A Survey on Cache Timing Channel Attacks for Multicore Processors

Cache timing channel attacks has attained a lot of attention in the last decade. These attacks exploits the timing channel created by the significant time gap between cache and main memory accesses. It has been successfully implemented to leak the secret key of various cryptography algorithms. The latest advancements in cache attacks also exploit other micro-architectural components such as hardware prefetchers, branch predictor, and replacement engine, in addition to the cache memory. Detection of these attacks is a difficult task as the attacker process running in the processor must be detected before significant portion of the attack is complete. The major challenge for mitigation and defense mechanisms against these attacks is maintaining the system performance while disabling or avoiding these attacks. The overhead caused by detection, mitigation and defense mechanism must not be significant to system’s performance. This paper discusses the research carried out in three aspects of cache security: cache timing channel attacks, detection techniques of these attacks, and defense mechanisms in details.

[1]  Daisuke Miyamoto,et al.  Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment , 2018, Secur. Commun. Networks.

[2]  Onur Aciiçmez,et al.  A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL , 2008, CT-RSA.

[3]  Prabhat Mishra,et al.  A Survey of Side-Channel Attacks on Caches and Countermeasures , 2017, Journal of Hardware and Systems Security.

[4]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[5]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[6]  Mathias Payer,et al.  HexPADS: A Platform to Detect "Stealth" Attacks , 2016, ESSoS.

[7]  Nael B. Abu-Ghazaleh,et al.  Understanding and Mitigating Covert Channels Through Branch Predictors , 2016, ACM Trans. Archit. Code Optim..

[8]  Aurélien Francillon,et al.  C5: Cross-Cores Cache Covert Channel , 2015, DIMVA.

[9]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[10]  Christopher W. Fletcher,et al.  Safecracker: Leaking Secrets through Compressed Caches , 2020, ASPLOS.

[11]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[12]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[13]  Ruby B. Lee,et al.  CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds , 2016, RAID.

[14]  Guy Gogniat,et al.  NIGHTs-WATCH: a cache-based side-channel intrusion detector using hardware performance counters , 2018, HASP@ISCA.

[15]  Cemal Yilmaz,et al.  SpyDetector: An approach for detecting side-channel attacks at runtime , 2018, International Journal of Information Security.

[16]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[17]  D. Janaki Ram,et al.  Keep the PokerFace on! Thwarting cache side channel attacks by memory bus monitoring and cache obfuscation , 2017, Journal of Cloud Computing.

[18]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[19]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES (Short Paper) , 2006, ICICS.

[20]  Milos Doroslovacki,et al.  PrODACT: Prefetch-Obfuscator to Defend Against Cache Timing Channels , 2018, International Journal of Parallel Programming.

[21]  Haibo Chen,et al.  Leveraging Hardware Transactional Memory for Cache Side-Channel Defenses , 2018, AsiaCCS.

[22]  Gorka Irazoqui Apecechea,et al.  Wait a Minute! A fast, Cross-VM Attack on AES , 2014, RAID.

[23]  Bernard Menezes,et al.  An error-tolerant approach for efficient AES key retrieval in the presence of cacheprefetching – experiments, results, analysis , 2019, Sādhanā.

[24]  Jaehyuk Huh,et al.  A NUCA substrate for flexible CMP cache sharing , 2005, ICS.

[25]  Janak H. Patel,et al.  Stride directed prefetching in scalar processors , 1992, MICRO 1992.

[26]  Hiroshi Miyauchi,et al.  Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[27]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[28]  Shuanghe Peng,et al.  Detection of Cache-based Side Channel Attack Based on Performance Counters , 2018 .

[29]  Nirbhay Chaubey,et al.  Cache attack detection in virtualized environments , 2019 .

[30]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[31]  Nael B. Abu-Ghazaleh,et al.  Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks , 2012, TACO.

[32]  Gorka Irazoqui Apecechea,et al.  Cross Processor Cache Attacks , 2016, IACR Cryptol. ePrint Arch..

[33]  Mehmet Kayaalp,et al.  RIC: Relaxed Inclusion Caches for mitigating LLC side-channel attacks , 2017, 2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC).

[34]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[35]  Angelos D. Keromytis,et al.  The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications , 2015, CCS.

[36]  Thomas Eisenbarth,et al.  MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations , 2017, International Journal of Parallel Programming.

[37]  Onur Mutlu,et al.  Base-delta-immediate compression: Practical data compression for on-chip caches , 2012, 2012 21st International Conference on Parallel Architectures and Compilation Techniques (PACT).

[38]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[39]  Stefan Mangard,et al.  KASLR is Dead: Long Live KASLR , 2017, ESSoS.

[40]  Naomi Benger,et al.  "Ooh Aah... Just a Little Bit" : A Small Amount of Side Channel Can Go a Long Way , 2014, CHES.

[41]  Jiliang Zhang,et al.  Micro-architectural Cache Side-Channel Attacks and Countermeasures , 2021, 2021 26th Asia and South Pacific Design Automation Conference (ASP-DAC).

[42]  Johannes Götzfried,et al.  Cache Attacks on Intel SGX , 2017, EUROSEC.

[43]  Salvatore J. Stolfo,et al.  On the feasibility of online malware detection with performance counters , 2013, ISCA.

[44]  Yang Cao,et al.  Lactobacillus rhamnosus GG ameliorates noise-induced cognitive deficits and systemic inflammation in rats by modulating the gut-brain axis , 2023, Frontiers in Cellular and Infection Microbiology.

[45]  Samira Briongos,et al.  CacheShield: Detecting Cache Attacks through Self-Observation , 2018, CODASPY.

[46]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[47]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[48]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[49]  Shirshendu Das,et al.  A Framework for Block Placement, Migration, and Fast Searching in Tiled-DNUCA Architecture , 2016, TODE.

[50]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[51]  Carl A. Waldspurger,et al.  Memory resource management in VMware ESX server , 2002, OSDI '02.

[52]  André Seznec,et al.  A case for two-way skewed-associative caches , 1993, ISCA '93.

[53]  Marco Chiappetta,et al.  Real time detection of cache-based side-channel attacks using hardware performance counters , 2016, Appl. Soft Comput..

[54]  Gorka Irazoqui Apecechea,et al.  A Faster and More Realistic Flush+Reload Attack on AES , 2015, COSADE.

[55]  Gorka Irazoqui Apecechea,et al.  Cache Attacks Enable Bulk Key Recovery on the Cloud , 2016, CHES.

[56]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[57]  Josep Torrellas,et al.  Speculative Taint Tracking (STT): A Comprehensive Protection for Speculatively Accessed Data , 2019, IEEE Micro.

[58]  Ruby B. Lee,et al.  Disruptive prefetching: impact on side-channel attacks and cache designs , 2015, SYSTOR.

[59]  AilamakiAnastasia,et al.  Clearing the clouds , 2012 .

[60]  Jean-Pierre Seifert,et al.  Deconstructing new cache designs for thwarting software cache-based side channel attacks , 2008, CSAW '08.

[61]  Billy Bob Brumley,et al.  Amplifying side channels through performance degradation , 2016, ACSAC.

[62]  Fan Yao,et al.  Covert Timing Channels Exploiting Cache Coherence Hardware: Characterization and Defense , 2018, International Journal of Parallel Programming.

[63]  David A. Wood,et al.  Adaptive cache compression for high-performance processors , 2004, Proceedings. 31st Annual International Symposium on Computer Architecture, 2004..

[64]  Yuval Yarom,et al.  Just a Little Bit More , 2015, CT-RSA.

[65]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[66]  Onur Aciiçmez,et al.  New Results on Instruction Cache Attacks , 2010, CHES.

[67]  Chuliang Weng,et al.  CBA-Detector: An Accurate Detector Against Cache-Based Attacks Using HPCs and Pintools , 2019, APPT.

[68]  Michel A. Kinsy,et al.  Adaptive caches as a defense mechanism against cache side-channel attacks , 2019, Journal of Cryptographic Engineering.

[69]  Ji-Hoon Jeong,et al.  Unveiling Hardware-based Data Prefetcher, a Hidden Source of Information Leakage , 2018, CCS.