Description
Caches leak information through timing measurements and so-called side-channel attacks. Several primitives exist with different requirements and trade-offs. Flush+Flush is a stealthy and fast cache attack primitive that uses the timing of the clflush instruction depending on the presence of a line in the cache. However, the CPU interconnect plays a bigger role than thought in these timings, and therefore in the error rate of Flush+Flush.
In this paper, we show that a naive implementation that does not take into account the topology of the interconnect yields very important error rates, especially on modern CPUs as the number of cores increases. We, therefore, reverse-engineer this topology and revisit the calibration phase of Flush+Flush for different attacker models to determine the correct threshold for clflush hits and misses. We evaluate that our method yields noiseless side-channel attacks by attacking the AES T-tables implementation of OpenSSL, and by building a covert channel. We obtain a maximal capacity of 3.15 Mbit/s with our improved method, compared to 1.4 Mbit/s with a naive implementation of Flush+Flush on an Intel Core i9-9900 CPU.
Prochains exposés
-
ML-Based Hardware Trojan Detection in AI Accelerators via Power Side-Channel Analysis
Orateur : Yehya NASSER - IMT Atlantique
Our work discusses the security risks associated with outsourcing AI accelerator design due to the threat of hardware Trojans (HTs), a problem traditional testing methods fail to address. We introduce a novel solution based on Power Side-Channel Analysis (PSCA), where we collect and preprocess power traces by segmenting them and extracting features from both time and frequency domains. This[…]-
SemSecuElec
-
Side-channel
-
Machine learning
-
Hardware trojan
-