Abstract
We describe several software side-channel attacks based on inter-process
leakage through the state of the CPU's memory cache. This leakage
reveals memory access patterns, which can be used for cryptanalysis
of cryptographic primitives that employ data-dependent table lookups.
The attacks allow an unprivileged process to attack other processes
running in parallel on the same processor, despite partitioning methods
such as memory protection, sandboxing and virtualization. Some of
our methods require only the ability to trigger services that perform
encryption or MAC using the unknown key, such as encrypted disk partitions
or secure network links. Moreover, we demonstrate an extremely strong
type of attack, which requires knowledge of neither the specific plaintexts
nor ciphertexts, and works by merely monitoring the effect of the
cryptographic process on the cache. We discuss in detail several such
attacks on AES, and experimentally demonstrate their applicability
to real systems, such as OpenSSL and Linux's
dm-crypt encrypted
partitions (in the latter case, the full key can be recovered after
just 800 writes to the partition, taking 65 milliseconds). Finally,
we describe several countermeasures which can be used to mitigate
such attacks.
Papers
- Preprint:
Dag Arne Osvik, Adi Shamir, Eran Tromer,
Cache attacks and countermeasures: the case of AES, Cryptology ePrint Archive: Report 2005/271
[pdf]
- Conference version:
Dag Arne Osvik, Adi Shamir, Eran Tromer,
Cache attacks and countermeasures: the case of AES, proc. RSA Conference Cryptographers Track (CT-RSA) 2006, LNCS 3860, 1-20, Springer, 2006
- Journal version:
Eran Tromer, Dag Arne Osvik, Adi Shamir,
Efficient cache attacks on AES, and countermeasures,, Journal of Cryptology, vol. 23 no. 1, 37-71, Springer, 2010
[pdf: single-column] [pdf: original journal]
Our follow-ups
-
Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage,
Hey, you, get off of my cloud! Exploring information leakage in third-party compute clouds
-
Daniel Genkin, Lev Pachmanov, Eran Tromer, Yuval Yarom,
Drive-by Key-Extraction Cache Attacks from Portable Code