An Approach for Isolating the Sources of Information Leakage Exploited in Cache-Based Side-Channel Attacks

2013 IEEE Seventh International Conference on Software Security and Reliability Companion Pub Date : 2013-06-01 DOI:10.1109/SERE-C.2013.15

A. C. Atici, Cemal Yilmaz, E. Savaş

{"title":"An Approach for Isolating the Sources of Information Leakage Exploited in Cache-Based Side-Channel Attacks","authors":"A. C. Atici, Cemal Yilmaz, E. Savaş","doi":"10.1109/SERE-C.2013.15","DOIUrl":null,"url":null,"abstract":"We demonstrate that a certain class of side-channel attacks is feasible due to unintentional cache contentions between code segments in cryptographic applications. These inadvertent contentions should be considered as a flaw in the implementation of cryptographic applications, which necessitates a software analysis framework to identify their primary cause and check the effectiveness of proposed countermeasures. We present an approach to detect code segments in cryptographic applications that are in cache contentions with each other, thus leaking information that can be exploited in side-channel attacks to extract secret keys. To evaluate this approach, we conducted a series of experiments by using the well-known Bernstein's attack. Our results demonstrate, for the first time, that the primary source of exploitable information leakage in the Bernstein's AES server, rendering the attack a success, is the unintentional cache contentions between the parts of the OS kernel that handle network communications and the AES encryption code.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"172 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2013.15","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

Abstract

We demonstrate that a certain class of side-channel attacks is feasible due to unintentional cache contentions between code segments in cryptographic applications. These inadvertent contentions should be considered as a flaw in the implementation of cryptographic applications, which necessitates a software analysis framework to identify their primary cause and check the effectiveness of proposed countermeasures. We present an approach to detect code segments in cryptographic applications that are in cache contentions with each other, thus leaking information that can be exploited in side-channel attacks to extract secret keys. To evaluate this approach, we conducted a series of experiments by using the well-known Bernstein's attack. Our results demonstrate, for the first time, that the primary source of exploitable information leakage in the Bernstein's AES server, rendering the attack a success, is the unintentional cache contentions between the parts of the OS kernel that handle network communications and the AES encryption code.

查看原文本刊更多论文

基于缓存的侧通道攻击中信息泄漏源的隔离方法

我们证明了在加密应用程序中，由于代码段之间无意的缓存竞争，某类侧信道攻击是可行的。这些无意的争论应被视为加密应用程序实现中的缺陷，这需要一个软件分析框架来确定其主要原因并检查所提出的对策的有效性。我们提出了一种方法来检测加密应用程序中的代码段，这些代码段彼此处于缓存竞争中，从而泄漏可以在侧信道攻击中利用的信息来提取密钥。为了评估这种方法，我们利用著名的伯恩斯坦攻击进行了一系列实验。我们的研究结果首次表明，Bernstein的AES服务器中可利用信息泄露的主要来源是处理网络通信的操作系统内核部分与AES加密代码之间无意的缓存争用，这使得攻击成功。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

自引率

0.00%

发文量