A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
CacheShield: Protecting Legacy Processes Against Cache Attacks
[article]
2017
arXiv
pre-print
Preserved Fulltext
Cache attacks pose a threat to any code whose execution flow or memory accesses depend on sensitive information. Especially in public clouds, where caches are shared across several tenants, cache attacks remain an unsolved problem. Cache attacks rely on evictions by the spy process, which alter the execution behavior of the victim process. We show that hardware performance events of cryptographic routines reveal the presence of cache attacks. Based on this observation, we propose CacheShield, a
arXiv:1709.01795v1
fatcat:myvn7mddonawrietaovilf3ivi
more »
... tool to protect legacy code by monitoring its execution and detecting the presence of cache attacks, thus providing the opportunity to take preventative measures. CacheShield can be run by users and does not require alteration of the OS or hypervisor, while previously proposed software-based countermeasures require cooperation from the hypervisor. Unlike methods that try to detect malicious processes, our approach is lean, as only a fraction of the system needs to be monitored. It also integrates well into today's cloud infrastructure, as concerned users can opt to use CacheShield without support from the cloud service provider. Our results show that CacheShield detects cache attacks fast, with high reliability, and with few false positives, even in the presence of strong noise.
AutoLock: Why Cache Attacks on ARM Are Harder Than You Think
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Attack on AES Irazoqui et al. [20] propose an attack on table based implementations of AES using Flush+Reload. ...
Irazoqui et al. [20] state that the attack works equally well with all cache lines carrying lookup table entries. ...
arXiv:1703.09763v1
fatcat:daykpvsb2jh4znhcex35i6mucq
CacheZoom: How SGX Amplifies the Power of Cache Attacks
[chapter]
2017
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel
doi:10.1007/978-3-319-66787-4_4
fatcat:xfy45opwize3jmdwuox5ydcy6i
more »
... ack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T- Table based implementations with as few as ten measurements.
Know Thy Neighbor: Crypto Library Detection in Cloud
2015
Proceedings on Privacy Enhancing Technologies
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Irazoqui et al. [31] managed to recover an AES encryption key in a real cloud scenario without the necessity of blocking the AES execution (c.f. [28] ). Lastly, Zhang et al. ...
doi:10.1515/popets-2015-0003
dblp:journals/popets/IrazoquiIES15
fatcat:yjao6hhjj5fpvkq2bnomv3utua
CacheZoom: How SGX Amplifies The Power of Cache Attacks
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel
arXiv:1703.06986v2
fatcat:23wprfbd7rezbis4w5q5ifzfiq
more »
... ack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.
Cross Processor Cache Attacks
2016
Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
In order to overcome this issue, Liu et al. and Irazoqui et al. ...
Shortly later Irazoqui et al. [26] presented a new attack on the AES cipher across VMs, again using the Flush and Reload spy process. ...
doi:10.1145/2897845.2897867
dblp:conf/ccs/IrazoquiES16
fatcat:yqzpwbhur5di3nysudfeko2sfm
Cache Attacks Enable Bulk Key Recovery on the Cloud
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Cloud services keep gaining popularity despite the security concerns. While non-sensitive data is easily trusted to cloud, security critical data and applications are not. The main concern with the cloud is the shared resources like the CPU, memory and even the network adapter that provide subtle side-channels to malicious parties. We argue that these side-channels indeed leak fine grained, sensitive information and enable key recovery attacks on the cloud. Even further, as a quick scan in one
doi:10.1007/978-3-662-53140-2_18
fatcat:63urkzupung5dphpk42keyh4rm
more »
... f the Amazon EC2 regions shows, high percentage -55%-of users run outdated, leakage prone libraries leaving them vulnerable to mass surveillance. The most commonly exploited leakage in the shared resource systems stem from the cache and the memory. High resolution and the stability of these channels allow the attacker to extract fine grained information. In this work, we employ the Prime and Probe attack to retrieve an RSA secret key from a co-located instance. To speed up the attack, we reverse engineer the cache slice selection algorithm for the Intel Xeon E5-2670 v2 that is used in our cloud instances. Finally we employ noise reduction to deduce the RSA private key from the monitored traces. By processing the noisy data we obtain the complete 2048-bit RSA key used during the decryption.
Wait a Minute! A fast, Cross-VM Attack on AES
[chapter]
2014
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Recently, Irazoqui et al. [15] used Bernstein's attack to partially recover an AES key from a cross-VM attack running in XEN and VMware. ...
Finally in 2014 Irazoqui et al. [15] implemented Bernstein's attack for the first time in a virtualized environment where Xen and VMware VMMs with cross-VM setting were used. ...
doi:10.1007/978-3-319-11379-1_15
fatcat:jm3idb5umffg3a4dolgpy6louy
Lucky 13 Strikes Back
2015
Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS '15
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
This approach was later followed by Yarom et al. and Irazoqui et al. to recover RSA and AES keys respectively, even in cloud environments [41, 21] . ...
Recently the powerful Flush+Reload attack was used by Yarom et.al in cloud-like environments such as VMware ESXI and KVM to extract RSA [41, 10] and ECDSA keys, while Irazoqui et al. used the same detection ...
doi:10.1145/2714576.2714625
dblp:conf/ccs/ApececheaIES15
fatcat:wdfl4jazofas7j5vp2chs7jjcq
Systematic Reverse Engineering of Cache Slice Selection in Intel Processors
2015
2015 Euromicro Conference on Digital System Design
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
[12] or Irazoqui et al. [20] who recover RSA, ECDSA and AES keys respectively. ...
In consequence, one can use this information to perform LLC prime probing attacks, as demonstrated by Hund et al., Irazoqui et al. and Lei et al. ...
doi:10.1109/dsd.2015.56
dblp:conf/dsd/IrazoquiES15
fatcat:x26edorci5e6fiymtkceb4a7fa
A Faster and More Realistic Flush+Reload Attack on AES
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Later in 2014, Irazoqui et al. ...
Finally, Irazoqui et al. [14, 15] recovered AES keys in virtualized environments with Bernstein's attack and the Flush+Reload technique. ...
doi:10.1007/978-3-319-21476-4_8
fatcat:tcjwe5sjhrcn7m425wwoqj6kgy
Did we learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries
[article]
2017
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
[16] and Irazoqui et al. [17] , and has been successfully applied in commercial IaaS clouds [18] , as Javascript executions [3] and as smartphone applications [4] . ...
arXiv:1709.01552v1
fatcat:taa6yk3vffdqpibhgzavx2iseq
S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES
2015
2015 IEEE Symposium on Security and Privacy
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
[8] in ARM processors and then by Irazoqui et al. in VMware or Xen [11] . ...
Later Irazoqui et al. [10] used the same technique to recover AES keys across VMware VMs. ...
doi:10.1109/sp.2015.42
dblp:conf/sp/ApececheaES15
fatcat:yvu2nrgolfbcnb6hdjzl2ksteu
Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Acknowledgments We would like to thank Mark Seaborn, Mate Soos, Gorka Irazoqui, Thomas Eisenbarth and our anonymous reviewers for their valuable comments and suggestions. ...
Simultaneously to our work, Irazoqui et al. [14] , Liu et al. [20] , and Oren et al. [24] have extended the Prime+Probe attack to the LLC. ...
Concurrently to our work, Irazoqui et al. [15] worked on automating this reverse engineering, and evaluated their work on several processors. However, their method is similar to Hund et al. ...
doi:10.1007/978-3-319-26362-5_3
fatcat:kv2l42zecreyjkuyqpw75xlzk4
Guest Editorial: Hardware/Software Cross-Layer Technologies for Trustworthy and Secure Computing
2016
IEEE Transactions on Multi-Scale Computing Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
The paper titled "Cross-VM Cache Attacks on AES" by Berk Gulmezoglu, Mehmet Sinan Inci, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar applies cache side-channel attacks on a popular OpenSSL implementation ...
doi:10.1109/tmscs.2016.2609298
fatcat:n26k4fu7dbcihf7fkcxeta2ka4
« Previous
Showing results 1 — 15 out of 16 results