MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

Cache attacks exploit memory access patterns of cryptographic implementations. Constant-time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of cryptographic operations to follow a uniform key independent pat...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:International journal of parallel programming Ročník 47; číslo 4; s. 538 - 570
Hlavní autoři: Moghimi, Ahmad, Wichelmann, Jan, Eisenbarth, Thomas, Sunar, Berk
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York Springer US 01.08.2019
Springer Nature B.V
Témata:
Algorithms
Aliasing
Computer architecture
Computer memory
Computer Science
Cryptography
Data encryption
Encryption
Microprocessors
Processor Architectures
Read-only memory devices
Recovery
Software Engineering/Programming and Operating Systems
Theory of Computation
Time dependence
False dependency
4K Aliasing
Side-channel attacks
Microarchitectural side channels
Cache
Timing attack
ISSN:0885-7458, 1573-7640
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Cache attacks exploit memory access patterns of cryptographic implementations. Constant-time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of cryptographic operations to follow a uniform key independent pattern. However, the constant-time behavior is dependent on the underlying architecture, which can be highly complex and often incorporates unpublished features. The CacheBleed attack targets cache bank conflicts and thereby invalidates the assumption that microarchitectural side-channel adversaries can only observe memory with cache line granularity. In this work, we propose MemJam , which utilizes 4K Aliasing to establish a side-channel attack that exploits false dependency of memory read-after-write events and provides a high quality intra cache line timing channel. As a proof of concept, we demonstrate the first key recovery attacks on constant-time implementations of all symmetric block ciphers supported in the current intel integrated performance primitives (Intel IPP) cryptographic library: triple DES, AES and SM4. Further, we demonstrate the first intra cache level timing attack on SGX by reproducing the AES key recovery results on an enclave that performs encryption using the aforementioned constant-time implementation of AES. Our results show that we can not only use this side channel to efficiently attack memory dependent cryptographic operations but also to bypass proposed protections. Compared to CacheBleed , which is limited to older processor generations, MemJam  is the first intra cache level attack applicable to all major Intel processors including the latest generations and also applies to the SGX extension.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0885-7458
1573-7640
DOI:10.1007/s10766-018-0611-9