Showing 1–4 of 4 results for author: Irazoqui, G

CacheShield: Protecting Legacy Processes Against Cache Attacks

Authors: Samira Briongos, Gorka Irazoqui, Pedro Malagón, Thomas Eisenbarth

Abstract: Cache attacks pose a threat to any code whose execution flow or memory accesses depend on sensitive information. Especially in public clouds, where caches are shared across several tenants, cache attacks remain an unsolved problem. Cache attacks rely on evictions by the spy process, which alter the execution behavior of the victim process. We show that hardware performance events of cryptographic… ▽ More Cache attacks pose a threat to any code whose execution flow or memory accesses depend on sensitive information. Especially in public clouds, where caches are shared across several tenants, cache attacks remain an unsolved problem. Cache attacks rely on evictions by the spy process, which alter the execution behavior of the victim process. We show that hardware performance events of cryptographic routines reveal the presence of cache attacks. Based on this observation, we propose CacheShield, a tool to protect legacy code by monitoring its execution and detecting the presence of cache attacks, thus providing the opportunity to take preventative measures. CacheShield can be run by users and does not require alteration of the OS or hypervisor, while previously proposed software-based countermeasures require cooperation from the hypervisor. Unlike methods that try to detect malicious processes, our approach is lean, as only a fraction of the system needs to be monitored. It also integrates well into today's cloud infrastructure, as concerned users can opt to use CacheShield without support from the cloud service provider. Our results show that CacheShield detects cache attacks fast, with high reliability, and with few false positives, even in the presence of strong noise. △ Less

Submitted 6 September, 2017; originally announced September 2017.

Did we learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries

Authors: Gorka Irazoqui, Kai Cong, Xiaofei Guo, Hareesh Khattri, Arun Kanuparthi, Thomas Eisenbarth, Berk Sunar

Abstract: This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage. The methodology works by identifying secret dependent memory and introducing forced evictions inside potentially vulnerable code to obtain cache traces that are… ▽ More This work presents a new tool to verify the correctness of cryptographic implementations with respect to cache attacks. Our methodology discovers vulnerabilities that are hard to find with other techniques, observed as exploitable leakage. The methodology works by identifying secret dependent memory and introducing forced evictions inside potentially vulnerable code to obtain cache traces that are analyzed using Mutual Information. If dependence is observed, the cryptographic implementation is classified as to leak information. We demonstrate the viability of our technique in the design of the three main cryptographic primitives, i.e., AES, RSA and ECC, in eight popular up to date cryptographic libraries, including OpenSSL, Libgcrypt, Intel IPP and NSS. Our results show that cryptographic code designers are far away from incorporating the appropriate countermeasures to avoid cache leakages, as we found that 50% of the default implementations analyzed leaked information that lead to key extraction. We responsibly notified the designers of all the leakages found and suggested patches to solve these vulnerabilities. △ Less

Submitted 5 September, 2017; originally announced September 2017.

AutoLock: Why Cache Attacks on ARM Are Harder Than You Think

Authors: Marc Green, Leandro Rodrigues-Lima, Andreas Zankl, Gorka Irazoqui, Johann Heyszl, Thomas Eisenbarth

Abstract: Attacks on the microarchitecture of modern processors have become a practical threat to security and privacy in desktop and cloud computing. Recently, cache attacks have successfully been demonstrated on ARM based mobile devices, suggesting they are as vulnerable as their desktop or server counterparts. In this work, we show that previous literature might have left an overly pessimistic conclusion… ▽ More Attacks on the microarchitecture of modern processors have become a practical threat to security and privacy in desktop and cloud computing. Recently, cache attacks have successfully been demonstrated on ARM based mobile devices, suggesting they are as vulnerable as their desktop or server counterparts. In this work, we show that previous literature might have left an overly pessimistic conclusion of ARM's security as we unveil AutoLock: an internal performance enhancement found in inclusive cache levels of ARM processors that adversely affects Evict+Time, Prime+Probe, and Evict+Reload attacks. AutoLock's presence on system-on-chips (SoCs) is not publicly documented, yet knowing that it is implemented is vital to correctly assess the risk of cache attacks. We therefore provide a detailed description of the feature and propose three ways to detect its presence on actual SoCs. We illustrate how AutoLock impedes cross-core cache evictions, but show that its effect can also be compensated in a practical attack. Our findings highlight the intricacies of cache attacks on ARM and suggest that a fair and comprehensive vulnerability assessment requires an in-depth understanding of ARM's cache architectures and rigorous testing across a broad range of ARM based devices. △ Less

Submitted 28 March, 2017; originally announced March 2017.

CacheZoom: How SGX Amplifies The Power of Cache Attacks

Authors: Ahmad Moghimi, Gorka Irazoqui, Thomas Eisenbarth

Abstract: In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are mal… ▽ More In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements. △ Less

Submitted 20 August, 2017; v1 submitted 20 March, 2017; originally announced March 2017.

Comments: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17)