CACHE SNIPER : Accurate timing control of cache evictions

Microarchitectural side channel attacks have been very prominent in security research over the last few years. Caches have been an outstanding covert channel, as they provide high resolution and generic cross-core leakage even with simple user-mode code execution privileges. To prevent these generic cross-core attacks, all major cryptographic libraries now provide countermeasures to hinder key extraction via cross-core cache attacks, for instance avoiding secret dependent access patterns and prefetching data. In this paper, we show that implementations protected by 'good-enough' countermeasures aimed at preventing simple cache attacks are still vulnerable. We present a novel attack that uses a special timing technique to determine when an encryption has started and then evict the data precisely at the desired instant. This new attack does not require special privileges nor explicit synchronization between the attacker and the victim. One key improvement of our attack is a method to evict data from the cache with a single memory access and in absence of shared memory by leveraging the transient capabilities of TSX and relying on the recently reverse-engineered L3 replacement policy. We demonstrate the efficiency by performing an asynchronous last level cache attack to extract an RSA key from the latest wolfSSL library, which has been especially adapted to avoid leaky access patterns, and by extracting an AES key from the S-Box implementation included in OpenSSL bypassing the per round prefetch intended as a protection against cache attacks.

[1]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[2]  Billy Bob Brumley,et al.  When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA , 2020, IACR Cryptol. ePrint Arch..

[3]  Samira Briongos,et al.  CacheShield: Detecting Cache Attacks through Self-Observation , 2018, CODASPY.

[4]  Berk Sunar,et al.  CopyCat: Controlled Instruction-Level Attacks on Enclaves , 2020, USENIX Security Symposium.

[5]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[6]  Pepe Vila,et al.  Theory and Practice of Finding Eviction Sets , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[7]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[8]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[9]  Yuval Yarom,et al.  Pseudorandom Black Swans: Cache Attacks on CTR_DRBG , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[10]  Nicolas Le Scouarnec,et al.  Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters , 2015, RAID.

[11]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[12]  Craig Disselkoen,et al.  Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX , 2017, USENIX Security Symposium.

[13]  Jan Reineke,et al.  uops.info: Characterizing Latency, Throughput, and Port Usage of Instructions on Intel Microarchitectures , 2018, ASPLOS.

[14]  Berk Sunar,et al.  LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[15]  Gorka Irazoqui Apecechea,et al.  Wait a Minute! A fast, Cross-VM Attack on AES , 2014, RAID.

[16]  Gernot Heiser,et al.  CATalyst: Defeating last-level cache side channel attacks in cloud computing , 2016, 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[17]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[18]  Samira Briongos,et al.  Modeling side-channel cache attacks on AES , 2016, SummerSim.

[19]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[20]  Marco Chiappetta,et al.  Real time detection of cache-based side-channel attacks using hardware performance counters , 2016, Appl. Soft Comput..

[21]  Stefan Mangard,et al.  Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches , 2015, USENIX Security Symposium.

[22]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[23]  Gorka Irazoqui Apecechea,et al.  Cache Attacks Enable Bulk Key Recovery on the Cloud , 2016, CHES.

[24]  Gorka Irazoqui Apecechea,et al.  Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud , 2015, IACR Cryptol. ePrint Arch..

[25]  Wei-Ming Hu,et al.  Lattice scheduling and covert channels , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[26]  Daniel Gruss,et al.  Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory , 2017, USENIX Security Symposium.

[27]  Thomas Eisenbarth,et al.  SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks , 2019, USENIX Security Symposium.

[28]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[29]  Mahmut Kandemir,et al.  CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[30]  Naomi Benger,et al.  Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack , 2014, IACR Cryptol. ePrint Arch..

[31]  Gorka Irazoqui Apecechea,et al.  Know Thy Neighbor: Crypto Library Detection in Cloud , 2015, Proc. Priv. Enhancing Technol..

[32]  Samira Briongos,et al.  RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks , 2019, USENIX Security Symposium.

[33]  Gorka Irazoqui Apecechea,et al.  MASCAT: Preventing Microarchitectural Attacks Before Distribution , 2018, CODASPY.

[34]  Gorka Irazoqui Apecechea,et al.  Did we learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries , 2017, ArXiv.

[35]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[36]  Georg Sigl,et al.  DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries , 2018, USENIX Security Symposium.

[37]  Frank Piessens,et al.  SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control , 2017, SysTEX@SOSP.

[38]  Jan Reineke,et al.  Measurement-based modeling of the cache replacement policy , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[39]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[40]  Herbert Bos,et al.  RIDL: Rogue In-Flight Data Load , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[41]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[42]  Jan Reineke,et al.  Reverse engineering of cache replacement policies in Intel microprocessors and their evaluation , 2014, 2014 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS).

[43]  Daniel Gruss,et al.  ZombieLoad: Cross-Privilege-Boundary Data Sampling , 2019, CCS.

[44]  Thomas Eisenbarth,et al.  FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning , 2019, ArXiv.

[45]  Berk Sunar,et al.  CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction , 2020, ArXiv.

[46]  David Dice,et al.  The Influence of Malloc Placement on TSX Hardware Transactional Memory , 2015, ArXiv.

[47]  Frank Piessens,et al.  Fallout: Leaking Data on Meltdown-resistant CPUs , 2019, CCS.

[48]  Bruce Schneier,et al.  Side Channel Cryptanalysis of Product Ciphers , 1998, J. Comput. Secur..

[49]  Marco Guarnieri,et al.  CacheQuery: learning replacement policies from hardware caches , 2019, PLDI.

[50]  Ruby B. Lee,et al.  Random Fill Cache Architecture , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[51]  Samira Briongos,et al.  Cache Misses and the Recovery of the Full AES 256 Key , 2019, Applied Sciences.

[52]  Babak Falsafi,et al.  SMoTherSpectre: Exploiting Speculative Execution through Port Contention , 2019, CCS.

[53]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[54]  Bernard L. Menezes,et al.  “S-Box” Implementation of AES Is Not Side Channel Resistant , 2018, IACR Cryptol. ePrint Arch..

[55]  Haas Kb,et al.  Wait a minute! , 1992, Journal of the American Veterinary Medical Association.

[56]  Berk Sunar,et al.  Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis , 2020, USENIX Security Symposium.

[57]  Cristiano Giuffrida,et al.  ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures , 2020, NDSS.

[58]  Ruby B. Lee,et al.  CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds , 2016, RAID.

[59]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[60]  Thomas Eisenbarth,et al.  MicroWalk: A Framework for Finding Side Channels in Binaries , 2018, ACSAC.

[61]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[62]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[63]  Taesoo Kim,et al.  STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[64]  Yuval Yarom,et al.  Drive-by Key-Extraction Cache Attacks from Portable Code , 2018, IACR Cryptol. ePrint Arch..

[65]  Varghese George,et al.  Power management of the third generation intel core micro architecture formerly codenamed ivy bridge , 2012, 2012 IEEE Hot Chips 24 Symposium (HCS).

[66]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.

[67]  Ç. Koç Analysis of sliding window techniques for exponentiation , 1995 .