Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries

Daimeng Wang, Ajaya Neupane, Zhiyun Qian, N. Abu-Ghazaleh, S. Krishnamurthy, E. Colbert, Paul L. Yu
{"title":"Unveiling your keystrokes: A Cache-based Side-channel Attack on Graphics Libraries","authors":"Daimeng Wang, Ajaya Neupane, Zhiyun Qian, N. Abu-Ghazaleh, S. Krishnamurthy, E. Colbert, Paul L. Yu","doi":"10.14722/ndss.2019.23221","DOIUrl":null,"url":null,"abstract":"Operating systems use shared memory to improve performance. However, as shown in recent studies, attackers can exploit CPU cache side-channels associated with shared memory to extract sensitive information. The attacks that were previously attempted typically only detect the presence of a certain operation and require significant manual analysis to identify and evaluate their effectiveness. Moreover, very few of them target graphics libraries which are commonly used, but difficult to attack. In this paper, we consider the execution time of shared libraries as the side-channel, and showcase a completely automated technique to discover and select exploitable side-channels on shared graphics libraries. In essence, we first collect the cache lines accessed by a victim process during different key presses offline, and then use machine learning to infer the best cache lines (e.g., easily measurable, robust to noise, high information leakage) for a flush and reload attack. We are able to discover effective strategies to classify what keys have been pressed. Using this approach, we not only preclude the need for manual analyses of code and traces — the automated system discovered many previously unknown sidechannels of the type we are interested in, but also achieve high precision in terms of inferring the sensitive information entered on desktop and Android platforms. We show that our approach infers the passwords with lowercase letters and numbers 10,000 1,000,000 times faster than random guessing. For a large fraction of PINs consisting of 4 to 6 digits, we are able to infer them within 20 and 80 guesses respectively. Finally, we suggest ways to mitigate these attacks.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2019 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/ndss.2019.23221","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 33

Abstract

Operating systems use shared memory to improve performance. However, as shown in recent studies, attackers can exploit CPU cache side-channels associated with shared memory to extract sensitive information. The attacks that were previously attempted typically only detect the presence of a certain operation and require significant manual analysis to identify and evaluate their effectiveness. Moreover, very few of them target graphics libraries which are commonly used, but difficult to attack. In this paper, we consider the execution time of shared libraries as the side-channel, and showcase a completely automated technique to discover and select exploitable side-channels on shared graphics libraries. In essence, we first collect the cache lines accessed by a victim process during different key presses offline, and then use machine learning to infer the best cache lines (e.g., easily measurable, robust to noise, high information leakage) for a flush and reload attack. We are able to discover effective strategies to classify what keys have been pressed. Using this approach, we not only preclude the need for manual analyses of code and traces — the automated system discovered many previously unknown sidechannels of the type we are interested in, but also achieve high precision in terms of inferring the sensitive information entered on desktop and Android platforms. We show that our approach infers the passwords with lowercase letters and numbers 10,000 1,000,000 times faster than random guessing. For a large fraction of PINs consisting of 4 to 6 digits, we are able to infer them within 20 and 80 guesses respectively. Finally, we suggest ways to mitigate these attacks.
揭示你的击键:对图形库的基于缓存的侧通道攻击
操作系统使用共享内存来提高性能。然而,最近的研究表明,攻击者可以利用与共享内存相关的CPU缓存侧通道来提取敏感信息。以前尝试的攻击通常只检测到某个操作的存在,并且需要大量的人工分析来识别和评估其有效性。此外,很少有攻击对象是常用但难以攻击的图形库。在本文中,我们将共享图形库的执行时间作为侧通道,并展示了一种完全自动化的技术来发现和选择共享图形库上可利用的侧通道。本质上,我们首先收集受害者进程在不同的离线按键期间访问的缓存线,然后使用机器学习来推断用于刷新和重新加载攻击的最佳缓存线(例如,易于测量,对噪声具有鲁棒性,高信息泄漏)。我们能够发现有效的策略来对按下的键进行分类。使用这种方法,我们不仅排除了手工分析代码和跟踪的需要——自动化系统发现了许多我们感兴趣的类型的未知侧通道,而且在推断桌面和Android平台上输入的敏感信息方面也达到了很高的精度。我们证明,我们的方法推断密码小写字母和数字比随机猜测快10,000 1,000,000倍。对于大部分由4到6位数字组成的pin,我们能够分别在20次和80次猜测内推断出它们。最后,我们提出了减轻这些攻击的方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信