Skip to main content

Spy Cartel: Parallelizing Evict+Time-Based Cache Attacks on Last-Level Caches

Abstract

A powerful cache timing attack cannot only determine the secret key of a cryptographic cipher accurately but also do so quickly. Cache timing attacks that utilize the shared L1 cache memory are known to have these two characteristics. On the other hand, attacks using the shared last-level cache (LLC) memory are not always successful in obtaining the secret key, and they take considerably longer than an L1 cache attack. This paper leverages the fact that all LLC attacks run on multi-core CPUs, facilitating the attack programs to be parallelized. We show how parallelization can be used to reduce the runtime and improve the attack’s success making it at par with L1 cache attacks. We then propose a new methodology for LLC cache attacks, by which an attacker can maximize the attack success for a given time frame. The only additional requirement is learning about the target system’s runtime behavior, which is done offline. We validate all our claims on a 4-core and a 10-core CPU.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Notes

  1. OpenSSL ver. 1.0.1f (https://www.openssl.org/)

  2. OpenSSL ver. 1.0.1f (https://www.openssl.org/)

References

  1. Acıiċmez O, Koç CK (2006) Trace-driven cache attacks on AES (short paper). In: International conference on information and communications security. Springer, pp 112–121

  2. Aciiçmez O, Koç CK, Seifert J-P (2007) Predicting secret keys via branch prediction. In: The cryptographers’ track at the RSA conference 2007, San Francisco, CA, USA, February 5–9, 2007, proceedings, pp 225–242

  3. Aciiçmez O, Brumley BB, Grabher P (2010) New results on instruction cache attacks. In: Cryptographic hardware and embedded systems, CHES 2010, 12th international workshop, Santa Barbara, CA, USA, August 17–20, 2010, proceedings, volume 6225 of lecture notes in computer science. Springer, pp 110–124

  4. Apecechea GI, Inci MS, Eisenbarth T, Sunar B (2014) Wait a minute! a fast, cross-vm attack on AES. In: Research in attacks, intrusions and defenses - 17th international symposium, RAID 2014, Gothenburg, Sweden, September 17–19, 2014, proceedings, volume 8688 of lecture notes in computer science. Springer, pp 299–319

  5. Apecechea GI, Eisenbarth T, Berk S (2015) S$a: a shared cache attack that works across cores and defies VM sandboxing - and its application to AES. In: 2015 IEEE symposium on security and privacy, SP 2015, San Jose, CA, USA, May 17–21, 2015, pp 591–604

  6. Bernstein DJ (2005) Cache-timing attacks on AES. http://cr.yp.to/papers.html#cachetiming

  7. Bertoni G, Zaccaria V, Breveglieri L, Monchiero M, Palermo G (2005) AES power attack based on induced cache miss and countermeasure. In: International conference on information technology: coding and computing, 2005. ITCC 2005, vol 1. IEEE, pp 586–591

  8. Bonneau J, Mironov I (2006) Cache-collision timing attacks against AES. In: Cryptographic hardware and embedded systems - CHES 2006, 8th international workshop, Yokohama, Japan, October 10–13, 2006, proceedings, volume 4249 of lecture notes in computer science. Springer, pp 201–215

  9. Brumley BB, Hakala RM (2009) Cache-timing template attacks. In: Advances in cryptology - ASIACRYPT 2009, 15th international conference on the theory and application of cryptology and information security, Tokyo, Japan, December 6–10, 2009. Proceedings, pp 667–684

  10. Goodwill BJG, Jaffe J, Rohatgi P, et al. (2011) A testing methodology for side-channel resistance validation. In: NIST non-invasive attack testing workshop

  11. Gullasch D, Bangerter E, Krenn S (2011) Cache games - bringing access-based cache attacks on AES to practice. In: 32nd IEEE symposium on security and privacy, S&P 2011, 22–25 May 2011, Berkeley, California, USA. IEEE Computer Society, pp 490–505

  12. Hund R, Willems C, Holz T (2013) Practical timing side channel attacks against kernel space ASLR. In: 20th annual network and distributed system security symposium, NDSS 2013, San Diego, California, USA, February 24–27, 2013

  13. Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2018) Spectre attackes: exploiting speculative execution. arXiv:1801.01203

  14. Koeune F, Quisquater J-J (1999) A timing attack against Rijndael

  15. Lauradoux C (2005) Collision attacks on processors with cache and countermeasures. In: WEWoRC 2005 - Western European workshop on research in cryptology, July 5–7, 2005, Leuven, Belgium, volume 74 of LNI, pp 76–85. GI. ISBN 3-88579-403-9

  16. Lipp M, Schwarz M, Gruss D, Prescher T, Haas W, Mangard S, Kocher P, Genkin D, Yarom Y, Hamburg M (2018) Meltdown. arXiv:1801.01207

  17. Liu F, Yarom Y, Ge Q, Heiser G, Lee RB (2015) Last-level cache side-channel attacks are practical. In: 2015 IEEE symposium on security and privacy, SP 2015, San Jose, CA, USA, May 17–21, 2015, pp 605–622

  18. Massey JL (1994) Guessing and entropy. In: 1994 IEEE international symposium on information theory, 1994. Proceedings. IEEE, p 204

  19. Maurice C, Le Scouarnec N, Neumann C, Heen O, Francillon A (2015) Reverse engineering intel last-level cache complex addressing using performance counters. In: Research in attacks, intrusions, and defenses - 18th international symposium, RAID 2015, Kyoto, Japan, November 2–4, 2015, Proceedings, volume 9404 of lecture notes in computer science. Springer, pp 48–65

  20. Neve M, Seifert J-P (2006) Advances on access-driven cache attacks on AES. In: Selected areas in cryptography, 13th international workshop, SAC 2006, Montreal, Canada, August 17–18, 2006 revised selected papers, volume 4356 of lecture notes in computer science. Springer, pp 147–162

  21. Neve M, Seifert J-P, Wang Z (2006) A refined look at Bernstein’s AES side-channel analysis. In: Proceedings of the 2006 ACM symposium on Information, computer and communications security, ASIACCS 2006, Taipei, Taiwan, March 21–24, 2006. ISBN 1-59593-272-0. ACM, p 369

  22. Oren Y, Kemerlis VP, Sethumadhavan S, Keromytis AD (2015) The spy in the sandbox: practical cache attacks in Javascript and their implications. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, Denver, CO, USA, October 12–6, 2015. ACM, pp 1406–1418

  23. Osvik DA, Shamir A, Tromer E (2006) Cache attacks and countermeasures: the case of AES. In: Topics in cryptology - CT-RSA 2006, the cryptographers’ track at the RSA conference 2006, San Jose, CA, USA, February 13–17, 2006. Proceedings, volume 3860 of lecture notes in computer science. Springer, pp 1–20

  24. Percival C (2005) Cache missing for fun and profit. BSDCan: 1–13

  25. Rebeiro C, Mukhopadhyay D (2015) Micro-architectural analysis of time-driven cache attacks quest for the ideal implementation. IEEE Trans Comput 64(3):778–790

    MathSciNet  Article  MATH  Google Scholar 

  26. Rebeiro C, Mukhopadhyay D, Takahashi J, Fukunaga T (2009) Cache timing attacks on clefia. In: Progress in cryptology - INDOCRYPT 2009, 10th international conference on cryptology in India, New Delhi, India, December 13–16, 2009. Proceedings, volume 5922 of lecture notes in computer science. Springer, pp 104–118

  27. Rebeiro C, Mondal M, Mukhopadhyay D (2010) Pinpointing cache timing attacks on AES. In: 23Rd international conference on VLSI design, 9th international conference on embedded systems, Bangalore, India, 3–7 January 2010. IEEE Computer Society, pp 306–311

  28. Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on computer and communications security. ACM, pp 199–212

  29. Tiri K, Aciiçmez O, Neve M, Andersen F (2007) An analytical model for time-driven cache attacks. In: FSE 2007, Luxembourg, March 26–28, 2007, revised selected papers, volume 4593 of lecture notes in computer science. Springer, pp 399–413

  30. Tromer E, Osvik DA, Shamir A (2010) Efficient cache attacks on AES, and countermeasures. J Cryptol 23(1):37–71

    MathSciNet  Article  MATH  Google Scholar 

  31. Tsunoo Y, Saito T, Suzaki T, Shigeri M, Miyauchi H (2003) Cryptanalysis of DES implemented on computers with cache. In: CHES 2003, 5Th international workshop, Cologne, Germany, September 8–10, 2003, proceedings, volume 2779 of lecture notes in computer science. Springer, pp 62–76

  32. Varadarajan V, Zhang Y, Ristenpart T, Swift MM (2015) A placement vulnerability study in multi-tenant public clouds. In: USENIX security symposium, pp 913–928

  33. Zhang X, Wang H, Zhenyu W (2015) A measurement study on co-residence threat inside the cloud. In: USENIX security symposium, pp 929–944

  34. Yarom Y, Katrina F (2014) FLUSH+RELOAD: a high resolution, low noise, l3 cache side-channel attack. In: Proceedings of the 23rd USENIX security symposium, San Diego, CA, USA, August 20–22, 2014. USENIX Association, pp 719–732

  35. Yarom Y, Ge Q, Liu F, Lee RB, Heiser G (2015) Mapping the intel last-level cache. IACR Cryptology ePrint Archive 2015:905

    Google Scholar 

  36. Zhao X-J, Wang T (2010) Improved cache trace attack on AES and CLEFIA by considering cache miss and s-box misalignment. IACR Cryptology ePrint Archive 2010:56

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Himanshi Jain.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work is supported by Information Security Education and Awareness Program (ISEA), Ministry of Electronics and Information Technology (MeitY), India and DST-FIST Grant Program 2016, from Department of Science and Technology, India. We also thank Mr. Raghavandra Patil from C-DAC Bangalore for his timely inputs.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Jain, H., Balaraju, D.A. & Rebeiro, C. Spy Cartel: Parallelizing Evict+Time-Based Cache Attacks on Last-Level Caches. J Hardw Syst Secur 3, 147–163 (2019). https://doi.org/10.1007/s41635-018-0062-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41635-018-0062-1

Keywords

  • Cache timing attacks
  • Last-level cache memories
  • Evict+Time
  • Multi-core CPUs