPS PUB, pp 46–3

  25. 25.

    Wang X, Karri R (2013) Numchecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: 2013 50th ACM/EDAC/IEEE design automation conference (DAC), pp 1–7. IEEE

  26. 26.

    Wang X, Karri R (2016) Reusing hardware performance counters to detect and identify kernel control-flow modifying rootkits. IEEE Trans Comput Aided Des Integr Circuits Syst 35(3):485– 498

    Article  Google Scholar 

  27. 27.

    Wang X, Konstantinou C, Maniatakos M, Karri R (2015) Confirm: Detecting firmware modifications in embedded systems using hardware performance counters. In: Proceedings of the IEEE/ACM international conference on computer-aided design, pp 544–551. IEEE Press

  28. 28.

    Wiki P (2015) perf: Linux profiling with performance counters

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Manaar Alam.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Alam, M., Bhattacharya, S., Sinha, S. et al. IPA: an Instruction Profiling–Based Micro-architectural Side-Channel Attack on Block Ciphers. J Hardw Syst Secur 3, 26–44 (2019). https://doi.org/10.1007/s41635-018-0060-3

Download citation

Keywords

  • Micro-architectural side-channel attack
  • Hardware performance counters
  • Cache timing attack
  • Block cipher