Wait a Minute! A fast, Cross-VM Attack on AES

Irazoqui, Gorka; İnci, Mehmet Sinan; Eisenbarth, Thomas; Sunar, Berk

doi:10.1007/978-3-319-11379-1_15

Cited by 178 publications

(155 citation statements)

References 20 publications

Supporting

Mentioning

155

Contrasting

Order By: Relevance

“…Cache attacks were also expanded so as to compromise public key cryptography algorithms like RSA as proposed in [27] and later in [29], demonstrating that such attacks are possible on the full spectrum of popular cryptography algorithms. Attacks became more potent after the proposal of the FLUSH + RELOAD attack, described in [30,31] which exploits the shared memory pages of OS libraries stored in the Last Level Cache (LLC) of any computer and similarly to sophisticated variations of the PRIME+PROBE attack [32] also focused on LLC, became applicable in cross core applications even against VM devices [22,32,33]. Furthermore, variations of the FLASH + RELOAD attack have been proposed for ARM-based systems thus providing strong implications of cache SCA vulnerabilities in ARM embedded systems (including embedded system nodes or Android-based mobile devices systems and ARM TrustZone Enabled processes) [23,34,35].…”

Section: Microarchitectural/cache Attacksmentioning

confidence: 99%

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

2017

View full text Add to dashboard Cite

Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT) and Operational Technology (OT) systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures) capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory). Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS) such systems are designed to provide.

show abstract

Section: Microarchitectural/cache Attacksmentioning

confidence: 99%

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

2017

View full text Add to dashboard Cite

show abstract

“…We believe our NFA-based attack framework can work in IaaS clouds as well, as long as memory de-duplication is enabled and memory pages that contain executables are shared between tenants. For instance, Irazoqui et al [15] utilized a similar Flush-Reload side channel (a special case of our NFA-based framework) in a cross-VM context to break AES keys. However, to the best of our knowledge, memory deduplication across VMs is not commonly used in many IaaS clouds (e.g., EC2), which limits the applicability of the Flush-Reload side-channel attack in those settings.…”

Section: Extending the Attacksmentioning

confidence: 99%

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Zhang

Juels

Reiter

et al. 2014

Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security

269

159

View full text Add to dashboard Cite

We present a new attack framework for conducting cachebased side-channel attacks and demonstrate this framework in attacks between tenants on commercial Platform-as-aService (PaaS) clouds. Our framework uses the FlushReload attack of Gullasch et al. as a primitive, and extends this work by leveraging it within an automaton-driven strategy for tracing a victim's execution. We leverage our framework first to confirm co-location of tenants and then to extract secrets across tenant boundaries. We specifically demonstrate attacks to collect potentially sensitive application data (e.g., the number of items in a shopping cart), to hijack user accounts, and to break SAML single sign-on. To the best of our knowledge, our attacks are the first granular, cross-tenant, side-channel attacks successfully demonstrated on state-of-the-art commercial clouds, PaaS or otherwise.

show abstract

“…HomeAlone [Zhang et al 2011b] is a tool for detecting the existence of side channels on the same host to launch the attack by examining neighbor VMs L2 cache memory activity. [Irazoqui et al 2014] demonstrate a Cross-VM Flush+Reload cache attacks to recover the keys of an AES implementation of OpenSSL running inside the victim VM, where the VMs are located on separate cores. A similar attack for commercial PaaS Cloud is proposed in , which has been exemplified with three real attacks.…”

Section: Existing Attacksmentioning

confidence: 99%

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Sgandurra

Lupu

2016

ACM Comput. Surv.

View full text Add to dashboard Cite

Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have considerably evolved over the years to cope with new attacks and threat models. In this work we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems which have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers, in particular hardware, virtualization, OS, application.

show abstract

Wait a Minute! A fast, Cross-VM Attack on AES

Cited by 178 publications

References 20 publications

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Cross-Tenant Side-Channel Attacks in PaaS Clouds

Evolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Contact Info

Product

Resources

About