Article

Cache template attacks: automating attacks on inclusive last-level caches

Authors:

Raphael Spreitzer,

Stefan MangardAuthors Info & Claims

SEC'15: Proceedings of the 24th USENIX Conference on Security Symposium

Pages 897 - 912

Published: 12 August 2015 Publication History

Abstract

Recent work on cache attacks has shown that CPU caches represent a powerful source of information leakage. However, existing attacks require manual identification of vulnerabilities, i.e., data accesses or instruction execution depending on secret information. In this paper, we present Cache Template Attacks. This generic attack technique allows us to profile and exploit cache-based information leakage of any program automatically, without prior knowledge of specific software versions or even specific system information. Cache Template Attacks can be executed online on a remote system without any prior offline computations or measurements.

Cache Template Attacks consist of two phases. In the profiling phase, we determine dependencies between the processing of secret information, e.g., specific key inputs or private keys of cryptographic primitives, and specific cache accesses. In the exploitation phase, we derive the secret values based on observed cache accesses. We illustrate the power of the presented approach in several attacks, but also in a useful application for developers. Among the presented attacks is the application of Cache Template Attacks to infer keystrokes and--even more severe--the identification of specific keys on Linux and Windows user interfaces. More specifically, for lowercase only passwords, we can reduce the entropy per character from log₂(26) = 4.7 to 1.4 bits on Linux systems. Furthermore, we perform an automated attack on the T-table-based AES implementation of OpenSSL that is as efficient as state-of-the-art manual cache attacks.

References

[1]

ACIIÇMEZ, O., BRUMLEY, B. B., AND GRABHER, P. New Results on Instruction Cache Attacks. In Cryptographic Hardware and Embedded Systems - CHES (2010), vol. 6225 of LNCS, Springer, pp. 110-124.

[2]

ACIIÇMEZ, O., AND KOÇ, Ç. K. Trace-Driven Cache Attacks on AES (Short Paper). In International Conference on Information and Communications Security - ICICS (2006), vol. 4307 of LNCS, Springer, pp. 112-121.

Digital Library

[3]

BENGER, N., VAN DE POL, J., SMART, N. P., AND YAROM, Y. "Ooh Aah... Just a Little Bit" : A Small Amount of Side Channel Can Go a LongWay. In Cryptographic Hardware and Embedded Systems - CHES (2014), vol. 8731 of LNCS, Springer, pp. 75-92.

[4]

BERNSTEIN, D. J. Cache-Timing Attacks on AES, 2004. URL: http://cr.yp.to/papers.html#cachetiming.

[5]

BOGDANOV, A., EISENBARTH, T., PAAR, C., AND WIENECKE, M. Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs. In Topics in Cryptology - CTRSA (2010), vol. 5985 of LNCS, Springer, pp. 235-251.

[6]

BONNEAU, J., AND MIRONOV, I. Cache-Collision Timing Attacks Against AES. In Cryptographic Hardware and Embedded Systems - CHES (2006), vol. 4249 of LNCS, Springer, pp. 201- 215.

[7]

BRUMLEY, B. B., AND HAKALA, R. M. Cache-Timing Template Attacks. In Advances in Cryptology - ASIACRYPT (2009), vol. 5912 of LNCS, Springer, pp. 667-684.

[8]

CHARI, S., RAO, J. R., AND ROHATGI, P. Template Attacks. In Cryptographic Hardware and Embedded Systems - CHES (2002), vol. 2523 of LNCS, Springer, pp. 13-28.

[9]

CHEN, C., WANG, T., KOU, Y., CHEN, X., AND LI, X. Improvement of Trace-Driven I-Cache Timing Attack on the RSA Algorithm. Journal of Systems and Software 86, 1 (2013), 100- 107.

Digital Library

[10]

DAEMEN, J., AND RIJMEN, V. The Design of Rijndael: AES - The Advanced Encryption Standard. Information Security and Cryptography. Springer, 2002.

Digital Library

[11]

DOYCHEV, G., FELD, D., KöPF, B., MAUBORGNE, L., AND REINEKE, J. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In USENIX Security Symposium (2013), USENIX Association, pp. 431-446.

Digital Library

[12]

FRANZ, M. E unibus pluram: Massive-Scale Software Diversity as a Defense Mechanism. In Workshop on New Security Paradigms - NSPW (2010), ACM, pp. 7-16.

Digital Library

[13]

GALLAIS, J., KIZHVATOV, I., AND TUNSTALL, M. Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations. IACR Cryptology ePrint Archive 2010/408.

[14]

GOOGLE GROUPS. Rowhammer without CLFLUSH, 2015. URL: https://groups.google.com/forum/#!topic/ rowhammer-discuss/ojgTgLr4q_M.

[15]

GUERON, S. White Paper: Intel Advanced Encryption Standard (AES) Instructions Set, 2010. URL: https://software. intel.com/file/24917.

[16]

GULLASCH, D., BANGERTER, E., AND KRENN, S. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. In IEEE Symposium on Security and Privacy - S&P (2011), IEEE Computer Society, pp. 490-505.

Digital Library

[17]

GÜLMEZOǦLU, B., INCI, M. S., EISENBARTH, T., AND SUNAR, B. A Faster and More Realistic Flush+Reload Attack on AES. In Constructive Side-Channel Analysis and Secure Design - COSADE (2015), LNCS, Springer. In press.

[18]

HUND, R., WILLEMS, C., AND HOLZ, T. Practical Timing Side Channel Attacks against Kernel Space ASLR. In IEEE Symposium on Security and Privacy - SP (2013), IEEE Computer Society, pp. 191-205.

Digital Library

[19]

INTEL CORPORATION. Intel® 64 and IA-32 Architectures Optimization Reference Manual. No. 248966-026. 2012.

[20]

IRAZOQUI, G., EISENBARTH, T., AND SUNAR, B. S$A: A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing - and its Application to AES. In IEEE Symposium on Security and Privacy - S&P (2015), IEEE Computer Society.

Digital Library

[21]

IRAZOQUI, G., INCI, M. S., EISENBARTH, T., AND SUNAR, B. Fine grain Cross-VM Attacks on Xen and VMware are possible! IACR Cryptology ePrint Archive 2014/248.

[22]

IRAZOQUI, G., INCI, M. S., EISENBARTH, T., AND SUNAR, B. Wait a Minute! A fast, Cross-VM Attack on AES. In Research in Attacks, Intrusions and Defenses Symposium - RAID (2014), vol. 8688 of LNCS, Springer, pp. 299-319.

[23]

IRAZOQUI, G., INCI, M. S., EISENBARTH, T., AND SUNAR, B. Know Thy Neighbor: Crypto Library Detection in Cloud. Privacy Enhancing Technologies 1, 1 (2015), 25-40.

[24]

IRAZOQUI, G., INCI, M. S., EISENBARTH, T., AND SUNAR, B. Lucky 13 Strikes Back. In ACM ASIA CCS (2015), pp. 85-96.

Digital Library

[25]

KÄSPER, E., AND SCHWABE, P. Faster and Timing-Attack Resistant AES-GCM. In Cryptographic Hardware and Embedded Systems - CHES (2009), vol. 5747 of LNCS, Springer, pp. 1-17.

[26]

KELSEY, J., SCHNEIER, B., WAGNER, D., AND HALL, C. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security 8, 2/3 (2000), 141-158.

Digital Library

[27]

KIM, Y., DALY, R., KIM, J., FALLIN, C., LEE, J., LEE, D., WILKERSON, C., LAI, K., AND MUTLU, O. Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors. In ACM/IEEE International Symposium on Computer Architecture - ISCA (2014), IEEE Computer Society, pp. 361-372.

Digital Library

[28]

KOCHER, P. C. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Advances in Cryptology - CRYPTO (1996), vol. 1109 of LNCS, Springer, pp. 104- 113.

[29]

KONG, J., ACIIÇMEZ, O., SEIFERT, J., AND ZHOU, H. Deconstructing New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In ACM Workshop on Computer Security Architecture - CSAW (2008), pp. 25-34.

Digital Library

[30]

KÖNIGHOFER, R. A Fast and Cache-Timing Resistant Implementation of the AES. In Topics in Cryptology - CT-RSA (2008), vol. 4964 of LNCS, Springer, pp. 187-202.

[31]

LIU, F., AND LEE, R. B. Random Fill Cache Architecture. In International Symposium on Microarchitecture - MICRO (2014), IEEE, pp. 203-215.

Digital Library

[32]

LIU, F., YAROM, Y., GE, Q., HEISER, G., AND LEE, R. B. Last-level cache side-channel attacks are practical. In IEEE Symposium on Security and Privacy - S&P (2015).

Digital Library

[33]

MAURICE, C., NEUMANN, C., HEEN, O., AND FRANCILLON, A. C5: Cross-Cores Cache Covert Channel. In DIMVA (2015). In press.

[34]

MOWERY, K., KEELVEEDHI, S., AND SHACHAM, H. Are AES x86 Cache Timing Attacks Still Feasible? In Workshop on Cloud Computing Security - CCSW (2012), ACM, pp. 19-24.

Digital Library

[35]

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Advanced Encryption Standard. NIST FIPS PUB 197, 2001.

[36]

NEVE, M. Cache-based Vulnerabilities and SPAM Analysis. PhD thesis, UCL, 2006.

[37]

OPENSSL SOFTWARE FOUNDATION. OpenSSL Project, 2014. URL: http://www.openssl.org/.

[38]

OREN, Y., KEMERLIS, V. P., SETHUMADHAVAN, S., AND KEROMYTIS, A. D. The Spy in the Sandbox - Practical Cache Attacks in Javascript. CoRR abs/1502.07373 (2015).

[39]

OSVIK, D. A., SHAMIR, A., AND TROMER, E. Cache Attacks and Countermeasures: The Case of AES. In Topics in Cryptology - CT-RSA (2006), vol. 3860 of LNCS, Springer, pp. 1-20.

[40]

OWENS, R., AND WANG, W. Non-Interactive OS Fingerprinting Through Memory De-Duplication Technique in Virtual Machines. In International Performance Computing and Communications Conference - IPCCC (2011), IEEE, pp. 1-8.

Digital Library

[41]

PAGE, D. Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. IACR Cryptology ePrint Archive 2002/169.

[42]

PERCIVAL, C. Cache Missing for Fun and Profit, 2005. URL: http://www.daemonology.net/ hyperthreading-considered-harmful/.

[43]

REBEIRO, C., SELVAKUMAR, A. D., AND DEVI, A. S. L. Bitslice Implementation of AES. In Cryptology and Network Security - CANS (2006), vol. 4301 of LNCS, Springer, pp. 203-212.

[44]

RISTENPART, T., TROMER, E., SHACHAM, H., AND SAVAGE, S. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In ACM Conference on Computer and Communications Security - CCS (2009), ACM, pp. 199-212.

Digital Library

[45]

SEABORN, M., AND DULLIEN, T. Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges, 2015. URL: http://googleprojectzero.blogspot.co.at/2015/03/ exploiting-dram-rowhammer-bug-to-gain.html.

[46]

SPREITZER, R., AND PLOS, T. Cache-Access Pattern Attack on Disaligned AES T-Tables. In Constructive Side-Channel Analysis and Secure Design - COSADE (2013), vol. 7864 of LNCS, Springer, pp. 200-214.

[47]

SUZAKI, K., IIJIMA, K., YAGI, T., AND ARTHO, C. Memory Deduplication as a Threat to the Guest OS. In European Workshop on System Security - EUROSEC (2011), ACM, pp. 1-6.

Digital Library

[48]

TANNOUS, A., TROSTLE, J. T., HASSAN, M., MCLAUGHLIN, S. E., AND JAEGER, T. New Side Channels Targeted at Passwords. In Annual Computer Security Applications Conference - ACSAC (2008), pp. 45-54.

Digital Library

[49]

TROMER, E., OSVIK, D. A., AND SHAMIR, A. Efficient Cache Attacks on AES, and Countermeasures. Journal Cryptology 23, 1 (2010), 37-71.

Digital Library

[50]

TSUNOO, Y., SAITO, T., SUZAKI, T., SHIGERI, M., AND MIYAUCHI, H. Cryptanalysis of DES Implemented on Computers with Cache. In Cryptographic Hardware and Embedded Systems - CHES (2003), vol. 2779 of LNCS, Springer, pp. 62-76.

[51]

WANG, Z., AND LEE, R. B. New Cache Designs for Thwarting Software Cache-based Side Channel Attacks. In International Symposium on Computer Architecture - ISCA (2007), pp. 494- 505.

Digital Library

[52]

WANG, Z., AND LEE, R. B. A Novel Cache Architecture with Enhanced Performance and Security. In IEEE/ACM International Symposium on Microarchitecture - MICRO (2008), pp. 83-93.

Digital Library

[53]

WEISS, M., HEINZ, B., AND STUMPF, F. A Cache Timing Attack on AES in Virtualization Environments. In Financial Cryptography and Data Security - FC (2012), vol. 7397 of LNCS, Springer, pp. 314-328.

[54]

YAROM, Y., AND BENGER, N. Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack. IACR Cryptology ePrint Archive 2014/140.

[55]

YAROM, Y., AND FALKNER, K. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security Symposium (2014), USENIX Association, pp. 719-732.

Digital Library

[56]

ZHANG, K., AND WANG, X. Peeping Tom in the Neighborhood: Keystroke Eavesdropping on Multi-User Systems. In USENIX Security Symposium (2009), USENIX Association, pp. 17-32.

Digital Library

[57]

ZHANG, Y., JUELS, A., OPREA, A., AND REITER, M. K. HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis. In IEEE Symposium on Security and Privacy - S&P (2011), IEEE Computer Society, pp. 313-328.

Digital Library

[58]

ZHANG, Y., JUELS, A., REITER, M. K., AND RISTENPART, T. Cross-Tenant Side-Channel Attacks in PaaS Clouds. In ACM Conference on Computer and Communications Security - CCS (2014), ACM, pp. 990-1003.

Digital Library

[59]

ZHANG, Y., AND REITER, M. K. Düppel: Retrofitting Commodity Operating Systems to Mitigate Cache Side Channels in the Cloud. In ACM Conference on Computer and Communications Security - CCS (2013), ACM, pp. 827-838.

Digital Library

Cited By

Peters MGaudin NThoma JLapôtre VCotret PGogniat GGüneysu TQuek TGao DZhou JCardenas A(2024)On The Effect of Replacement Policies on The Security of Randomized Cache ArchitecturesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637677(483-497)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637677
Ferguson EWilson ANaghibijouybari HQuek TGao DZhou JCardenas A(2024)WebGPU-SPY: Finding Fingerprints in the Sandbox through GPU Cache AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637648(158-171)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637648
Zhang ZTao MO'Connell SChuengsatiansup CGenkin DYarom YCalandrino JTroncoso C(2023)BunnyHopProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620647(7321-7337)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620647
Show More Cited By

Index Terms

Cache template attacks: automating attacks on inclusive last-level caches
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Architecting against Software Cache-Based Side-Channel Attacks

Using cache-like architectural components including data caches, instruction caches, or branch target buffers as a side channel, software cache-based side-channel attacks are able to derive secret keys used in cryptographic operations through legitimate ...
Cache-Timing Template Attacks
ASIACRYPT '09: Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology

Cache-timing attacks are a serious threat to security-critical software. We show that the combination of vector quantization and hidden Markov model cryptanalysis is a powerful tool for automated analysis of cache-timing data; it can be used to recover ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

SEC'15: Proceedings of the 24th USENIX Conference on Security Symposium

August 2015

1072 pages

ISBN:9781931971232

Editor:
Jaeyeon Jung
Microsoft Research

Sponsors

USENIX Assoc: USENIX Assoc

Publisher

USENIX Association

United States

Publication History

Published: 12 August 2015

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

68
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Peters MGaudin NThoma JLapôtre VCotret PGogniat GGüneysu TQuek TGao DZhou JCardenas A(2024)On The Effect of Replacement Policies on The Security of Randomized Cache ArchitecturesProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637677(483-497)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637677
Ferguson EWilson ANaghibijouybari HQuek TGao DZhou JCardenas A(2024)WebGPU-SPY: Finding Fingerprints in the Sandbox through GPU Cache AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637648(158-171)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637648
Zhang ZTao MO'Connell SChuengsatiansup CGenkin DYarom YCalandrino JTroncoso C(2023)BunnyHopProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620647(7321-7337)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620647
Wang ZTaram MMoghimi DSwanson STullsen DZhao JCalandrino JTroncoso C(2023)NVLeakProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620616(6771-6788)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620616
Yu JDutta AJaeger TKohlbrenner DFletcher CCalandrino JTroncoso C(2023)Synchronization storage channels (S2C)Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620348(1973-1990)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620348
Katzman DKosasih WChuengsatiansup CRonen EYarom YCalandrino JTroncoso C(2023)The gates of timeProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620347(1955-1972)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620347
Purnal ABognar MPiessens FVerbauwhede I(2023)ShowTime: Amplifying Arbitrary CPU Timing Side ChannelsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3590332(205-217)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3590332
Ibrahim ANemati HSchlüter TTippenhauer NRossow CYin HStavrou ACremers CShi E(2022)Microarchitectural Leakage Templates and Their Application to Cache-Based Side ChannelsProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560613(1489-1503)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560613
Rabimba KXu LChen LZhang FGao ZShi W(2021)Lessons Learned from Blockchain Applications of Trusted Execution Environments and Implications for Future ResearchProceedings of the 10th International Workshop on Hardware and Architectural Support for Security and Privacy10.1145/3505253.3505259(1-8)Online publication date: 18-Oct-2021
https://dl.acm.org/doi/10.1145/3505253.3505259
Sabzi ASchiff LThimmaraju KBlenk ASchmid S(2021)MacchiatoProceedings of the Symposium on Architectures for Networking and Communications Systems10.1145/3493425.3502758(8-14)Online publication date: 13-Dec-2021
https://dl.acm.org/doi/10.1145/3493425.3502758
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents