nach oben

Journal of Cryptographic Engineering

Erschienen in:

23.05.2022 | Regular Paper

A framework for leaking secrets to past instructions

verfasst von: Jacob Fustos, Michael Bechtel, Heechul Yun

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 4/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Transient execution attacks use microarchitectural covert channels to leak secrets that should not have been accessible during logical program execution. Commonly used micro-architectural covert channels are those that leave lasting footprints in the micro-architectural state, for example, a cache state change, from which the secret is recovered after the transient execution is completed. In this paper, we present SpectreRewind, a new approach to create and exploit contention-based covert channels for transient execution attacks. In our approach, a covert channel is established by issuing the necessary instructions logically before the transiently executed victim code. Unlike prior contention-based covert channels, which require simultaneous multi-threading (SMT), SpectreRewind works on a single hardware thread and does not require SMT. We show that contention on the floating point division unit on commodity out-of-order processors can be used to create a high-performance (\(\sim \) 100 KB/s), low-noise covert channel for transient execution attacks instead of commonly used flush+reload-based cache covert channels. We also show that the proposed covert channel works in the JavaScript sandbox environment of a Chrome browser and can be used in a Meltdown attack.

Vorheriger Artikel Differential fault analysis of NORX using variants of coupon collector problem

Nächster Artikel Fault analysis of the PRINCE family of lightweight ciphers

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Our PoC code is available at http://github.com/CSL-KU/SpectreRewind-POC.

As defined in [1], latency refers to the clock cycles needed from the time the \(\upmu \)op is issued to the time the result become available to dependent \(\upmu \)ops, while throughput refers to the clock cycles needed from the time the \(\upmu \)op is issued until to the time the functional unit becomes available again.

https://github.com/IAIK/meltdown.

Abel, A., Reineke, J.: uops.info: characterizing latency, throughput, and port usage of instructions on intel microarchitectures. In: Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 673–686. ACM, New York (2019)

Aciicmez, O., Seifert, J.P.: Cheap hardware parallelism implies cheap security. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 80–91 (2007)

ARM: Cortex-A72 Software Optimization Guide (2015). https://static.docs.arm.com/uan0016/a/cortex_a72_software_optimization_guide_external.pdf

ARM: Cortex-A57 Software Optimization Guide (2016). https://static.docs.arm.com/uan0015/b/Cortex_A57_Software_Optimization_Guide_external.pdf

Behnia, M., Sahu, P., Paccagnella, R., Yu, J., Zhao, Z., Zou, X., Unterluggauer, T., Torrellas, J., Rozas, C., Morrison, A., Mckeen, F., Liu, F., Gabor, R., Fletcher, C.W., Basak, A., Alameldeen, A.: Speculative interference attacks: breaking invisible speculation schemes. In: Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2020)

Bhattacharyya, A., Sandulescu, A., Neugschwandtner, M., Sorniotti, A., Falsafi, B., Payer, M., Kurmus, A.: Smotherspectre: exploiting speculative execution through port contention. In: ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 785–800 (2019)

Boggs, D.D., Segelken, R., Cornaby, M., Fortino, N., Chaudhry, S., Khartikov, D., Mooley, A., Tuck, N., Vreugdenhil, G.: Memory type which is cacheable yet inaccessible by speculative instructions (2019). U.S. Patent App. 16,022,274

Cache speculation side-channels. ARM White Paper (2018)

Cabrera Aldaya, A., Bob Brumley, B., Ul Hassan, S., Pereida García, C., Tuveri, N.: Port contention for fun and profit. In: IEEE Symposium on Security and Privacy (SP) (2019)

10.

Canella, C., Bulck, J.V., Schwarz, M., Lipp, M., von Berg, B., Ortner, P., Piessens, F., Evtyushkin, D., Gruss, D.: A systematic evaluation of transient execution attacks and defenses. In: USENIX Security Symposium (2019)

11.

Fogh., A.: https://cyber.wtf/2016/09/27/covertshotgun/ (2016)

12.

Fustos, J., Bechtel, M., Yun, H.: Spectrerewind: leaking secrets to past instructions. In: Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security, pp. 117–126 (2020)

13.

Fustos, J., Farshchi, F., Yun, H.: SpectreGuard: an efficient data-centric defense mechanism against spectre attacks. In: Design Automation Conference (DAC), pp. 61–1 (2019)

14.

Gonzalez, A., Korpan, B., Zhao, J., Younis, E., Asanović, K.: Replicating and mitigating spectre attacks on an open source risc-v microarchitecture. In: 3rd Workshop on Computer Architecture Research with RISC-V (CARRV) (2019)

15.

Gras, B., Giuffrida, C., Kurth, M., Bos, H., Razavi, K.: Absynthe: automatic blackbox side-channel synthesis on commodity microarchitectures. In: Network and Distributed Systems Security (NDSS) (2020)

16.

Horn, J.: speculative execution, variant 4: speculative store bypass (2018). https://bugs.chromium.org/p/project-zero/issues/detail?id=1528

17.

Intel: Intel Analysis of Speculative Execution Side Channels (Rev. 4.0). Tech. rep. (2018). https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf

18.

Khasawneh, K.N., Koruyeh, E.M., Song, C., Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: SafeSpec: banishing the spectre of a meltdown with leakage-free speculation. In: Design Automation Conference (DAC) (2019)

19.

Kiriansky, V., Waldspurger, C.: Speculative buffer overflows: attacks and defenses (2018). arXiv preprint arXiv:1807.03757

20.

Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., Yarom, Y.: Spectre attacks: exploiting speculative execution. In: IEEE Symposium on Security and Privacy (SP). IEEE Computer Society (2019)

21.

Koruyeh, E.M., Khasawneh, K.N., Song, C., Abu-Ghazaleh, N.: Spectre returns! Speculation attacks using the return stack buffer. In: USENIX Workshop on Offensive Technologies (WOOT) (2018)

22.

Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., Hamburg, M.: Meltdown: reading kernel memory from user space. In: USENIX Security (2018)

23.

Maisuradze, G., Rossow, C.: ret2spec: speculative execution using return stack buffers. In: ACM Conference on Computer and Communications Security (CCS), pp. 2109–2122. ACM (2018)

24.

Minkin, M., Moghimi, D., Lipp, M., Schwarz, M., Van Bulck, J., Genkin, D., Gruss, D., Sunar, B., Piessens, F., Yarom, Y.: Fallout: Reading kernel writes from user space. In: ACM SIGSAC conference on computer and communications security (2019)

25.

Moghimi, A., Wichelmann, J., Eisenbarth, T., Sunar, B.: Memjam: a false dependency attack against constant-time crypto implementations. Int. J. Parallel Program. (2019)

26.

Oberman, S.F.: Floating point division and square root algorithms and implementation in the amd-k7/sup tm/microprocessor. In: IEEE Symposium on Computer Arithmetic (Cat. No. 99CB36336), pp. 106–115. IEEE (1999)

27.

Saileshwar, G., Qureshi, M.K.: Cleanupspec: An “undo” approach to safe speculation. In: International Symposium on Microarchitecture (MICRO), pp. 73-86. ACM (2019)

28.

Schwarz, M., Lipp, M., Canella, C., Schilling, R., Kargl, F., Gruß, D.: Context: a generic approach for mitigating spectre. In: Network and Distributed System Security (NDSS) (2020)

29.

Schwarz, M., Lipp, M., Moghimi, D., Van Bulck, J., Stecklina, J., Prescher, T., Gruss, D.: ZombieLoad: cross-privilege-boundary data sampling. In: ACM Conference on Computer and Communications Security (CCS) (2019)

30.

Schwarz, M., Maurice, C., Gruss, D., Mangard, S.: Fantastic timers and where to find them: high-resolution microarchitectural attacks in javascript. In: Kiayias, A. (ed.) Financial Cryptography and Data Security, pp. 247–267. Springer, Cham (2017)

31.

Stecklina, J., Prescher, T.: Lazyfp: leaking FPU register state using microarchitectural side-channels (2018). arXiv preprint arXiv:1806.07480

32.

Sun, K., Branco, R., Hu, K.: A new memory type against speculative side channel attacks (2019). https://github.com/IntelSTORMteam/Papers

33.

Townley, D., Ponomarev, D.: Smt-cop: Defeating side-channel attacks on execution units in smt processors. In: 2019 28th International Conference on Parallel Architectures and Compilation Techniques (PACT) (2019)

34.

Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23, 37–71 (2010)MathSciNetCrossRef

35.

Tullsen, D.M., Eggers, S.J., Levy, H.M.: Simultaneous multithreading: maximizing on-chip parallelism. In: International Symposium on Computer Architecture (ISCA), pp. 392–403. ACM (1995)

36.

Van Bulck, J., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T.F., Yarom, Y., Strackx, R.: Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution. In: USENIX Security Symposium. USENIX Association (2018)

37.

Van Bulck, J., Moghimi, D., Schwarz, M., Lipp, M., Minkin, M., Genkin, D., Yuval, Y., Sunar, B., Gruss, D., Piessens, F.: LVI: hijacking transient execution through microarchitectural load value injection. In: 41th IEEE Symposium on Security and Privacy (S &P’20) (2020)

38.

van Schaik, S., Milburn, A., Österlund, S., Frigo, P., Maisuradze, G., Razavi, K., Bos, H., Giuffrida, C.: RIDL: Rogue in-flight data load. In: S &P (2019)

39.

van Schaik, S., Minkin, M., Kwong, A., Genkin, D., Yarom, Y.: CacheOut: leaking data on Intel CPUs via cache evictions (2020). https://cacheoutattack.com/

40.

Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: Annual Computer Security Applications Conference (ACSAC), pp. 473–482 (2006)

41.

Weisse, O., Neal, I., Loughlin, K., Wenisch, T.F., Kasikci, B.: Nda: preventing speculative execution attacks at their source. In: Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture, pp. 572–586 (2019)

42.

Weisse, O., Van Bulck, J., Minkin, M., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Strackx, R., Wenisch, T.F., Yarom, Y.: Foreshadow-NG: breaking the virtual memory abstraction with transient out-of-order execution. Technical Report (2018)

43.

Yan, M., Choi, J., Skarlatos, D., Morrison, A., Fletcher, C.W., Torrellas, J.: InvisiSpec: making speculative execution invisible in the cache hierarchy. In: International Symposium on Microarchitecture (MICRO) (2018)

44.

Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, l3 cache side-channel attack. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 719–732. USENIX Association, San Diego (2014)

45.

Yarom, Y., Genkin, D., Heninger, N.: Cachebleed: a timing attack on openssl constant-time RSA. J. Cryptogr. Eng. (2017)

46.

Yu, J., Yan, M., Khyzha, A., Morrison, A., Torrellas, J., Fletcher, C.W.: Speculative taint tracking (STT) a comprehensive protection for speculatively accessed data. In: International Symposium on Microarchitecture (MICRO), pp. 954–968 (2019)

Titel: A framework for leaking secrets to past instructions
verfasst von: Jacob Fustos
Michael Bechtel
Heechul Yun
Publikationsdatum: 23.05.2022
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 4/2022
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-022-00289-8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2022

A comprehensive survey of physical and logic testing techniques for Hardware Trojan detection and prevention

Differential fault analysis of NORX using variants of coupon collector problem

The ASHES 2020 special issue at JCEN

Secret-free security: a survey and tutorial

Fault analysis of the PRINCE family of lightweight ciphers

Development of the RISC-V entropy source interface

Premium Partner