A Faster and More Realistic Flush+Reload Attack on AES.

In contrast to the other cross-VM cache attacks, our attack does not require synchronization with the target server and is fully asynchronous, working in a more realistic scenario with much weaker assumption ... This work exploits a shared resource optimization technique called memory deduplication to mount a powerful known-ciphertext only cache side-channel attack on a popular OpenSSL implementation of AES. ... [15] implemented a cross-VM access driven cache attack on AES in a VMware ESXI system using the Flush+Reload attack. ...

doi:10.1007/978-3-319-21476-4_8 fatcat:tcjwe5sjhrcn7m425wwoqj6kgy

Furthermore, the attack works in a realistic setting where different VMs are located on separate cores. ... The modified flush+reload attack we present, takes only in the order of seconds to minutes to succeed in a cross-VM setting. ... We will employ a new variant: the flush and reload attack on AES. ...

doi:10.1007/978-3-319-11379-1_15 fatcat:jm3idb5umffg3a4dolgpy6louy

The Flush+Flush attack runs in a higher frequency and thus is faster than any existing cache attack. ... Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for detection. ... Acknowledgments We would like to thank Mathias Payer, Anders Fogh, and our anonymous reviewers for their valuable comments and suggestions. ...

doi:10.5281/zenodo.55446 fatcat:dy345rn6dbb7bewez5sbt6og7m

Open Access

The Flush+Flush attack runs in a higher frequency and thus is faster than any existing cache attack. ... Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for detection. ... Acknowledgments We would like to thank Mathias Payer, Anders Fogh, and our anonymous reviewers for their valuable comments and suggestions. ...

arXiv:1511.04594v3 fatcat:677vwejml5cnpcn7l75eki2gnu

Multiple Versions

We present experimental evaluation of WHISPER against Flush+Reload, Flush+Flush, Prime+Probe, Spectre and Meltdown attacks. ... High resolution and stealthy attacks and their variants such as Flush+Reload, Flush+Flush, Prime+Probe, Spectre and Meltdown have completely exposed the vulnerabilities in Intel's computing architecture ... We also implemented Flush+Reload on the AES from [6] , [45] and modified it for faster and full key recovery on the same principle as that used in Flush+Flush. ...

doi:10.1109/access.2020.2988370 fatcat:a7lzt2gq3jbgzcggvnzdnzvaba

DOAJ

However, Flush+Flush does not have a reload step, thus causing no cache misses compared to typical Flush+Reload and Prime+Probe attacks. ... Recent attacks either use the Flush+Reload technique on read-only shared memory or the Prime+Probe technique without shared memory, to derive encryption keys or eavesdrop on user input. ... ACKNOWLEDGMENT We would like to thank Mathias Payer, Anders Fogh and our anonymous reviewers for their valuable comments and suggestions. ...

doi:10.1007/978-3-319-40667-1_14 fatcat:vk76n6rtvnavba7kc54p5re4rm

These attacks are especially interesting in scenarios where the attacker is unprivileged or even sandboxed. In this thesis, we focus on microarchitectural attacks and defenses on commodity systems. ... In the first part, we provide background on modern processor architectures and discuss state-of-the-art attacks and defenses in the area of microarchitectural side-channel attacks and microarchitectural ... We demonstrate our attack on a Windows 10 system. ...

arXiv:1706.05973v1 fatcat:4hwdpe4dancmblsxasg3a75h7a

This paper presents a run-time detection mechanism for access-driven cache-based Side-Channel Attacks (CSCAs) on Intel's x86 architecture. ... to complete a successful attack. ... [17] used KNN model to detect malicious loop activity within Flush+Reload attack. ...

doi:10.1109/giis.2018.8635767 dblp:conf/giis/MushtaqABRLG18 fatcat:rbmv56qiarbl5lkx2ar2eampiq

The attack currently succeeds to compromise PolarSSL, GnuTLS and CyaSSL on deduplication enabled platforms while the Lucky 13 patches in OpenSSL, Mozilla NSS and MatrixSSL are immune to this vulnerability ... In fact, the new side channel is significantly more accurate, thus yielding a much more effective attack. We briefly survey prominent cryptographic libraries for this vulnerability. ... There is a very rich literature of cache attacks and here we only very briefly review cache timing attacks and focus on a more recent and effective cache attack variant, e.g the Flush+Reload cache attack ...

doi:10.1145/2714576.2714625 dblp:conf/ccs/ApececheaIES15 fatcat:wdfl4jazofas7j5vp2chs7jjcq

Among the presented attacks is the application of Cache Template Attacks to infer keystrokes and—even more severe—the identification of specific keys on Linux and Windows user interfaces. ... Recent work on cache attacks has shown that CPU caches represent a powerful source of information leakage. ... Acknowledgments We would like to thank the anonymous reviewers and our shepherd, Ben Ransford, for their valuable comments and suggestions. ...

doi:10.5281/zenodo.55454 fatcat:hko3xjhr7nhp3b7ipoje5e5qia

Open Access

To this end, we use a Flush+Reload cache side-channel technique to measure the time it takes to call (load) a cryptographic library function. ... Our experiments show a complete attack setup scenario with single-trial success rates of up to 90% under light load and up to 50% under heavy load for libraries running in KVM. ... OpenSSL 1.0.1e: Vulnerable to Flush+Reload ECDSA attack [51], and to Heartbleed attack [4]. OpenSSL 1.0.1f: Vulnerable to Flush+Reload ECDSA attack [51], and to Heartbleed attack [4]. ...

doi:10.1515/popets-2015-0003 dblp:journals/popets/IrazoquiIES15 fatcat:yjao6hhjj5fpvkq2bnomv3utua

DOAJ

This novel approach is applicable to existing attacks: Prime+Probe, Flush+Reload, Flush+Flush and Prime+Abort. ... about three times more complex to attack than AES-128 via cache attacks. ... Relying on the clflush instruction and with the same requirements as Flush+Reload, Gruss et al. [3] proposed the Flush+Flush attack. ...

doi:10.3390/app9050944 fatcat:wlge3sm4jrfz7am6sawdlxvjza

DOAJ

As a proof-of-concept, we have studied the effectiveness of Flush+Prefetch by defending the secret key of RSA cryptosystem against a high-resolution cache side-channel attack called Flush+Reload. ... We have evaluated the confidentiality of RSA decryption process on an Intel Xeon E5-2643 processor by generating 100, 000 requests to a web-server sequentially while considering the effect on performance ... Recently, these attacks have been presented on multi-core architecture without the assumption of compromising OS/VMM, which is a more realistic assumption [26, 8] . ...

doi:10.1016/j.sysarc.2019.101698 fatcat:kv36fy4lejczvcroa4p6svhp3i

The attack recovers AES keys in the cross-VM setting on Xen 4.1 with deduplication disabled, being only slightly less efficient than the flush and reload attack. ... In contrast, our attack works in the spirit of the flush and reload attack targeting the shared L3 cache instead. ... We would also like to thank Craig Shue for his help on understanding huge page allocation procedures. ...

doi:10.1109/sp.2015.42 dblp:conf/sp/ApececheaES15 fatcat:yvu2nrgolfbcnb6hdjzl2ksteu

Cache Side Channel Attacks (SCAs) have gained a lot of attention in the recent past. Since, these attacks exploit the caching hardware vulnerabilities, they are fast and dangerous. ... We identify a set of important characteristics that can be used to characterize a CSCA (cache side channel attack) detection technique. ... SpyDetector has been validated on CSCAs such as Prime+Probe on AES, Flush+Reload on AES & ECDSA and Flush+Flush on AES. ...

doi:10.1109/access.2020.2980522 fatcat:m56pih7ntbdubci2slah7hlkci

DOAJ

A Faster and More Realistic Flush+Reload Attack on AES [chapter]

Preserved Fulltext

Wait a Minute! A fast, Cross-VM Attack on AES [chapter]

Preserved Fulltext

Flush+Flush: A Fast And Stealthy Cache Attack

Preserved Fulltext

Flush+Flush: A Fast and Stealthy Cache Attack [article]

Preserved Fulltext

Other Versions

WHISPER A Tool for Run-time Detection of Side-Channel Attacks

Preserved Fulltext

Flush+Flush: A Fast and Stealthy Cache Attack [chapter]

Preserved Fulltext

Software-based Microarchitectural Attacks [article]

Preserved Fulltext

Run-time Detection of Prime + Probe Side-Channel Attack on AES Encryption Algorithm

Preserved Fulltext

Lucky 13 Strikes Back

Preserved Fulltext

Cache Template Attacks: Automating Attacks On Inclusive Last-Level Caches

Preserved Fulltext

Know Thy Neighbor: Crypto Library Detection in Cloud

Preserved Fulltext

Cache Misses and the Recovery of the Full AES 256 Key

Preserved Fulltext

FLUSH + PREFETCH: A Countermeasure Against Access-driven Cache-based Side-Channel Attacks

Preserved Fulltext

S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES

Preserved Fulltext

Meet the Sherlock Holmes' of Side Channel Leakage: A Survey of Cache SCA Detection Techniques

Preserved Fulltext