PerfWeb: How to Violate Web Privacy with Hardware Performance Events

The browser history reveals highly sensitive information about users, such as financial status, health conditions, or political views. Private browsing modes and anonymity networks are consequently important tools to preserve the privacy not only of regular users but in particular of whistleblowers and dissidents. Yet, in this work we show how a malicious application can infer opened websites from Google Chrome in Incognito mode and from Tor Browser by exploiting hardware performance events (HPEs). In particular, we analyze the browsers' microarchitectural footprint with the help of advanced Machine Learning techniques: k-th Nearest Neighbors, Decision Trees, Support Vector Machines, and in contrast to previous literature also Convolutional Neural Networks. We profile 40 different websites, 30 of the top Alexa sites and 10 whistleblowing portals, on two machines featuring an Intel and an ARM processor. By monitoring retired instructions, cache accesses, and bus cycles for at most 5 seconds, we manage to classify the selected websites with a success rate of up to 86.3%. The results show that hardware performance events can clearly undermine the privacy of web users. We therefore propose mitigation strategies that impede our attacks and still allow legitimate use of HPEs

Automatic Quantification of Cache Side-Channels

The latency gap between caches and main memory has been successfully exploited for recovering sensitive input to programs, such as cryptographic keys from implementation of AES and RSA. So far, there are no practical general-purpose countermeasures against this threat. In this paper we propose a novel method for automatically deriving upper bounds on the amount of information about the input that an adversary can extract from a program by observing the CPU\u27s cache behavior. At the heart of our approach is a novel technique for efficient counting of concretizations of abstract cache states that enables us to connect state-of-the-art techniques for static cache analysis and quantitative information-flow. We implement our counting procedure on top of the AbsInt TimingExplorer, one of the most advanced engines for static cache analysis. We use our tool to perform a case study where we derive upper bounds on the cache leakage of a 128-bit AES executable on an ARM processor with a realistic cache configuration. We also analyze this implementation with a commonly suggested (but until now heuristic) countermeasure applied, obtaining a formal account of the corresponding increase in security

Statistical Analysis for Access-Driven Cache Attacks Against AES

In recent years, side-channel timing attacks utilizing architectural behavior have been applied to cloud settings, presenting a realistic and serious cyber threat. Access-driven cache attacks allow the adversary to observe side-channel leakage (cache access pattern) of a critical cryptographic implementation to infer the secret key. However, what the attackers observe may deviate from the real cache footprint of the victim process, affecting the effectiveness of cache-based timing attacks using the observed leakage. Various countermeasures, including secure cache and architectures design, should also be evaluated accurately for their side-channel resilience. To address this need, this paper proposes a mathematical model for access-driven cache attacks, and derives explicit success rate formulas for those attacks. It is the first theoretical model that explicitly considers the misclassification errors for cache access and cache non-access by the victim cryptographic process. We implement several access-driven cache attacks and use our models to evaluate them. We demonstrate that the proposed statistical model predicts the success rate of cache-based timing attacks accurately. We also apply the model onto various cache defense architectures for evaluation

Methods for finding the sources of leakage in cache-timing attacks and removing the profiling phase

Cryptographic algorithms are widely used in daily life in order to ensure data confidentiality and privacy. These algorithms are extensively analyzed by scientists against a theoretical deficiency. However, these theoretically verified algorithms could still posses security risks if they are not cautiously implemented. Side-channel analysis can infer the secret key by using the information leakage due to implementation flaws. One of the most studied side-channel attack is the Bernstein’s cache-timing attack. This attack owes its reputation to its ability to succeed without a spy process, which is needed to create intentional cache contentions in other cache attacks. However, the exact leakage sources of the Bernstein’s attack remained uncertain to a large extent. Moreover, the need for an identical target system to perform its profiling phase makes the attack unrealistic for real world computing platforms. In this dissertation we address these two problems. Firstly, we propose a methodology to reveal the exact sources of the information leakage. The iv proposed methodology makes use of hardware performance counters to count the number of cache misses, to which the code blocks in the program are subject. Our methodology can help the developers analyze their implementations and fix their code in the early phases of the development. Secondly, we present an approach to extract simplified cache timing-behavior models analytically and propose to use these generated models instead of a profiling phase. The fact that the attack can be accomplished without a profiling phase will lead the attack to be considered a more realistic threat than the attack originally proposed by Bernstein. We believe that, this improved version of the attack will encourage the cryptographic system designers to take further precautions against the attack

Low-Overhead Techniques For Secure And Reliable Gpu Computing

In recent years, Graphics Processing Units (GPUs) have become a de facto choice to accelerate the computations in various domains such as machine learning, security, financial and scientific computing. GPUs leverage the inherent data parallelism in the target applications to provide high throughput at superior energy efficiency. Due to the rising usage of GPUs for a large number of applications, they are facing new challenges, especially in the security and reliability domains. From the security side, recently several microarchitectural attacks targeting GPUs have been demonstrated. These attacks leak the secret information stored on GPUs, for example, the parameters of a neural network (NN) model and the private user information. From the reliability side, the innovations to improve GPU memory systems are making them more susceptible to errors. My dissertation research focuses on addressing these security and reliability challenges in GPUs while minimizing the associated overhead of the proposed protection mechanisms. To improve GPU security, we focus on the previously demonstrated correlation timing attack. Such an attack exploits the deterministic nature of the coalescing mechanism in GPUs to correlate the execution time and the number of accesses. Consequently, an attacker can recover the encryption keys stored on GPUs. Therefore, to counter the correlation timing attack, we first introduce a randomized coalescing defense scheme (RCoal). RCoal randomizes the coalescing logic such that the attacker fails to correlate the execution time and the number of accesses. As a result, RCoal thwarts the correlation timing attack. Next, we propose a bucketing-based coalescing defense scheme, BCoal, which minimizes the variation in the number of memory accesses by generating a predetermined number (called buckets) of memory accesses. With low variation in the number of memory accesses, the attacker cannot correlate the application execution time and the secret information, thus failing the correlation timing attack. BCoal generates less memory traffic than RCoal and, therefore, is performance efficient. To improve GPU reliability, we address the data memory faults in GPU caches and DRAM. Existing reliability mechanisms of redundancy and check-pointing fail to scale with the increasing memory/computational demands on GPUs and quickly become impractical. To address this problem, we study a wide range of applications to nd that a very small fraction of the data memory is most vulnerable to faults. This small fraction of the data is not only highly accessed but also highly shared across GPU threads. Consequently, we propose and develop two reliability schemes to detect-only and to detect/correct faults in this most vulnerable data while incurring low overhead. The focus of ongoing and future work is to improve the reliability of machine learning applications