Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Cache Designs for Thwarting Cache-based Side Channel Attacks

Published byPosy Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "New Cache Designs for Thwarting Cache-based Side Channel Attacks"— Presentation transcript:

1 New Cache Designs for Thwarting Cache-based Side Channel Attacks
Zhenghong Wang and Ruby B. Lee Princeton Architecture Laboratory for Multimedia and Security Department of Electrical Engineering, Princeton University Motivation and Goals Summary of Attacks Proposed Solutions - RPcache Performance Cache-based side channel attacks are a new and more dangerous threat Easy to launch Impact a wider range of systems and users Existing solutions are insufficient Performance degradation Attack specific Some are not secure enough Goals: Security without compromising performance and cost General non-attack-specific solutions Cache interference enables side channel attacks External interference: Percival’s attack Internal interference: Bernstein’s attack Spectrum of attacks Random-Permutation cache (RPcache) Blocks information leak by randomizing cache interference Advantages Allow cache line sharing Negligible performance impact Provable security An information-theoretic proof Low overhead implementation No impact on cache access time Partition-Locked cache (PLcache) Comparable with traditional caches if properly used Considerable performance impact on direct-mapped caches The number of locked cache lines should be reasonably small Random-Permutation cache (RPcache) Consistently comparable with traditional caches over various cache configurations (less than 2% worst case) Attacker’s ability in observing victim’s cache accesses Bernstein’s attack + Only aggregated cache behavior is indirectly observable + Requires large number of experiments and statistical analysis Least accurate Most accurate Percival’s attack + Individual cache access directly observable + Key recovery in one single trial A Logical View of RPcache Ongoing and Future Work Attacks The security-enabling mechanism of RPcache can be exploited to improve: Performance Power efficiency Fault tolerance Thermal control and more… Improved implementation Percival’s attack against RSA Bernstein’s attack against AES Our Approach Hardware-based approach New security-aware cache architectures Provide security with good performance Attack the root cause of the attacks Ensure generality Solutions effective on both known and unknown attacks RSA Core operation: x := ad mod p (d is the secret key) Implemented as: Squaring: x:= x2 mod p Multiplication: x:= x·a2k+1 mod p (2k+1 is a segment of d) Table Lookup: a2k+1 is pre-computed and stored in a table Attack: Identify table lookup memory accesses Location of the accessed cache line reveals the key bits 2k+1 Low Overhead Implementation Summary and Conclusions Cache-based side channel attacks are a new and more dangerous threat We proposed new security-aware cache designs that can mitigate existing attacks as well as unknown attacks The proposed cache designs provide sufficient security with negligible performance degradation and can be implemented with low cost Proposed Solutions - PLcache Partition-Locked cache (PLcache) Blocks information leak by disallowing cache interference Achieves partitioning via cache line locking Fine-grained and flexible locking mechanisms Locking on cacheline-granularity Locking on page-granularity Advantages Only necessary lines are locked Better cache utilization More secure than simple static partition Explicit locking mechanism Avoids unwanted cache line evictions within a partition Simple architecture and low cost Address decoder circuitry of RPcache Principle: the average encryption time of the AES cipher is dependent on the plaintext byte value and the secret key value Security Analysis Plaintext byte value Average Encryption Time Known key – byte 0 Unknown key – byte 0 Method: model the side channel as a communication channel Input alphabet: cacheset# accessed by the victim Output alphabet: cacheset# on which the attacker observes a miss Related Publications [1] Zhenghong Wang and Ruby B. Lee, “New Cache Designs for Thwarting Software Cache-based Side Channel Attacks", Proceedings of the 34th International Symposium on Computer Architecture (ISCA 2007), San Diego, CA, pp , June 2007. [2] Michael Neve, Jean-Pierre Seifert, and Zhenghong Wang, “A refined look at Bernstein's AES side-channel analysis,” Fast abstract in the Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, pp. 369, March 2006. Traditional cache RPcache sender receiver 1 3 2 Time AES starts AES ends Channel capacity determined by Pr(j|i) = Prob{output=j|input=i} CapacityRPcache = 0 since all Pr(j|i) are equal

Download ppt "New Cache Designs for Thwarting Cache-based Side Channel Attacks"

Similar presentations

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.

Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Full AES key extraction in 65 milliseconds using cache attacks

Full AES key extraction in 65 milliseconds using cache attacks
CS 104 Introduction to Computer Science and Graphics Problems

CS 104 Introduction to Computer Science and Graphics Problems
Computer Organization Cs 147 Prof. Lee Azita Keshmiri.

Computer Organization Cs 147 Prof. Lee Azita Keshmiri.
Virtual Memory BY JEMINI ISLAM. What is Virtual Memory Virtual memory is a memory management system that gives a computer the appearance of having more.

Virtual Memory BY JEMINI ISLAM. What is Virtual Memory Virtual memory is a memory management system that gives a computer the appearance of having more.
An Intelligent Cache System with Hardware Prefetching for High Performance Jung-Hoon Lee; Seh-woong Jeong; Shin-Dug Kim; Weems, C.C. IEEE Transactions.

An Intelligent Cache System with Hardware Prefetching for High Performance Jung-Hoon Lee; Seh-woong Jeong; Shin-Dug Kim; Weems, C.C. IEEE Transactions.
1 Presenter: Chien-Chih Chen Proceedings of the 2002 workshop on Memory system performance.

1 Presenter: Chien-Chih Chen Proceedings of the 2002 workshop on Memory system performance.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.

RRB/STS ORNL Workshop Integrated Hardware/Software Security Support R. R. BrooksSam T. Sander Associate ProfessorAssistant Professor Holcombe Department.
TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University.

TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.

Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
KAIS T A lightweight secure protocol for wireless sensor networks 윤주범 2007.12. 4 ELSEVIER Mar. 2006.

KAIS T A lightweight secure protocol for wireless sensor networks 윤주범 ELSEVIER Mar
A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.

A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.
Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China.

Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Architectural Support for Fine-Grained Parallelism on Multi-core Architectures Sanjeev Kumar, Corporate Technology Group, Intel Corporation Christopher.

Architectural Support for Fine-Grained Parallelism on Multi-core Architectures Sanjeev Kumar, Corporate Technology Group, Intel Corporation Christopher.

Similar presentations

Ads by Google