-
KeyDrown: Eliminating Keystroke Timing Side-Channel Attacks
Authors:
Michael Schwarz,
Moritz Lipp,
Daniel Gruss,
Samuel Weiser,
Clémentine Maurice,
Raphael Spreitzer,
Stefan Mangard
Abstract:
Besides cryptographic secrets, side-channel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. Previously proposed countermeasures fail to prevent keystroke timing attacks as they do not protect keystroke processing among the entire software stack.
We close…
▽ More
Besides cryptographic secrets, side-channel attacks also leak sensitive user input. The most accurate attacks exploit cache timings or interrupt information to monitor keystroke timings and subsequently infer typed words and sentences. Previously proposed countermeasures fail to prevent keystroke timing attacks as they do not protect keystroke processing among the entire software stack.
We close this gap with KeyDrown, a new defense mechanism against keystroke timing attacks. KeyDrown injects a large number of fake keystrokes in the kernel to prevent interrupt-based attacks and Prime+Probe attacks on the kernel. All keystrokes, including fake keystrokes, are carefully propagated through the shared library in order to hide any cache activity and thus to prevent Flush+Reload attacks. Finally, we provide additional protection against Prime+Probe for password input in user space programs. We show that attackers cannot distinguish fake keystrokes from real keystrokes anymore and we evaluate KeyDrown on a commodity notebook as well as on two Android smartphones. We show that KeyDrown eliminates any advantage an attacker can gain from using interrupt or cache side-channel information.
△ Less
Submitted 20 June, 2017;
originally announced June 2017.
-
Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices
Authors:
Raphael Spreitzer,
Veelasha Moonsamy,
Thomas Korak,
Stefan Mangard
Abstract:
Side-channel attacks on mobile devices have gained increasing attention since their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern mobile devices. Giv…
▽ More
Side-channel attacks on mobile devices have gained increasing attention since their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern mobile devices. Given the vast amount of sensitive information that are stored on smartphones, the ramifications of side-channel attacks affect both the security and privacy of users and their devices.
In this paper, we propose a new categorization system for side-channel attacks, which is necessary as side-channel attacks have evolved significantly since their scientific investigations during the smart card era in the 1990s. Our proposed classification system allows to analyze side-channel attacks systematically, and facilitates the development of novel countermeasures. Besides this new categorization system, the extensive survey of existing attacks and attack strategies provides valuable insights into the evolving field of side-channel attacks, especially when focusing on mobile devices. We conclude by discussing open issues and challenges in this context and outline possible future research directions.
△ Less
Submitted 6 December, 2017; v1 submitted 11 November, 2016;
originally announced November 2016.
-
ARMageddon: Cache Attacks on Mobile Devices
Authors:
Moritz Lipp,
Daniel Gruss,
Raphael Spreitzer,
Clémentine Maurice,
Stefan Mangard
Abstract:
In the last 10 years, cache attacks on Intel x86 CPUs have gained increasing attention among the scientific community and powerful techniques to exploit cache side channels have been developed. However, modern smartphones use one or more multi-core ARM CPUs that have a different cache organization and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks have been demonstrated o…
▽ More
In the last 10 years, cache attacks on Intel x86 CPUs have gained increasing attention among the scientific community and powerful techniques to exploit cache side channels have been developed. However, modern smartphones use one or more multi-core ARM CPUs that have a different cache organization and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks have been demonstrated on non-rooted Android smartphones. In this work, we demonstrate how to solve key challenges to perform the most powerful cross-core cache attacks Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush on non-rooted ARM-based devices without any privileges. Based on our techniques, we demonstrate covert channels that outperform state-of-the-art covert channels on Android by several orders of magnitude. Moreover, we present attacks to monitor tap and swipe events as well as keystrokes, and even derive the lengths of words entered on the touchscreen. Eventually, we are the first to attack cryptographic primitives implemented in Java. Our attacks work across CPUs and can even monitor cache activity in the ARM TrustZone from the normal world. The techniques we present can be used to attack hundreds of millions of Android devices.
△ Less
Submitted 19 June, 2016; v1 submitted 16 November, 2015;
originally announced November 2015.
-
PIN Skimming: Exploiting the Ambient-Light Sensor in Mobile Devices
Authors:
Raphael Spreitzer
Abstract:
In this paper, we propose a new type of side channel which is based on the ambient-light sensor employed in today's mobile devices. The pervasive usage of mobile devices, i.e., smartphones and tablet computers and their vast amount of sensors represent a plethora of side channels posing a serious threat to the user's privacy and security. While recent advances in this area of research focused on t…
▽ More
In this paper, we propose a new type of side channel which is based on the ambient-light sensor employed in today's mobile devices. The pervasive usage of mobile devices, i.e., smartphones and tablet computers and their vast amount of sensors represent a plethora of side channels posing a serious threat to the user's privacy and security. While recent advances in this area of research focused on the employed motion sensors and the camera as well as the sound, we investigate a less obvious source of information leakage, namely the ambient light. We successfully demonstrate that minor tilts and turns of mobile devices cause variations of the ambient-light sensor information. Thus, we are the first to show that this sensor leaks sensitive information. Furthermore, we demonstrate that these variations leak enough information to infer a user's personal identification number (PIN) input based on a set of known PINs. Our results show that we are able to determine the correct PIN---out of a set of 50 random PINs---within the first ten guesses about 80% of the time. In contrast, the chance of finding the right PIN by randomly guessing ten PINs would be 20%. Since the data required to perform such an attack can be gathered without any specific permissions or privileges, the presented side channel seriously jeopardizes the security and privacy of mobile-device owners.
△ Less
Submitted 15 May, 2014;
originally announced May 2014.
