Skip to main content
Book cover

International Conference on Trusted Systems

INTRUST 2014: Trusted Systems pp 151–167Cite as

On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9473)

Abstract

Virtualization has become one of the most important security enhancing techniques for embedded systems during the last years, both for mobile devices and cyber-physical system (CPS). One of the major security threats in this context is posed by side channel attacks. In this work, Bernstein’s time-driven cache-based attack against AES is revisited in a virtualization scenario based on an actual CPS using the PikeOS microkernel virtualization framework. The attack is conducted in the context of the implemented virtualization scenario using different scheduler configurations. We provide experimental results which show that using dedicated cores for crypto routines will have a high impact on the vulnerability of such systems. We also compare the results to previous work in that field and our visualization directly shows the differences between cache architectures of the ARM Cortex-A8 and Cortex-A9. Further, a non-invasive countermeasure against timing attacks based on the scheduler of PikeOS is devised, which in fact increases the system’s security against cache timing attacks.

Keywords

  • Cyber-physical system (CPS)
  • Virtualization
  • Trusted execution environment
  • Microkernel
  • AES
  • Cache timing
  • Embedded systems

Parts of this contribution were supported by the German Federal Ministry of Education and Research in the project SIBASE through grant number 01IS13020.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-27998-5_10
  • Chapter length: 17 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-27998-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Learn about institutional subscriptions
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.

References

  1. Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  2. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  3. Aeronautical Radio, Inc.: Avionics application software standard interface, ARNIC Specification p. 653 (1997)

    Google Scholar 

  4. Aly, H., ElGayyar, M.: Attacking AES using bernstein’s attack on modern processors. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 127–139. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  5. Bernstein, D.J.: Cache-timing attacks on AES. Technical report (2005)

    Google Scholar 

  6. Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  7. Gallais, J.-F., Kizhvatov, I., Tunstall, M.: Improved trace-driven cache-collision attacks against embedded AES implementations. In: Chung, Y., Yung, M. (eds.) WISA 2010. LNCS, vol. 6513, pp. 243–257. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  8. Gueron, S.: Intel\({\textregistered }\) advanced encryption standard (aes) instructions set. Technical report (2008)

    Google Scholar 

  9. Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: IEEE Symposium on Security and Privacy - S&P 2011. IEEE Computer Society (2011)

    Google Scholar 

  10. Kaiser, R., Wagner, S.: Evolution of the pikeos microkernel. In: First International Workshop on Microkernels for Embedded Systems, p. 50 (2007)

    Google Scholar 

  11. Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  12. Kim, T., Peinado, M., Mainar-Ruiz, G.: Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: Presented as Part of the 21st USENIX Security Symposium (USENIX Security 2012), pp. 189–204, Bellevue, WA, USENIX (2012)

    Google Scholar 

  13. Könighofer, R.: A fast and cache-timing resistant implementation of the AES. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 187–202. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  14. Matsui, M., Nakajima, J.: On the power of bitslice implementation on intel core2 processor. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 121–134. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  15. Neve, M., Seifert, J.-P., Wang, Z.: A refined look at bernstein’s aes side-channel analysis. In: ASIACCS, p. 369 (2006)

    Google Scholar 

  16. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  17. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, New York, NY, USA, pp. 199–212. ACM (2009)

    Google Scholar 

  18. Spreitzer, R., Gérard, B.: Towards more practical time-driven cache attacks. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 24–39. Springer, Heidelberg (2014)

    Google Scholar 

  19. Spreitzer, R., Plos, T.: On the applicability of time-driven cache attacks on mobile devices. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 656–662. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  20. Stefan, D., Buiras, P., Yang, E.Z., Levy, A., Terei, D., Russo, A., Mazières, D.: Eliminating cache-based timing attacks with instruction-based scheduling. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 718–735. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  21. Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-vm side-channels. In: 23rd USENIX Security Symposium (USENIX Security 2014), San Diego, CA, pp. 687–702. USENIX Association, August 2014

    Google Scholar 

  22. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  23. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  24. Weiß, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Institut AISEC, Garching, Germany

    Michael Weiß & Benjamin Weggenmann

  2. Technische Universität München, Munich, Germany

    Moritz August & Georg Sigl

Authors
  1. Michael Weiß
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benjamin Weggenmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Moritz August
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Georg Sigl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Weiß .

Editor information

Editors and Affiliations

  1. Google, New York, New York, USA

    Moti Yung

  2. Beijing Institute of Technology, Beijing, China

    Liehuang Zhu

  3. Institute for Infocomm Research, Singapore

    Yanjiang Yang

Rights and permissions

Reprints and Permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Weiß, M., Weggenmann, B., August, M., Sigl, G. (2015). On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems. In: Yung, M., Zhu, L., Yang, Y. (eds) Trusted Systems. INTRUST 2014. Lecture Notes in Computer Science(), vol 9473. Springer, Cham. https://doi.org/10.1007/978-3-319-27998-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27998-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27997-8

  • Online ISBN: 978-3-319-27998-5

  • eBook Packages: Computer ScienceComputer Science (R0)