Introduction The complexity and optimization of modern computer systems have opened a room for

inadvertent information leakage Software and hardware side channels

Optimizations are performed based on specific data values that are processed, the location of data, the frequency of access to locations and many other factors;

Software and hardware faults An attacker tries to manipulate computations of a device to either evade security

mechanisms of the device or to leak its secrets

Software Based Microarchitectural Side Channel Attacks- Exploit imperfections in the hardware introduced by optimizations on a

microarchitectural level.- Cache attacks, - Branch predictions, - Page translation attacks, - Exception based attacks - Dynamic Random Access Memory (DRAM) attacks

1. Cache Attacks Deduce information on cryptographic secrets from the influence of the cache on

the execution time of a cryptographic implementation

Bernstein’s Attack- A remote cache timing attack on an AES T-table implementation- The entire AES algorithm can then be implemented as a fast sequence of T-table lookups. - The T-table entries are accessed based on an algorithmically defined scheme- T-table entries may be cached and depending on whether they are cached a timing

difference can be observed

Evict + Time AttackEvict + Time Attack- The attacker triggers several victim computations and measures the victim’s execution

time- To measure the influence of a specific cache set the attacker evicts the cache set before

the computation for half of the victim runs. - If there is a timing difference when evicting the cache set, the attacker can conclude that

the cache set was used by the victim computation

Prime + Probe Attack- The attacker continuously fills a cache set and measures how long it takes to refill the

cache set- The time it takes to refill the cache set is proportional to the number of cache ways

that have been replaced by other processes- A higher timing means that at least one cache way has been replaced. - A lower timing means that likely no cache way has been replaced.- The technique does not require any measurement of the execution time and thus

allows performing asynchronous attacks

Flush + Reload clflush instruction is used to mount flush + reload attack The attacker frequently flushes a cache line using the instruction and then measures the

time it takes to reload the data. Low reload time indicates that the victim must have reloaded the very same memory

location into the cache whereas high reload time might likely mean no other process accessed the memory location in the meantime.

This attack is often considered the most powerful cache attack

2. Branch Prediction Attacks Branch-pattern table stores past results on branches and uses them to predict the outcome

of future branches. The branch-target buffer caches branch targets from past branches to predict targets of

future branches. Both caches are virtually-indexed and thus an adversary can target these caches without

knowledge of physical addresses. A series of branches are executed by the attacker to prime the branch target buffer. If the targeted device experiences a wrong branch prediction, an entry of the branch-target

buffer will be replaced.The attacker subsequently observes a higher execution time due to the wrong prediction for The attacker subsequently observes a higher execution time due to the wrong prediction for one of its branches

3. Page Translation Cache Attacks The attacker triggers multiple page faults Since the valid page-translation entries are cached independent of the current privilege

level, page faults on inaccessible memory regions reveals whether the memory region is valid for the kernel.

This allows recovering which addresses are valid and even which addresses are used by specific parts of the kernel

4. Exception Based Attacks Processor exceptions could leak sensitive information when they are triggered. Exceptions include scheduler interrupts, instruction aborts, page faults, behavioral

differences Example, instructions providing the user with an error code. Through this behavior

the CPU leaks direct information (i.e., the behavior itself) and indirect information (i.e., timing differences due to the behavior).

Exception based attacks exploit both microarchitecturally defined and undefined behavior

5. DRAM (Dynamic Random Access Memory) Based Attacks5. DRAM (Dynamic Random Access Memory) Based Attacks Multiple tenants are often co-located on the same multi- processor system in the

cloud. This necessitates a mechanism to prevent information leakage among tenants. While the hypervisor enforces software isolation, shared hardware, such as the CPU

cache or memory bus, can leak sensitive information P. Pessl, D. Gruss, et al (2016) demonstrated a high-speed covert channel as well as the

first side-channel attack working across processors and without any shared memory They used undocumented DRAM address (DRAMA) mappings and reverse

engineering of the DRAM mapping

Software-based Microarchitectural Fault Attacks A common assumption in system and software security is the security of the hardware is

taken for granted Hardware is not perfect and especially when operated outside the specification, faults can

be introduced by an attacker. A unique feature of microarchitectural fault attacks is that they use effects caused by

microarchitectural elements or operations implemented on a microarchitectural level. In the software-based variant these effects and operations are triggered from software.

Example, rowhammer bug.

Figure1. Rowhammer attack (source : D. Gruss , 2017)

-Repeated activations of memory locations in the same bank but in different rows can trigger rowhammer bugs and then cause bit flips in adjacent rows. - After a bit flipped, the attacker can gain control over the instructions or even kernel privileges. -The attack can be triggered by executing a sequence of memory accesses and clflushoperations to frequently open and close DRAM rows

Hardware Based Side Channel Attacks Side-channel attacks bypass the theoretical strength of cryptographic algorithms by

exploiting weaknesses in the cryptographic system hardware implementation via non-primary, side-channel inputs and outputs

1. Timing Attacks Exploit the difference in the amount of time a givenoperation takes during the encryption process to get information about secret keys

2. Power Consumption Attacks - The amount of power consumed during the encryption process varies depending on the microprocessor instruction performed.

Figure 2. Side channel emissions from deviceunder attack: optical, power, EM and acoustic(source: K. Mai, 2012)

microprocessor instruction performed. - power consumption attack, the attacker observes a system's power consumption

3. Electro-Magnetic (EM) attacksDeduce information by observing the electro-magnetic signal of a device when it is processing secret data.

4. Acoustic Side Channel Attacks- Shamir and Tromer cited in (Mai, 2012) has studied acoustic side channel attacks. - By placing microphones near a standard home-built PC, not only could they distinguish between other activity and RSA encryption but also they could distinguish between runs of RSA with different keys

5. Fault Analysis Attacks- Attacker investigate ciphers and extract keys by generating faults in a system using natural faults.- Faults are most often caused by changing the voltage, tampering with the clock, or by applying radiation of various types

Countermeasures Scheduling processes in different security domains only to different CPU cores can

be used to prevent same core attacks. To mitigate cross-core attacks, one could schedule such processes to different CPUs. To counter cross-CPU attacks, performing the entire computation on different

physical systems can be used. Constant-time and oblivious computations are a standard countermeasure against

attacks on cryptographic implementations. Preloading all data into the cache before running an algorithm improves the

performance of secure enclaves significantly while eliminating leakage based performance of secure enclaves significantly while eliminating leakage based on cache misses

Counter measures against software based attacks Disabling cache-line sharing and shared memory, Avoiding cache-set sharing and spatial proximity, Cache cleansing, and Detecting software vulnerabilities

Measures to counter Timing attacks Making operations data independent, Using blinding signatures to prevent the attacker from knowing the

input, Avoiding conditional branching and secret intermediaries and

equalizing the time required for multiplication and squaring.Measures to counter power analysis attacks power consumption balancing using dummy registers and gates, reducing signal size, reducing signal size, noise addition, physically shielding of the device and using nonlinear key update procedures to ensure that power traces

cannot be correlated. Measures to counter fault analysis attacks Running the encryption twice helps to counter

References

Daniel Gruss (2017), Software-based Microarchitectural Attacks, Accessed 30 October 2017 < https://gruss.cc/files/phd_thesis.pdf >

Hagai Bar El (n .d), Introduction to Side channel attacks, Accessed 25 October 2017, <http://gauss.ececs.uc.edu/Courses/c653/lectures/SideC/intro.pdf >

Hamad Raeisi, Sultan AlTamimi (n.d), Attack on RSA by Branch Prediction, Accessed 07 November 2017,

<http://moais.imag.fr/membres/jean-louis.roch/perso_html/transfert/2009-06-19-IntensiveProjects-M1-SCCI-Reports/RaeisiAlTamimi.pdf >

Ken Main (2012). In: M. Tehranipoor and C. Wang (eds.), Introduction to Hardware Security and Trust,

DOI 10.1007/978-1-4419-8080-9 8, Springer Science+Business Media, LLC 2012, pp. 175 -192 Mohammed TehraniPoor and Cliff Wang (2012), Introduction to Hardware Security and Trust,

Springer, New York. Springer, New York. Onur Acıicmez, Jean-Pierre Seifert, and Cetin Kaya Koc (n.d), Predicting Secret Keys via Branch

Prediction, Accessed 10 November 2017, <https://eprint.iacr.org/2006/288.pdf > Paul C. Kocher (n.d), Timing Attacks on Implementations of Die-Hellman, RSA, DSS, and Other

Systems, Accessed 08 November 2017, <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.40.5024&rep=rep1&type=pdf>

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard (2016), DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks, Proceedings of the 25th USENIX Security Symposium, Accessed 05 November 2017, <https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_pessl.pdf >