nach oben

Peer-to-Peer Networking and Applications

Erschienen in:

07.09.2020

An optimistic technique to detect Cache based Side Channel attacks in Cloud

verfasst von: G. Sangeetha, G. Sumathi

Erschienen in: Peer-to-Peer Networking and Applications | Ausgabe 4/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Data security is the most critical field in Cloud Computing. The Critical data can leak through unpredictable side channels, posing very risky threats to information security. The Cache-based Side Channel Attacks (CSCAs) is one of the most challenging attacks. Different secure cache architectures have been proposed to defend against these attacks. But these solutions are not reliable to detect and prevent those attacks. Detection of CSCAs is a very important research-related problem. In this paper we demonstrated the detection of CSCAs. We measured the vCPU cycle, virtual memory utilization and cache miss rate to detect the attackers. We illustrated Prime + Probe attack, Flush + Flush attack, and Flush + Reload attack on the AES cryptosystem. Our detection technique is compared with the existing detection solution to demonstrate the accuracy. Our proposed work is achieved 92.5% accuracy to detect the CSC attacks. With the help of our proposed system the Cloud Service Providers(CSPs) can identify the attackers of VMs and host machines to safe guard victim users from the CSCA.

Vorheriger Artikel PriPresent: an embedded prime LightWeight block cipher for smart devices

Nächster Artikel Dynamic intelligent resource allocation for emergency situations

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Kocher PC (1996a) Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Advances in Cryptology - CRYPTO ‘96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18–22, Proceedings (1996), 104–113

Kocher PC (1996b) Timing Attacks on Implementations of Diffe-Hellman, RSA, DSS, and Other Systems. In: Crypto’96.pp.104–113

Dag Arne Osvik, Adi Shamir, and Eran Tromer (2006a). Cache attacks and countermeasures: The case of AES. In David Pointcheval, editor, Topics in Cryptology- CT-RSA 2006, The cryptographers’ track at the RSA conference 2006, San Jose, CA, USA, February 13-17

Osvik, D.A., Shamir, A., Tromer, E. (2006b). Cache attacks and countermeasures: the case of AES. In: CT-RSA 2006

Osvik D, A Shamir, and E Tromer (2006c). “Cache attacks and countermeasures: the case of AES,” in The Cryptographers’ Track at the RSA Conference, pp. 1–25

Yarom Y, Falkner, K (2014) “Flush+ reload: A high resolution, low noise, l3 cache side-channel attack.” in USENIX Security Symposium, vol. 1, 22–25

Stefan Mangard, Elisabeth Oswald, and Thomas Popp (2007). “Power analysis attacks - revealing the secrets of smart cards”. Springer

Wei-Ming Hu (1992). Lattice scheduling and covert channels. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, May 4–6, 1992, pages 52–61. IEEE Computer Society

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. (2015a). Lastlevel cache side-channel attacks are practical. In IEEE Symposium on Security and Privacy. 605–622

10.

Liu F, Y Yarom, Q Ge, G Heiser, and RB Lee (2015b), “Last-level cache side-channel attacks are practical,” in Proceedings - IEEE Symposium on Security and Privacy, vol. 2015–July, pp. 605–622

11.

Yunjing Xu, Michael Bailey, Farnam Jahanian, Kaustubh Joshi, Matti Hiltunen, and Richard Schlichting. (2011). An exploration of L2 cache covert channels in virtualized environments. In proceedings of the 3rd ACM workshop on cloud computing security workshop. ACM, 29–40

12.

Q Ge, Y Yarom, D Cock, and G Heiser (2016). “A survey of microarchitectural timing attacks and countermeasures on contemporary hardware,” IACR Crypt. ePrint Arch., p. 613

13.

Anwar S et al (2017) Cross-vm cache-based side channel attacks and proposed prevention mechanisms: A survey. J Netw Comput Appl: 259–279

14.

Liu F, Lee RB (2014) “Random fill cache architecture,” in 2014 IEEE , 47th Annual IEEE/ACM International Symposium on Microarchitecture https://doi.org/10.1109/MICRO.2014.28

15.

X Jin, H Chen, X Wang, Z Wang, X Wen, Y Luo, and X Li (2009). “A simple cache partitioning approach in a virtualized environment,” in IEEE ISPA, p. 519, Aug 2009

16.

Raj H et al. (2009a) Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security, CCSW ‘09, ACM (New York, NY, USA, 2009), 77–84

17.

H Raj R Nathuji, A Singh, and P England (2009b). “Resource management for isolation enhanced cloud services,” in CCSW, pp. 77–84

18.

Brickell E, Graunke G, Neve M, Seifert J-P (2006) Software mitigations to hedge AES against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive 2006(2006):52

19.

Emilia Käsper and Peter Schwabe. (2009). Faster and timing-attack resistant AESGCM. In cryptographic hardware and embedded systems-CHES 2009. Springer, pp. 1–17

20.

Qureshi MK (2019). New attacks and defense for encrypted-address cache. In proceedings of the 46th international symposium on computer architecture, ISCA ‘19. ACM, New York, , pp 360–371

21.

Hu W (1992) Lattice scheduling and covert channels. In 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, USA, May 4–6, (1992), 52–61

22.

Kelsey J, Schneier B, Wagner D, Hall C (2000) Side channel cryptanalysis of product ciphers. J Comput Secur 8(2/3):141–158CrossRef

23.

Wu, J, Ding, L, Wu, Y, Min-Allah, N, Khan, SU and Wang, Y (2014). “C2detector: A Covert Channel Detection Framework in Cloud Computing,” Journal of Security and Communication Networks (7:3), March, pp 544–557

24.

Yarom Y, Falkner K (2013). “Flush + Reload : a High Resolution , Low Noise , L3 Cache Side-Channel Attack,” Cryptology ePrint Archive. [Online]. Accessed July18, 2013 Available: http://eprint.iacr.org/. Accessed Jul 18 2013

25.

Iyengar A, S Ghosh, N Rathi, and H Naeimi (2016). “Side channel attacks on STTRAM and low-overhead countermeasures,” in IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), pp. 141–146

26.

Gravina D, A Liapis, and G Yannakakis (2016). “A High-Resolution Side-Channel Attack on Last-Level Cache,” in DAC ‘16 Proceedings of the 53rd Annual Design Automation Conference, pp. 421–434

27.

Liu Fand R. B. Lee (2013). “Security testing of a secure cache design,” in Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy - HASP ‘13, pp. 1–8

28.

Yan M, Gopireddy B, Shull T, Torrellas J (2017) Secure hierarchy-aware cache replacement policy (sharp): Defending against cache-based side channel atacks. SIGARCH Comput Archit News 45(2):347–336CrossRef

29.

Wang Z, Lee RB (2007) New cache designs for thwarting software cache-based side channel attacks. ACM SIGARCH Computer Architecture News, 35(2):494–505, 2007.0, June 2017

30.

Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu (2017) Cached: identifying cache-based timing channels in production software. In 26th USENIX security symposium (USENIX security 17), pages 235–252, Vancouver, BC, august 2017. USENIX Association

31.

Moinuddin K Qureshi Ceaser (2018). Mitigating conflict based cache attacks via encrypted-address and remapping. In 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), pages 775–787. IEEE

32.

Ristenpart T, E Tromer, H Shacham, S Savage (2009). “Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds” Proc. the 6th ACM Conference on Computer and Communications Security (CCS 09), ACM Press, pp.199–212

33.

Shuai Wang, Yuyan Bao, Xiao Liu, Pei Wang, Danfeng Zhang, and Dinghao Wu. (2019). Identifying cache-based side channels through secret-augmented abstract interpretation. In 28th USENIX security symposium (USENIX security 19), pages 657–674, Santa Clara, CA, august 2019. USENIX Association

34.

Tianwei Zhang, Yinqian Zhang, and Ruby B Lee (2016). “CloudRadar: A Real-Time Side-Channel Attack Detection System in Clouds”, Springer International Publishing Switzerland 2016, F. Monrose et al. (Eds.): RAID 2016, LNCS 9854, pp. 118–140 https://doi.org/10.1007/978-3-319-45719-26

35.

Payer M (2016) “HexPADS: A platform to detect ‘stealth’ attacks,” in Proc. Int. Symp. Eng. Secure Softw. Syst. New York, NY, USA: Springer, 2016, pp. 138–154

36.

Zhang Y, A Juels, A Oprea, and MK Reiter (2011). “HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis,” in The IEEE Symposium on Security and Privacy, pp. 313–328

37.

Chiappetta M et al (2015) Real time detection of cache-based side-channel attacks using hardware performance counters. IACR Cryptology ePrint Archive 2015:1034

38.

Mohammad-Mahdi Bazm, Thibaut Sautereau, Marc Lacoste, Mario S Udholt, Jean-Marc Menaud (2018). “Cache-Based Side-Channel Attacks Detection through Intel Cache Monitoring Technologyand Hardware Performance Counters”, Third International Conference on Fog and Mobile Edge Computing (FMEC). https://doi.org/10.1109/FMEC.2018.8364038

39.

Doychev, D Feld, B Kopf, L Mauborgne, and J Reineke (2013). “Cacheaudit: A tool for the static analysis of cache sidechannels,” in Proceedings of the the 22nd USENIX SecuritySymposium (USENIX Security), pp. 431–446

40.

Doychev G, Kopf B (2017). “Rigorous analysis of software countermeasures against cache attacks,” in Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI).ACM, pp. 406–421

41.

Kulah Y, Dincer B, Savas CYE (2019) SpyDetector: An approach for detecting side-channel attacks at runtime. International Journal of Information Security 18:393–422

42.

Akram A, Mushtaq M, Bhatti MK, Lapotre V, Gogniat G (2020) Meet the Sherlock Holmes’ of Side Channel leakage: a survey of cache SCA detection techniques. IEEE Access 8:70836–70860. https://doi.org/10.1109/ACCESS.2020.2980522CrossRef

43.

Yu S, X Gui, and J Lin(2013) “An approach with two-stage mode to detect cache-based side channel attacks,” in The International Conference on Information Networking 2013 (ICOIN), pp. 186–191

44.

Han Y, Chan J, Alpcan T, Leckie C (2015) “Using Virtual Machine Allocation Policies to Defend against Co-resident Attacks in Cloud Computing,” published in IEEE Transactions on Dependable and Secure Computing, on 25th April, 2015

45.

Mattson RL, Gecsei J, Slutz DR, Ana Traiger IL (June 1970) Evaluation techniques for storage hierarchies. IBM Syst J 9(2):78–117CrossRef

46.

Jansen R, Brenner PR (2011) “Energy Efficient Virtual Machine Allocation in the Coud: An Analysis of Cloud Allocation Policies,” Proc.International Green Computing Conference and Workshops (IGCC 2011), pp. 1–8

47.

VMWARE, INC. VMware vSphere Hypervisor (ESXi) .http: //www. vmware.com/products /vsphere-hypervisor/ overview.html

Titel: An optimistic technique to detect Cache based Side Channel attacks in Cloud
verfasst von: G. Sangeetha
G. Sumathi
Publikationsdatum: 07.09.2020
Verlag: Springer US
Erschienen in: Peer-to-Peer Networking and Applications / Ausgabe 4/2021
Print ISSN: 1936-6442
Elektronische ISSN: 1936-6450
DOI: https://doi.org/10.1007/s12083-020-00996-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2021

Sparse auto encoder driven support vector regression based deep learning model for predicting network intrusions

A novel predicate based access control scheme for cloud environment using open stack swift storage

A framework for the identification of suspicious packets to detect anti-forensic attacks in the cloud environment

Effective power allocation and distribution for 6 g – network in a box enabled peer to peer wireless communication networks

P2P mobility management for seamless handover using D2D communication in B5G wireless technology

Traffic sign detection and recognition using RGSM and a novel feature extraction method