Cache-Timing Attack Detection and Prevention
With the publication of Spectre & Meltdown attacks, cache-timing exploitation techniques have received a wealth of attention recently. On the one hand, it is now well understood which patterns in the source code create observable unbalances in terms of timing. On the other hand, some practical attacks have also been reported. But the exact relation between vulnerabilities and exploitations is not enough studied as of today. In this article, we put forward a methodology to characterize the leakage induced by a “non-constant-time” construct in the source code. This methodology allows us to recover known attacks and to warn about possible new ones, possibly devastating.
KeywordsCache-timing attacks Leakage detection Leakage attribution Discovery of new attacks
This work has benefited from a funding via the French PIA (Projet d’Investissment d’Avenir) RISQ (Regroupement de l’Industrie pour la Sécurité post-Quantique). Besides, this work has been partly financed via TeamPlay (https://teamplay-h2020.eu/), a project from European Union’s Horizon20202 research and innovation programme, under grant agreement N\(^\circ \) 779882.
- 5.Dall, F., et al.: CacheQuote: efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 171–191 (2018)Google Scholar
- 6.Danger, J.-L., Debande, N., Guilley, S., Souissi, Y.: High-order timing attacks. In: Proceedings of the First Workshop on Cryptography and Security in Computing Systems, CS2 2014, pp. 7–12. ACM, New York (2014)Google Scholar
- 7.Dugardin, M., Guilley, S., Danger, J.-L., Najm, Z., Rioul, O.: Correlated extra-reductions defeat blinded regular exponentiation. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 3–22. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_1CrossRefGoogle Scholar
- 9.Facon, A., Guilley, S., Lec’hvien, M., Schaub, A., Souissi, Y.: Detecting cache-timing vulnerabilities in post-quantum cryptography algorithms. In: 3rd IEEE International Verification and Security Workshop, IVSW 2018, Costa Brava, Spain, 2–4 July 2018, pp. 7–12. IEEE (2018)Google Scholar
- 10.García, C.P., Brumley, B.B., Yarom, Y.: Make sure DSA signing exponentiations really are constant-time. In: Weippl, E.R., et al. , pp. 1639–1650Google Scholar
- 12.Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In: Weippl, E.R., et al. , pp. 368–379Google Scholar
- 14.iOS 7.0.6. CVE-ID CVE-2014-1266. Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS, February 2014. https://nvd.nist.gov/vuln/detail/CVE-2014-1266
- 18.Clémentine Maurice and Moritz Lipp. What could possibly go wrong with \(<\)insert x86 instruction here\(>\)?, December 2016. 33rd Chaos Communication Congress (33c3), Hamburg, Germany. https://lab.dsst.io/slides/33c3/slides/8044.pdf
- 19.Maurice, C., et al.: Hello from the other side: SSH over robust cache covert channels in the cloud. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February–1 March 2017. The Internet Society (2017)Google Scholar
- 20.Takarabt, S., et al.: Cache-timing attacks still threaten IoT devices. In: Codes, Cryptology and Information Security - Third International Conference, C2SI 2019, Rabat, Morocco, 22–14 April 2019, Proceedings. Springer (2019, to appear)Google Scholar
- 23.Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S., (eds.): Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016. ACM (2016)Google Scholar