Abstract
Cache timing attacks use shared caches in multi-core processors as side channels to extract information from victim processes. These attacks are particularly dangerous in cloud infrastructures, in which the deployed countermeasures cause collateral effects in terms of performance loss and increase in energy consumption. We propose to monitor the victim process using an independent monitoring (detector) process, that continuously measures selected Performance Monitoring Counters (PMC) to detect the presence of an attack. Ad-hoc countermeasures can be applied only when such a risky situation arises. In our case, the victim process is the Advanced Encryption Standard (AES) encryption algorithm and the attack is performed by means of random encryption requests. We demonstrate that PMCs are a feasible tool to detect the attack and that sampling PMCs at high frequencies is worse than sampling at lower frequencies in terms of detection capabilities, particularly when the attack is fragmented in time to try to be hidden from detection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A cache line – 64 bytes in our target architecture – can store 16 elements of a table, provided each element is stored as a 4-byte unsigned integer.
References
Specification for the advanced encryption standard (AES). Federal Information Processing Standards Publication 197 (2001). http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Biswas, A.K., Ghosal, D., Nagaraja, S.: A survey of timing channels and countermeasures. ACM Comput. Surv. 50(1), 1–39 (2017). https://doi.org/10.1145/3023872
Briongos, S., Irazoqui, G., Malagón, P., Eisenbarth, T.: CacheShield: detecting cache attacks through self-observation. In: CODASPY, pp. 224–235 (2018). https://doi.org/10.1145/3176258.3176320
Briongos, S., Malagón, P., de Goyeneche, J.M., Moya, J.: Cache misses and the recovery of the full AES 256 key. Appl. Sci. 9(5), 944 (2019). https://doi.org/10.3390/app9050944
Canella, C., et al.: A systematic evaluation of transient execution attacks and defenses (2018). http://arxiv.org/abs/1811.05441
Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using hardware performance counters. Appl. Soft Comput. J. 49, 1162–1174 (2016). https://doi.org/10.1016/j.asoc.2016.09.014
Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, Heidelberg (2002). https://doi.org/10.1007/978-3-662-04722-4
Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptogr. Eng. 8(1), 1–27 (2018). https://doi.org/10.1007/s13389-016-0141-6
Horn, J.: Project zero - reading privileged memory with a side-channel (2018). https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_15
Kumar, A., et al.: Future Intel Xeon Scalable Processors. Hotchips (2018)
Lyu, Y., Mishra, P.: A survey of side-channel attacks on caches and countermeasures. J. Hardw. Syst. Secur. 2(1), 33–50 (2017). https://doi.org/10.1007/s41635-017-0025-y
Nguyen, K.T.: Introduction to Cache Allocation Technology in the Intel® Xeon® Processor E5 v4 Family (2016). https://software.intel.com/en-us/articles/introduction-to-cache-allocation-technology
Terpstra, D., Jagode, H., You, H., Dongarra, J.: Collecting performance data with PAPI-C. In: Müller, M., Resch, M., Schulz, A., Nagel, W. (eds.) Tools for High Performance Computing 2009, pp. 157–173. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11261-4_11
Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 719–732 (2014)
Zhang, T., Zhang, Y., Lee, R.B.: CloudRadar: a real-time side-channel attack detection system in clouds. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 118–140. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45719-2_6
Acknowledgements
This work is supported by the EU FEDER and the Spanish MINECO under grant number TIN2015-65277-R and by Spanish CM under grant S2018/TCS-4423. We would like to thank Samira Briongos and Pedro Malagón for their helpful comments on some details of the attack implementation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Prada, I., Igual, F.D., Olcoz, K. (2019). Detecting Time-Fragmented Cache Attacks Against AES Using Performance Monitoring Counters. In: Naiouf, M., Chichizola, F., Rucci, E. (eds) Cloud Computing and Big Data. JCC&BD 2019. Communications in Computer and Information Science, vol 1050. Springer, Cham. https://doi.org/10.1007/978-3-030-27713-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-27713-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27712-3
Online ISBN: 978-3-030-27713-0
eBook Packages: Computer ScienceComputer Science (R0)