Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis

Bhattacharya, Sarani; Mukhopadhyay, Debdeep

doi:10.1007/978-3-662-53140-2_29

Cited by 76 publications

(85 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such addresses are accessed one after the other so as to force the eviction of our aggressor row. This can be achieved through the use of a timing attack to find out the eviction set [12,17,18], or by using reverse engineering study of the Device under attack, focusing on manipulating the complex hash functions used by modern Intel processor to further partition the cache into slices [9]. On another approach proposed in [1], rowhammer is triggered with non-temporal store instructions, specifically libc functions, taking advantages of its cache bypass characteristic.…”

Section: Managing To Activate Rows In Each Bank Fast Enough To Triggementioning

confidence: 99%

“…Attacks that was mounted after consulting their own pagemap interface to obtain the corresponding physical address of each element have been relegated to be applicable just on Linux kernel versions at most 4.0 [12,18]. Exploitation technics based on probabilistic approaches that just pick a random virtual address to trigger the bug [10,11] are based on test code [14] and on the native code of the work in [17].…”

Section: Access the Aggressor Physical Address From Userlandmentioning

confidence: 99%

“…A second probabilistic exploitation uses a timing-based technique to learn in which bank secret data are kept in order to flip their bits and then just trigger the bug on the specific bank and hope to produce a flip bit of the row's secret data [18]. Other attacks rely on special memory management features such as memory deduplication [20], where the OS can be tricked to map a victim owner memory page on the attacker-controlled physical memory pages, or MMU (Memory Management Unit) Paravirtualization [16], where a malicious VM is allowed to trick a VM (Virtual Machine) monitor into mapping a page table into a vulnerable location.…”

Section: Exploit the Rowhammer Vulnerability (Take Advantage Of The Bmentioning

confidence: 99%

“…Such an attack is mounted for RSA (Rabin Shamir Adleman) exponentiation where a bit flip is injected through rowhammer in the secret exponent [18] This presents a new threat to the security of the embedded systems because it unlocks a hardware attack type (fault injection attacks) that traditionally need physical access to devices. Based on the theory that a single fault signature is enough to leak the secret in an unprotected implementation, the attacker aims at bit flips on the exponent, however having user-level privileges on the system, he does not know where the secret is placed in LLC (Last Level Cache) and DRAM.…”

Section: Attacks On X86 Devicesmentioning

confidence: 99%

“…Thus, the attacker needs to identify the bank in which the secret exponent resides. This goal in [18], is achieved through a spy process which uses timing analysis to identify the channel, bank and rank where the secret is mapped by probing on the execution time of the RSA decryption algorithm. Then, the eviction set that corresponds to the secret set must be found so as to bypass cache without flush instructions.…”

Section: Attacks On X86 Devicesmentioning

confidence: 99%

See 4 more Smart Citations

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

2017

View full text Add to dashboard Cite

Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT) and Operational Technology (OT) systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures) capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory). Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS) such systems are designed to provide.

show abstract

Section: Managing To Activate Rows In Each Bank Fast Enough To Triggementioning

confidence: 99%

Section: Access the Aggressor Physical Address From Userlandmentioning

confidence: 99%

Section: Exploit the Rowhammer Vulnerability (Take Advantage Of The Bmentioning

confidence: 99%

Section: Attacks On X86 Devicesmentioning

confidence: 99%

Section: Attacks On X86 Devicesmentioning

confidence: 99%

See 3 more Smart Citations

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

2017

View full text Add to dashboard Cite

show abstract

RowHammer and Beyond

Mutlu

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We will discuss the RowHammer problem in DRAM, which is a prime (and likely the first) example of how a circuit-level failure mechanism in Dynamic Random Access Memory (DRAM) can cause a practical and widespread system security vulnerability. RowHammer is the phenomenon that repeatedly accessing a row in a modern DRAM chip predictably causes errors in physically-adjacent rows. It is caused by a hardware failure mechanism called read disturb errors. Building on our initial fundamental work that appeared at ISCA 2014, Google Project Zero demonstrated that this hardware phenomenon can be exploited by user-level programs to gain kernel privileges. Many other recent works demonstrated other attacks exploiting RowHammer, including remote takeover of a server vulnerable to RowHammer. We will analyze the root causes of the problem and examine solution directions. We will also discuss what other problems may be lurking in DRAM and other types of memories, e.g., NAND flash and Phase Change Memory, which can potentially threaten the foundations of reliable and secure systems, as the memory technologies scale to higher densities.

show abstract

Cloud Computing Security: Hardware-Based Attacks and Countermeasures

Montasari

Daneshkhah

Jahankhani

et al. 2020

Digital Forensic Investigation of Internet of Things (IoT) Devices

View full text Add to dashboard Cite

Despite its many technological and economic benefits, Cloud Computing poses complex security threats resulting from the use of virtualisation technology. Compromising the security of any component in the cloud virtual infrastructure will negatively affect the security of other elements and so impact the overall system security. By characterising the diversity of cyber-attacks carried out in the Cloud, this paper aims to provide an analysis of both common and underexplored security threats associated with the cloud from a technical viewpoint. Accordingly, the paper will suggest emerging solutions that can help to address such threats. The paper also offers future research directions for cloud security that we hope can inspire the research community to develop more effective security solutions for cloud systems.

show abstract

Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis

Cited by 76 publications

References 11 publications

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

RowHammer and Beyond

Cloud Computing Security: Hardware-Based Attacks and Countermeasures

Contact Info

Product

Resources

About