Filters








71 Hits in 5.2 sec

A Faster and More Realistic Flush+Reload Attack on AES [chapter]

Berk Gülmezoğlu, Mehmet Sinan İnci, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar
2015 Lecture Notes in Computer Science  
In contrast to the other cross-VM cache attacks, our attack does not require synchronization with the target server and is fully asynchronous, working in a more realistic scenario with much weaker assumption  ...  This work exploits a shared resource optimization technique called memory deduplication to mount a powerful known-ciphertext only cache side-channel attack on a popular OpenSSL implementation of AES.  ...  [15] implemented a cross-VM access driven cache attack on AES in a VMware ESXI system using the Flush+Reload attack.  ... 
doi:10.1007/978-3-319-21476-4_8 fatcat:tcjwe5sjhrcn7m425wwoqj6kgy

Wait a Minute! A fast, Cross-VM Attack on AES [chapter]

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar
2014 Lecture Notes in Computer Science  
Furthermore, the attack works in a realistic setting where different VMs are located on separate cores.  ...  The modified flush+reload attack we present, takes only in the order of seconds to minutes to succeed in a cross-VM setting.  ...  We will employ a new variant: the flush and reload attack on AES.  ... 
doi:10.1007/978-3-319-11379-1_15 fatcat:jm3idb5umffg3a4dolgpy6louy

Flush+Flush: A Fast And Stealthy Cache Attack

Daniel Gruss, Clémentine Maurice, Klaus Wagner, Stefan Mangard
2016 Zenodo  
The Flush+Flush attack runs in a higher frequency and thus is faster than any existing cache attack.  ...  Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for detection.  ...  Acknowledgments We would like to thank Mathias Payer, Anders Fogh, and our anonymous reviewers for their valuable comments and suggestions.  ... 
doi:10.5281/zenodo.55446 fatcat:dy345rn6dbb7bewez5sbt6og7m

Flush+Flush: A Fast and Stealthy Cache Attack [article]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, Stefan Mangard
2016 arXiv   pre-print
The Flush+Flush attack runs in a higher frequency and thus is faster than any existing cache attack.  ...  Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for detection.  ...  Acknowledgments We would like to thank Mathias Payer, Anders Fogh, and our anonymous reviewers for their valuable comments and suggestions.  ... 
arXiv:1511.04594v3 fatcat:677vwejml5cnpcn7l75eki2gnu

WHISPER A Tool for Run-time Detection of Side-Channel Attacks

Maria Mushtaq, Jeremy Bricq, Muhammad Khurram Bhatti, Ayaz Akram, Vianney Lapotre, Guy Gogniat, Pascal Benoit
2020 IEEE Access  
We present experimental evaluation of WHISPER against Flush+Reload, Flush+Flush, Prime+Probe, Spectre and Meltdown attacks.  ...  High resolution and stealthy attacks and their variants such as Flush+Reload, Flush+Flush, Prime+Probe, Spectre and Meltdown have completely exposed the vulnerabilities in Intel's computing architecture  ...  We also implemented Flush+Reload on the AES from [6] , [45] and modified it for faster and full key recovery on the same principle as that used in Flush+Flush.  ... 
doi:10.1109/access.2020.2988370 fatcat:a7lzt2gq3jbgzcggvnzdnzvaba

Flush+Flush: A Fast and Stealthy Cache Attack [chapter]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, Stefan Mangard
2016 Lecture Notes in Computer Science  
However, Flush+Flush does not have a reload step, thus causing no cache misses compared to typical Flush+Reload and Prime+Probe attacks.  ...  Recent attacks either use the Flush+Reload technique on read-only shared memory or the Prime+Probe technique without shared memory, to derive encryption keys or eavesdrop on user input.  ...  ACKNOWLEDGMENT We would like to thank Mathias Payer, Anders Fogh and our anonymous reviewers for their valuable comments and suggestions.  ... 
doi:10.1007/978-3-319-40667-1_14 fatcat:vk76n6rtvnavba7kc54p5re4rm

Software-based Microarchitectural Attacks [article]

Daniel Gruss
2017 arXiv   pre-print
These attacks are especially interesting in scenarios where the attacker is unprivileged or even sandboxed. In this thesis, we focus on microarchitectural attacks and defenses on commodity systems.  ...  In the first part, we provide background on modern processor architectures and discuss state-of-the-art attacks and defenses in the area of microarchitectural side-channel attacks and microarchitectural  ...  We demonstrate our attack on a Windows 10 system.  ... 
arXiv:1706.05973v1 fatcat:4hwdpe4dancmblsxasg3a75h7a

Run-time Detection of Prime + Probe Side-Channel Attack on AES Encryption Algorithm

Maria Mushtaq, Ayaz Akram, Muhammad Khurram Bhatti, Rao Naveed Bin Rais, Vianney Lapotre, Guy Gogniat
2018 2018 Global Information Infrastructure and Networking Symposium (GIIS)  
This paper presents a run-time detection mechanism for access-driven cache-based Side-Channel Attacks (CSCAs) on Intel's x86 architecture.  ...  to complete a successful attack.  ...  [17] used KNN model to detect malicious loop activity within Flush+Reload attack.  ... 
doi:10.1109/giis.2018.8635767 dblp:conf/giis/MushtaqABRLG18 fatcat:rbmv56qiarbl5lkx2ar2eampiq

Lucky 13 Strikes Back

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, Berk Sunar
2015 Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15  
The attack currently succeeds to compromise PolarSSL, GnuTLS and CyaSSL on deduplication enabled platforms while the Lucky 13 patches in OpenSSL, Mozilla NSS and MatrixSSL are immune to this vulnerability  ...  In fact, the new side channel is significantly more accurate, thus yielding a much more effective attack. We briefly survey prominent cryptographic libraries for this vulnerability.  ...  There is a very rich literature of cache attacks and here we only very briefly review cache timing attacks and focus on a more recent and effective cache attack variant, e.g the Flush+Reload cache attack  ... 
doi:10.1145/2714576.2714625 dblp:conf/ccs/ApececheaIES15 fatcat:wdfl4jazofas7j5vp2chs7jjcq

Cache Template Attacks: Automating Attacks On Inclusive Last-Level Caches

Gruss Daniel, Spreitzer Raphael, Mangard Stefan
2015 Zenodo  
Among the presented attacks is the application of Cache Template Attacks to infer keystrokes and—even more severe—the identification of specific keys on Linux and Windows user interfaces.  ...  Recent work on cache attacks has shown that CPU caches represent a powerful source of information leakage.  ...  Acknowledgments We would like to thank the anonymous reviewers and our shepherd, Ben Ransford, for their valuable comments and suggestions.  ... 
doi:10.5281/zenodo.55454 fatcat:hko3xjhr7nhp3b7ipoje5e5qia

Know Thy Neighbor: Crypto Library Detection in Cloud

Gorka Irazoqui, Mehmet Sinan IncI, Thomas Eisenbarth, Berk Sunar
2015 Proceedings on Privacy Enhancing Technologies  
To this end, we use a Flush+Reload cache side-channel technique to measure the time it takes to call (load) a cryptographic library function.  ...  Our experiments show a complete attack setup scenario with single-trial success rates of up to 90% under light load and up to 50% under heavy load for libraries running in KVM.  ...  OpenSSL 1.0.1e: Vulnerable to Flush+Reload ECDSA attack [51], and to Heartbleed attack [4]. OpenSSL 1.0.1f: Vulnerable to Flush+Reload ECDSA attack [51], and to Heartbleed attack [4].  ... 
doi:10.1515/popets-2015-0003 dblp:journals/popets/IrazoquiIES15 fatcat:yjao6hhjj5fpvkq2bnomv3utua

Cache Misses and the Recovery of the Full AES 256 Key

Samira Briongos, Pedro Malagón, Juan-Mariano de Goyeneche, Jose Moya
2019 Applied Sciences  
This novel approach is applicable to existing attacks: Prime+Probe, Flush+Reload, Flush+Flush and Prime+Abort.  ...  about three times more complex to attack than AES-128 via cache attacks.  ...  Relying on the clflush instruction and with the same requirements as Flush+Reload, Gruss et al. [3] proposed the Flush+Flush attack.  ... 
doi:10.3390/app9050944 fatcat:wlge3sm4jrfz7am6sawdlxvjza

FLUSH + PREFETCH: A Countermeasure Against Access-driven Cache-based Side-Channel Attacks

M. Asim Mukhtar, Maria Mushtaq, M. Khurram Bhatti, Vianney Lapotre, Guy Gogniat
2019 Journal of systems architecture  
As a proof-of-concept, we have studied the effectiveness of Flush+Prefetch by defending the secret key of RSA cryptosystem against a high-resolution cache side-channel attack called Flush+Reload.  ...  We have evaluated the confidentiality of RSA decryption process on an Intel Xeon E5-2643 processor by generating 100, 000 requests to a web-server sequentially while considering the effect on performance  ...  Recently, these attacks have been presented on multi-core architecture without the assumption of compromising OS/VMM, which is a more realistic assumption [26, 8] .  ... 
doi:10.1016/j.sysarc.2019.101698 fatcat:kv36fy4lejczvcroa4p6svhp3i

S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES

Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar
2015 2015 IEEE Symposium on Security and Privacy  
The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less efficient than the flush and reload attack.  ...  In contrast, our attack works in the spirit of the flush and reload attack targeting the shared L3 cache instead.  ...  We would also like to thank Craig Shue for his help on understanding huge page allocation procedures.  ... 
doi:10.1109/sp.2015.42 dblp:conf/sp/ApececheaES15 fatcat:yvu2nrgolfbcnb6hdjzl2ksteu

Meet the Sherlock Holmes' of Side Channel Leakage: A Survey of Cache SCA Detection Techniques

Ayaz Akram, Maria Mushtaq, Muhammad Khurram Bhatti, Vianney Lapotre, Guy Gogniat
2020 IEEE Access  
Cache Side Channel Attacks (SCAs) have gained a lot of attention in the recent past. Since, these attacks exploit the caching hardware vulnerabilities, they are fast and dangerous.  ...  We identify a set of important characteristics that can be used to characterize a CSCA (cache side channel attack) detection technique.  ...  SpyDetector has been validated on CSCAs such as Prime+Probe on AES, Flush+Reload on AES & ECDSA and Flush+Flush on AES.  ... 
doi:10.1109/access.2020.2980522 fatcat:m56pih7ntbdubci2slah7hlkci
« Previous Showing results 1 — 15 out of 71 results