Trinetra: a solution to handle cross-VM time-driven attack

The efficient utilization of hardware and software resources plays a vital role in a high-performance computing environment. Where on the one side, a shared pool of resources facilitates faster processing with limited resources, this mechanism also widens the scope of many kinds of security attacks on the other side. Side-channel attack (SCA) is one such attack where methods to monitor the activity of exploited shared resource is carried out to extract the private key. One such SCA, branch prediction analysis attack, launched with time-driven attack (TDA) method is considered in this paper. With the consideration of the virtualization environment, proposal of an algorithm Trinetra, to detect the presence of cross-VM TDA, is the primary focus of our paper. We have tested the performance of Trinetra with experimental analysis in addition to the attack simulation. Performance evaluation has found the Trinetra very effective with negligible performance overhead.

[1]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[2]  Neeraj Suri,et al.  Towards a framework for assessing the feasibility of side-channel attacks in virtualized environments , 2014, 2014 11th International Conference on Security and Cryptography (SECRYPT).

[3]  Cemal Yilmaz,et al.  SpyDetector: An approach for detecting side-channel attacks at runtime , 2018, International Journal of Information Security.

[4]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[5]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[6]  Giovanni Agosta,et al.  Countermeasures Against Branch Target Buffer Attacks , 2007 .

[7]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007 .

[8]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[9]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[10]  Debdeep Mukhopadhyay,et al.  Online Detection and Reactive Countermeasure for Leakage from BPU Using TVLA , 2018, 2018 31st International Conference on VLSI Design and 2018 17th International Conference on Embedded Systems (VLSID).

[11]  Jizeng Wei,et al.  The Micro-architectural Support Countermeasures against the Branch Prediction Analysis Attack , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[12]  Xiaojiang Du,et al.  A shared memory based cross-VM side channel attacks in IaaS cloud , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[13]  Debdeep Mukhopadhyay,et al.  Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers , 2017, Journal of Cryptographic Engineering.

[14]  Debdeep Mukhopadhyay,et al.  Who Watches the Watchmen?: Utilizing Performance Monitors for Compromising Keys of RSA on Intel Platforms , 2015, CHES.

[15]  Dirk Westhoff,et al.  Survey on covert channels in virtual machines and cloud computing , 2017, Trans. Emerg. Telecommun. Technol..

[16]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.