The Micro-architectural Support Countermeasures against the Branch Prediction Analysis Attack

Recently, a kind of micro-architectural side-channel analysis attacks, Branch Prediction Analysis (BPA), has been demonstrated to be practically feasible on the popular commodity PC platform. This attack extracts the secret information based on monitoring the branch target buffers (BTB). Some cryptography algorithms, such as RSA, ECC are naturally vulnerable to BPA because of the key-centric sequence of conditional branches. BPA attack can successfully steal almost all of the security key bits during one single encryption process in virtue of an elaborately designed and "legitimate" spy-process. Although there are some countermeasures existing in the state-of-art literatures, all of them are software-based methods, which lead to a series of design challenges. This paper proposes an architectural support scheme against the BPA attack comprehensively. A well-customized surveillance table with limited size is appended to record each process in order to dynamically recognize which one is malicious in time. And then a lock-based BTB scheme is utilized to protect the BTB visiting from BPA attack efficiently to ensure the sensitive information not be leaked due to the conditional branches loophole. Experimental results show that the proposed anti-BPA attack scheme not only leverages approximate 8KB area cost to provide strong security protection but also incurs slight performance improvement about 0.12% on average about the benchmarks. Meanwhile, it is transparent on the application level to alleviate the difficulties of the programmers.

[1]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007 .

[2]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[3]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[4]  Aleksandar Milenkovic,et al.  Microbenchmarks for determining branch predictor organization , 2004, Softw. Pract. Exp..

[5]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[6]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.

[7]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[8]  Jean-Pierre Seifert,et al.  Micro-Architectural Cryptanalysis , 2007, IEEE Security & Privacy.

[9]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[10]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[11]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[12]  Jean-Pierre Seifert,et al.  New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures , 2007, IMACC.

[13]  Giovanni Agosta,et al.  Countermeasures Against Branch Target Buffer Attacks , 2007 .

[14]  Onur Aciiçmez,et al.  Architecting against Software Cache-Based Side-Channel Attacks , 2013, IEEE Transactions on Computers.