Enabling hardware randomization across the cache hierarchy in Linux-Class processors

The most promising secure-cache design approaches use cache-set randomization to index cache contents thus thwarting cache side-channel attacks. Unfortunately, existing randomization proposals cannot be sucessfully applied to processors’ cache hierarchies due to the overhead added when dealing with coherency and virtual memory. In this paper, we solve existing limitations of hardware randomization approaches and propose a cost-effective randomization implementation to the whole cache hierarchy of a Linux-capable RISC-V processor.This work has been supported by the European HiPEAC Network of Excellence, by the Spanish Ministry of Economy and Competitiveness (contract TIN2015-65316-P), and by Generalitat de Catalunya (contracts 2017-SGR-1414 and 2017- SGR-1328). The DRAC project is co-financed by the European Union Regional Development Fund within the framework of the ERDF Operational Program of Catalonia 2014-2020 with a grant of 50% of total cost eligible. We also thank Red-RISCV for the efforts to promote activities around open hardware. This work has received funding from the EU Horizon2020 programme under grant agreement no. 871467 (SELENE). M. Doblas has been partially supported by the Agency for Management of University and Research Grants (AGAUR) of the Government of Catalonia under Beques de Col·laboració d’estudiants en departaments universitaris per al curs 2019- 2020. V. Kostalabros has been partially supported by the Agency for Management of University and Research Grants (AGAUR) of the Government of Catalonia under Ajuts per a la contractació de personal investigador novell fellowship number 2019FI_ B01274. M. Moreto has been partially supported by the Spanish Ministry of Economy, Industry and Competitiveness under Ramón y Cajal fellowship number RYC- 2016-21104.Peer ReviewedPostprint (published version

Differential Cache Trace Attack Against CLEFIA

The paper presents a differential cache trace attack against CLEFIA, a $128$ bit block cipher designed by Sony Corporation. The attack shows that such ciphers based on the generalized Feistel structures leak information of the secret key if the cache trace pattern is revealed to an adversary. The attack that we propose is a three staged attack and reveals the entire key with $2^{43}$ CLEFIA encryptions. The attack is simulated on an Intel Core 2 Duo Processor with a cache architecture with $32$ byte lines as a target platform

An Improved Trace Driven Instruction Cache Timing Attack on RSA

The previous I-cache timing attacks on RSA which exploit the instruction path of a cipher were mostly proof-of-concept, and it is harder to put them into practice than D-cache timing attacks. We propose a new trace driven timing attack model based on spying on the whole I-cache. An improved analysis algorithm of the exponent using the characteristic of the size of the window is advanced, which could further reduce the search space of the bits of the key than the former and provide an error detection mechanism to detect some erroneous decisions of the operation sequence. We implemented an attack on RSA of OpenSSL under a practical environment, proving that the feasibility and effectiveness of I-Cache timing attack could be improved

On the complexity of side-channel attacks on AES-256 -- methodology and quantitative results on cache attacks

Larger key lengths translate into an exponential increase in the complexity of an exhaustive search. Side-channel attacks, however, use a divide-and-conquer approach and hence it is generally assumed that increasing the key length cannot be used as mitigation. Yet, the internal round structure of AES-256 and its key-scheduling seem to hinder a direct extension of the existing attacks on AES-128 and thus challenge the proposition above. Indeed two consecutives round keys are required to infer the secret key and the MixColumns operation, not present in the last round, apparently increases the key search complexity from to 2^8 to 2^32. Additionally, it is unclear what the impact of the different round structures is on the number of required measurements. In this paper, we explore this question and show how to attack AES-256 with a key search complexity of O(2^8). This work confirms with practical experiments that AES-256 only offers a marginal increase in resistance against the attacks –both in the required number of measurements and in the required processing time. As an example, we quantify this increase for the case of cache-based side-channel attacks: AES-256 only provides an increase in complexity of 6 to 7 compared to cache-based attacks on AES-128

Yet Another MicroArchitectural Attack: Exploiting I-cache

MicroArchitectural Attacks (MA), which can be considered as a special form of Side-Channel Analysis, exploit microarchitectural functionalities of processor implementations and can compromise the security of computational environments even in the presence of sophisticated protection mechanisms like virtualization and sandboxing. This newly evolving research area has attracted significant interest due to the broad application range and the potentials of these attacks. Cache Analysis and Branch Prediction Analysis were the only types of MA that had been known publicly. In this paper, we introduce Instruction Cache (I-Cache) as yet another source of MA and present our experimental results which clearly prove the practicality and danger of I-Cache Attacks

Cache attack on MISTY1

Side-channel attacks exploit information from physical implementations of cryptographic systems. Cache attacks have improved at recovering information by combining observations of the victim\u27s cache access and knowledge of the cipher’s structure. Cache attacks have been implemented for most Feistel- and SPN-structured block cipher algorithms, but the security of algorithms for special structures has seen little attention. We perform a Flush+Reload attack on MISTY1, a class of block cipher with a recursive structure. The function is performed before the plaintext input S-box and after the ciphertext output S-box, making it difficult to attack the first and last rounds. However, the key scheduling part of MISTY1 leaks many bits of the key, which, together with the leakage of partial bits of the round key during encryption, is sufficient to recover it. We design an algorithm that can recover the MISTY1 128-bit key after observing encryption one time, and then use leakage during encryption to reduce its complexity. We experiment on 32- and 64-byte cache line environments. An adversary need observe as little as 5 encryptions to recover the 128-bit key in 0.035 second in the first case, and 10 encryptions to recover the key in 2.1 hours in the second case