Advertisement

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations in SGX

  • Ahmad Moghimi
  • Thomas Eisenbarth
  • Berk Sunar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10808)

Abstract

Cache attacks exploit memory access patterns of cryptographic implementations. Constant-Time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of cryptographic operations to follow a uniform key independent pattern. However, the constant-time behavior is dependent on the underlying architecture, which can be highly complex and often incorporates unpublished features. CacheBleed attack targets cache bank conflicts and thereby invalidates the assumption that microarchitectural side-channel adversaries can only observe memory with cache line granularity. In this work, we propose MemJam, a side-channel attack that exploits false dependency of memory read-after-write and provides a high quality intra cache level timing channel. As a proof of concept, we demonstrate the first key recovery attacks on a constant-time implementation of AES, and a SM4 implementation with cache protection in the current Intel Integrated Performance Primitives (Intel IPP) cryptographic library. Further, we demonstrate the first intra cache level timing attack on SGX by reproducing the AES key recovery results on an enclave that performs encryption using the aforementioned constant-time implementation of AES. Our results show that we can not only use this side channel to efficiently attack memory dependent cryptographic operations but also to bypass proposed protections. Compared to CacheBleed, which is limited to older processor generations, MemJam is the first intra cache level attack applicable to all major Intel processors including the latest generations that support the SGX extension.

Notes

Acknowledgements

This work is supported by the National Science Foundation, under grant CNS-1618837.

Responsible Disclosure. We have informed the Intel Product Security Incident Response Team of our findings on August 2nd, 2017. They have acknowledged the receipt on August 4th, 2017 and confirmed a work-in-progress patch for IPP library on September 17th, 2017 (CVE-2017-5737).

References

  1. 1.
    Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 110–124. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-15031-9_8 CrossRefGoogle Scholar
  2. 2.
    Acıiçmez, O., Gueron, S., Seifert, J.-P.: New branch prediction vulnerabilities in openSSL and necessary software countermeasures. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 185–203. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-77272-9_12 CrossRefGoogle Scholar
  3. 3.
    Acıiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting secret keys via branch prediction. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 225–242. Springer, Heidelberg (2006).  https://doi.org/10.1007/11967668_15 CrossRefGoogle Scholar
  4. 4.
    Aciicmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2007. IEEE (2007)Google Scholar
  5. 5.
    Agner: The microarchitecture of Intel, AMD and VIA CPUs: an optimization guide for assembly programmers and compiler makers. http://www.agner.org/optimize/microarchitecture.pdf
  6. 6.
    Allan, T., Brumley, B.B., Falkner, K., van de Pol, J., Yarom, Y.: Amplifying side channels through performance degradation. In: Annual Computer Security Applications Conference (ACSAC) (2016)Google Scholar
  7. 7.
    Andrysco, M., Kohlbrenner, D., Mowery, K., Jhala, R., Lerner, S., Shacham, H.: On subnormal floating point and abnormal timing. In: 2015 IEEE Symposium on Security and Privacy (SP). IEEE (2015)Google Scholar
  8. 8.
    Aweke, Z.B., Austin, T.: Ozone: Efficient Execution with Zero Timing Leakage for Modern Microarchitectures. arXiv preprint arXiv:1703.07706 (2017)
  9. 9.
    Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah... Just a Little Bit”: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44709-3_5 Google Scholar
  10. 10.
    Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006).  https://doi.org/10.1007/11894063_16 CrossRefGoogle Scholar
  11. 11.
    Brasser, F., Müller, U., Dmitrienko, A., Kostiainen, K., Capkun, S., Sadeghi, A.R.: Software grand exposure: SGX cache attacks are practical. In: 11th USENIX Workshop on Offensive Technologies (WOOT 2017). USENIX Association, Vancouver, BC (2017). https://www.usenix.org/conference/woot17/workshop-program/presentation/brasser
  12. 12.
    Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge AES against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive (2006)Google Scholar
  13. 13.
    Brickell, E., Graunke, G., Seifert, J.-P.: Mitigating cache/timing based side-channels in AES and RSA software implementations. In: RSA Conference 2006 session DEV-203 (2006)Google Scholar
  14. 14.
    Briongos, S., Irazoqui, G., Malagón, P., Eisenbarth, T.: CacheShield: Protecting Legacy Processes Against Cache Attacks. arXiv preprint arXiv:1709.01795 (2017)
  15. 15.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48, 701–716 (2005)CrossRefGoogle Scholar
  16. 16.
    Carluccio, D.: Electromagnetic side channel analysis for embedded crypto devices. Master’s thesis, Ruhr Universität Bochum (2005)Google Scholar
  17. 17.
    Costan, V., Lebedev, I.A., Devadas, S.: Sanctum: minimal hardware extensions for strong software isolation. In: USENIX Security Symposium (2016)Google Scholar
  18. 18.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES-The Advanced Encryption Standard. Springer Science & Business Media, Berlin (2013).  https://doi.org/10.1007/978-3-662-04722-4 zbMATHGoogle Scholar
  19. 19.
    Diffie, W., Ledin, G.: SMS4 Encryption Algorithm for Wireless Networks. IACR Cryptology ePrint Archive (2008)Google Scholar
  20. 20.
    Doychev, G., Köpf, B.: Rigorous analysis of software countermeasures against cache attacks. In: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (2017)Google Scholar
  21. 21.
    Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware. IACR Cryptology ePrint Archive 2016/613 (2016)Google Scholar
  22. 22.
    Ge, Q., Yarom, Y., Li, F., Heiser, G.: Contemporary Processors Are Leaky–And Theres Nothing You Can Do About It. The Computing Research Repository. arXiv (2016)Google Scholar
  23. 23.
    Glowacz, C., Grosso, V., Poussier, R., Schüth, J., Standaert, F.-X.: Simpler and more efficient rank estimation for side-channel security assessment. In: Leander, G. (ed.) FSE 2015. LNCS, vol. 9054, pp. 117–129. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48116-5_6 CrossRefGoogle Scholar
  24. 24.
    Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+flush: a fast and stealthy cache attack. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 279–299. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-40667-1_14 Google Scholar
  25. 25.
    Gueron, S., Krasnov, V.: SM4 acceleration processors, methods, systems, and instructions. US Patent 9,513,913, 6 December 2016. https://www.google.com/patents/US9513913
  26. 26.
    Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: 2011 IEEE Symposium on Security and Privacy (SP). IEEE (2011)Google Scholar
  27. 27.
    Inci, M.S., Gülmezoglu, B., Apecechea, G.I., Eisenbarth, T., Sunar, B.: Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud. IACR Cryptology ePrint Archive (2015)Google Scholar
  28. 28.
    İnci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Cache attacks enable bulk key recovery on the cloud. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 368–388. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53140-2_18 Google Scholar
  29. 29.
  30. 30.
    Intel: Intel 64 and IA-32 Architectures Software Developer Manuals. https://software.intel.com/en-us/articles/intel-sdm
  31. 31.
  32. 32.
    Intel: Intel(R) Software Guard Extensions for Linux* OS. https://github.com/01org/linux-sgx
  33. 33.
  34. 34.
  35. 35.
  36. 36.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: S$A: a shared cache attack that works across cores and defies VM sandboxing-and its application to AES. In: 2015 IEEE Symposium on Security and Privacy (SP) (2015)Google Scholar
  37. 37.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: MASCAT: Stopping Microarchitectural Attacks Before Execution. IACR Cryptology ePrint Archive (2016)Google Scholar
  38. 38.
    Kayaalp, M., Khasawneh, K.N., Esfeden, H.A., Elwell, J., Abu-Ghazaleh, N., Ponomarev, D., Jaleel, A.: RIC: relaxed inclusion caches for mitigating LLC side-channel attacks. In: Proceedings of the 54th Annual Design Automation Conference 2017. ACM (2017)Google Scholar
  39. 39.
    Koç, C.K.: Analysis of sliding window techniques for exponentiation. Comput. Math. Appl. 30, 17–24 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  40. 40.
    Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1, 5–27 (2011)CrossRefGoogle Scholar
  41. 41.
    Lee, S., Shih, M.W., Gera, P., Kim, T., Kim, H., Peinado, M.: Inferring fine-grained control flow inside SGX enclaves with branch shadowing. arXiv preprint arXiv:1611.06952 (2016)
  42. 42.
    Liu, F., Ge, Q., Yarom, Y., Mckeen, F., Rozas, C., Heiser, G., Lee, R.B.: Catalyst: defeating last-level cache side channel attacks in cloud computing. In: 2016 IEEE Symposium on High Performance Computer Architecture (HPCA) (2016)Google Scholar
  43. 43.
    Marr, D., Binns, F., Hill, D., Hinton, G., Koufaty, D., et al.: Hyper-threading technology in the netburst® microarchitecture. In: 14th Hot Chips (2002)Google Scholar
  44. 44.
    Moghimi, A., Irazoqui, G., Eisenbarth, T.: Cachezoom: how SGX amplifies the power of cache attacks. arXiv preprint arXiv:1703.06986 (2017)
  45. 45.
    Nguyen, P.H., Rebeiro, C., Mukhopadhyay, D., Wang, H.: Improved differential cache attacks on SMS4. In: Kutyłowski, M., Yung, M. (eds.) Inscrypt 2012. LNCS, vol. 7763, pp. 29–45. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-38519-3_3 CrossRefGoogle Scholar
  46. 46.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006).  https://doi.org/10.1007/11605805_1 CrossRefGoogle Scholar
  47. 47.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. ACM (2009)Google Scholar
  48. 48.
    Schimmel, C.: UNIX Systems for Modern Architectures: Symmetric Multiprocessing and Caching for Kernel Programmers. Addison-Wesley Publishing Co., Boston (1994)Google Scholar
  49. 49.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23, 37–71 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  50. 50.
    Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003).  https://doi.org/10.1007/978-3-540-45238-6_6 CrossRefGoogle Scholar
  51. 51.
    Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., Strackx, R.: Telling your secrets without page faults: stealthy page table-based attacks on enclaved execution. In: Proceedings of the 26th USENIX Security Symposium. USENIX Association (2017)Google Scholar
  52. 52.
    Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: CacheD: identifying cache-based timing channels in production software. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 235–252. USENIX Association, Vancouver (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
  53. 53.
    Webster, A.F., Tavares, S.E.: On the design of S-boxes. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 523–534. Springer, Heidelberg (1986).  https://doi.org/10.1007/3-540-39799-X_41 Google Scholar
  54. 54.
    Wolrich, G., Gopal, V., Yap, K., Feghali, W.: SMS4 acceleration processors, methods, systems, and instructions. US Patent 9,361,106, 7 June 2016. https://www.google.com/patents/US9361106
  55. 55.
    Xu, M., Thi, L., Phan, X., Choi, H.Y., Lee, I.: vCAT: dynamic cache management using CAT virtualization. In: 2017 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS). IEEE (2017)Google Scholar
  56. 56.
    Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 640–656. IEEE (2015)Google Scholar
  57. 57.
    Yap, K., Wolrich, G., Satpathy, S., Gulley, S., Gopal, V., Mathew, S., Feghali, W.: SMS4 acceleration hardware. US Patent 9,503,256, 22 November 2016. https://www.google.com/patents/US9503256
  58. 58.
    Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: USENIX Security (2014)Google Scholar
  59. 59.
    Yarom, Y., Genkin, D., Heninger, N.: CacheBleed: a timing attack on OpenSSL constant-time RSA. J. Cryptogr. Eng. 7, 99–112 (2017)CrossRefGoogle Scholar
  60. 60.
    Zhang, T., Zhang, Y., Lee, R.B.: CloudRadar: a real-time side-channel attack detection system in clouds. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 118–140. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45719-2_6 CrossRefGoogle Scholar
  61. 61.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM (2012)Google Scholar
  62. 62.
    Zhou, Z., Reiter, M.K., Zhang, Y.: A software approach to defeating side channels in last-level caches. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM (2016)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Worcester Polytechnic InstituteWorcesterUSA
  2. 2.University of LübeckLübeckGermany

Personalised recommendations