End-to-end automated cache-timing attack driven by Machine Learning

Carré, Sébastien; Dyseryn, Victor; Facon, Adrien; Guilley, Sylvain; Perianin, Thomas

doi:10.29007/nwj8

Cited by 3 publications

(5 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To avoid printing the same character multiple times, a cache miss counter between the keystrokes can be used [40]. Note that multiple cache lines can be considered to further increase the accuracy of the keylogger [61], [107], [15].…”

Section: Discussionmentioning

confidence: 99%

“…Wang et al [107] presented a similar automated approach to detect keystrokes in graphics libraries. Carre et al [15] mounted an automated approach for cache attacks driven by machine learning. With that approach, they were able to attack the secp256k11 OpenSSL ECDSA implementation and extract 256 bits of the secret key.…”

Section: E Automated Discovery Of Side Channel Attacksmentioning

confidence: 99%

“…Therefore, read-ahead is no problem for measuring the hit ratio and detecting the exact offset on this level. Alternatively, the templating could also be performed via controlled side channels [113], [32], [93], tracing tools such as Intel PIN, machine learning [107], [15] or architecturally monitoring the accesses of pages using PTEditor [88].…”

Section: Windowsmentioning

confidence: 99%

See 2 more Smart Citations

Layered Binary Templating: Efficient Detection of Compiler- and Linker-introduced Leakage

Schwarzl¹,

Kraft²,

Gruss³

2022

Preprint

View full text Add to dashboard Cite

Cache template attacks demonstrated automated leakage of user input in shared libraries. However, for large binaries, the runtime is prohibitively high. Other automated approaches focused on cryptographic implementations and media software but are not directly applicable to user input. Hence, discovering and eliminating all user input side-channel leakage on a cache-line granularity within huge code bases are impractical.In this paper, we present a new generic cache template attack technique, LBTA, layered binary templating attacks. LBTA uses multiple coarser-grained side channel layers as an extension to cache-line granularity templating to speed up the runtime of cache templating attacks. We describe LBTA with a variable number of layers with concrete side channels of different granularity, ranging from 64 B to 2 MB in practice and in theory beyond. In particular the software-level page cache side channel in combination with the hardware-level L3 cache side channel, already reduces the templating runtime by three orders of magnitude. We apply LBTAs to different software projects and thereby discover data deduplication and dead-stripping during compilation and linking as novel security issues. We show that these mechanisms introduce large spatial distances in binaries for data accessed during a keystroke, enabling reliable leakage of keystrokes. Using LBTA on Chromium-based applications, we can build a full unprivileged cache-based keylogger 1 . Our findings show that all user input to Chromium-based apps is affected and we demonstrate this on a selection of popular apps including Signal, Threema, Discord, and password manager apps like passky. As this is not a flaw of individual apps but the framework, we conclude that all apps that use the framework will also be affected, i.e., hundreds of apps.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: E Automated Discovery Of Side Channel Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Layered Binary Templating: Efficient Detection of Compiler- and Linker-introduced Leakage

Schwarzl¹,

Kraft²,

Gruss³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…The timing difference varies significantly with processor architectures, timers, and fencing instructions used around timer readings. Carré's work [7] uses a Flush+Flush monitor on ECDSA algorithm. Figure 1 shows the setup for our persistent cache monitoring, where the spy runs consecutive CLFLUSH and times each one.…”

Section: Persistent Cache Monitoring Attackmentioning

confidence: 99%

New passive and active attacks on deep neural networks in medical applications

Gongye

Zhang

et al. 2020

Proceedings of the 39th International Conference on Computer-Aided Design

View full text Add to dashboard Cite

“…From the lab evaluator's standpoint, the alignment is indeed an issue, but it is not the core protection, and resynchronization techniques do exist (cross-correlation, dynamic time warping (DTW), etc.) and/or some analyses are invariant in the time offsets (frequency domain analysis, convolutional neural networks or CNN [7], recurrent neural networks with connectionist temporal classification loss [8], etc.). Therefore, in the rest of the paper, we assume a progression of the analysis in two steps: horizontal and then vertical.…”

Section: Introductionmentioning

confidence: 99%

Side-Channel Evaluation Methodology on Software

Guilley

Karray²,

Perianin³

et al. 2020

Cryptography

Self Cite

View full text Add to dashboard Cite

Cryptographic implementations need to be robust amidst the widespread use of crypto-libraries and attacks targeting their implementation, such as side-channel attacks (SCA). Many certification schemes, such as Common Criteria and FIPS 140, continue without addressing side-channel flaws. Research works mostly tackle sophisticated attacks with simple use-cases, which is not the reality where end-to-end evaluation is not trivial. In this study we used all due diligence to assess the invulnerability of a given implementation from the shoes of an evaluator. In this work we underline that there are two kinds of SCA: horizontal and vertical. In terms of quotation, measurement and exploitation, horizontal SCA is easier. If traces are constant-time, then vertical attacks become convenient, since there is no need for specific alignment (“value based analysis”). We introduce our new methodology: Vary the key to select sensitive samples, where the values depend upon the key, and subsequently vary the mask to uncover unmasked key-dependent leakage, i.e., the flaws. This can be done in the source code (pre-silicon) for the designer or on the actual traces (post-silicon) for the test-lab. We also propose a methodology for quotations regarding SCA unlike standards that focus on only one aspect (like number of traces) and forgets about other aspects (such as equipment; cf. ISO/IEC 20085-1.

show abstract

End-to-end automated cache-timing attack driven by Machine Learning

Cited by 3 publications

References 13 publications

Layered Binary Templating: Efficient Detection of Compiler- and Linker-introduced Leakage

Layered Binary Templating: Efficient Detection of Compiler- and Linker-introduced Leakage

New passive and active attacks on deep neural networks in medical applications

Side-Channel Evaluation Methodology on Software

Contact Info

Product

Resources

About