A Faster and More Realistic Flush+Reload Attack on AES

  • Berk GülmezoğluEmail author
  • Mehmet Sinan İnci
  • Gorka Irazoqui
  • Thomas Eisenbarth
  • Berk Sunar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9064)


Cloud’s unrivaled cost effectiveness and on the fly operation versatility is attractive to enterprise and personal users. However, the cloud inherits a dangerous behavior from virtualization systems that poses a serious security risk: resource sharing. This work exploits a shared resource optimization technique called memory deduplication to mount a powerful known-ciphertext only cache side-channel attack on a popular OpenSSL implementation of AES. In contrast to the other cross-VM cache attacks, our attack does not require synchronization with the target server and is fully asynchronous, working in a more realistic scenario with much weaker assumption. Also, our attack succeeds in just 15 seconds working across cores in the cross-VM setting. Our results show that there is strong information leakage through cache in virtualized systems and the memory deduplication should be approached with caution.


Asynchronouos cross-VM attack Memory deduplication Flush and reload Known ciphertext attack Cache attacks 



This work is supported by the National Science Foundation, under grant CNS-1318919.


  1. 1.
  2. 2.
    Google Compute Engine Instance Types.
  3. 3.
  4. 4.
  5. 5.
    Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  6. 6.
    Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah.. Just a Little Bit” : a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014) Google Scholar
  7. 7.
    Bernstein, D.J.: Cache-timing attacks on AES (2004).
  8. 8.
    Bonneau, J.: Robust final-round cache-trace attacks against AES. IACR Cryptology ePrint Archive 2006/374 (2006)Google Scholar
  9. 9.
    Cai-Sen, C., Tao, W., Xiao-Cen, C., Ping, Z.: An Improved trace driven instruction cache timing attack on RSA. Cryptology ePrint Archive, Report 2011/557 (2011).
  10. 10.
    Labovitz, C.: How big is amazons cloud? (2012).
  11. 11.
    Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A practical implementation of the timing attack. In: Quisquater, J.-J., Schneier, B. (eds.) CARDIS 2000. LNCS, vol. 1820, pp. 167–182. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: IEEE Symposium on Security and Privacy, pp. 490–505 (2011)Google Scholar
  13. 13.
    Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the 1992 IEEE Symposium on Security and Privacy, SP 1992, Washington, DC, USA, pp. 52–61. IEEE Computer Society (1992)Google Scholar
  14. 14.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain cross-VM attacks on xen and vmware are possible! Cryptology ePrint Archive, Report 2014/248 (2014).
  15. 15.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Heidelberg (2014) Google Scholar
  16. 16.
    Jones, M.T.: Inside the linux 2.6 completely fair scheduler, December 2009.
  17. 17.
  18. 18.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. J. Comput. Secur. 8(2–3), 141–158 (2000)Google Scholar
  19. 19.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  20. 20.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  21. 21.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing The Secrets of Smart Cards, vol. 31. Springer, Heidelberg (2008)zbMATHGoogle Scholar
  22. 22.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  23. 23.
    Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel (2002)Google Scholar
  24. 24.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, New York, NY, USA, pp. 199–212. ACM (2009)Google Scholar
  25. 25.
    Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory deduplication as a threat to the guest OS. In: Proceedings of the Fourth European Workshop on System Security, p. 1. ACM (2011)Google Scholar
  26. 26.
    Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  27. 27.
    VMWare. Understanding Memory Resource Management in VMware vSphere 5.0.
  28. 28.
    Waldspurger, C.A.: Memory resource management in VMware ESX server. ACM SIGOPS Operating Syst. Rev. 36(SI), 181–194 (2002)CrossRefGoogle Scholar
  29. 29.
    Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 14), San Diego, CA, pp. 719–732. USENIX Association, August 2014Google Scholar
  30. 30.
    Zhang, Y., Juels, A., Oprea, A., Reiter, M.K.: HomeAlone: co-residency detection in the cloud via side-channel analysis. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011, Washington, DC, USA, pp. 313–328. IEEE Computer Society (2011)Google Scholar
  31. 31.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, New York, NY, USA, pp. 305–316. ACM (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Berk Gülmezoğlu
    • 1
    Email author
  • Mehmet Sinan İnci
    • 1
  • Gorka Irazoqui
    • 1
  • Thomas Eisenbarth
    • 1
  • Berk Sunar
    • 1
  1. 1.Worcester Polytechnic InstituteWorcesterUSA

Personalised recommendations