New Results on Instruction Cache Attacks

We improve instruction cache data analysis techniques with a framework based on vector quantization and hidden Markov models. As a result, we are capable of carrying out efficient automated attacks using live I-cache timing data. Using this analysis technique, we run an I-cache attack on OpenSSL's DSA implementation and recover keys using lattice methods. Previous I-cache attacks were proof-of-concept: we present results of an actual attack in a real-world setting, proving these attacks to be realistic. We also present general software countermeasures, along with their performance impact, that are not algorithm specific and can be employed at the kernel and/or compiler level.

[1]  Jean-Pierre Seifert,et al.  On the power of simple branch prediction analysis , 2007, ASIACCS '07.

[2]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[3]  Onur Aciiçmez,et al.  A Vulnerability in RSA Implementations Due to Instruction Cache Analysis and Its Demonstration on OpenSSL , 2008, CT-RSA.

[4]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .

[5]  Dan Tsafrir,et al.  Secretly Monopolizing the CPU Without Superuser Privileges , 2007, USENIX Security Symposium.

[6]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[7]  Tal Malkin Topics in Cryptology - CT-RSA 2008, The Cryptographers' Track at the RSA Conference 2008, San Francisco, CA, USA, April 8-11, 2008. Proceedings , 2008, CT-RSA.

[8]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[9]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[10]  Dan Page,et al.  Partitioned Cache Architecture as a Side-Channel Defence Mechanism , 2005, IACR Cryptology ePrint Archive.

[11]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[12]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[13]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[14]  Risto M. Hakala,et al.  Cache-Timing Template Attacks , 2009, ASIACRYPT.

[15]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[16]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[17]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[18]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[19]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .