Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Shixuan Zhang,Haixia Wang,Pengfei Qiu,Yongqiang Lyu,Hongpeng Wang,Dongsheng Wang

DOI: https://doi.org/10.1109/tifs.2024.3452002

IF: 7.231

2024-09-14

IEEE Transactions on Information Forensics and Security

Abstract:Recent research has unveiled numerous cache-timing side-channel attacks exploiting the side effects of fine-grained cache features, such as coherence protocol and prefetch, among others. Traditional modeling methods and verification techniques are insufficient for verifying caches with fine-grained features and detecting cache timing vulnerabilities. There is a necessity for comprehensive verification of such complex cache designs. This paper presents SCAFinder, a verification framework targeting the cache designs with fine-grained features; it identifies cache side-channel attacks through model checking techniques. Specifically, it proposes a modeling methodology for cache designs that enables us to abstract the cache's behavior and latency characteristics. We implement a search algorithm for finding all counterexamples based on open-source model checking software. Subsequently, we add an attack scenario analysis module to discover attacks applicable to specific scenarios. We evaluate SCAFinder on Intel Skylake-X microarchitecture, demonstrating its capability to generate 7 new attack sequences exploiting coherence protocol and prefetch, and 12 new replacement policy-based side channels. As a case study, we successfully built a covert channel for one of the sequences on the real-world processor. To the best of our knowledge, we are the first to implement cross-core replacement policy-based attacks on non-inclusive caches.

computer science, theory & methods,engineering, electrical & electronic

Xingjian Zhang,Ziqi Yuan,Rui Chang,Yajin Zhou

DOI: https://doi.org/10.1109/seed51797.2021.00014

2021-01-01

Abstract:Cache side-channel attacks can leak critical information from the target programs. The cache randomization methodology has proven to be an efficient way to mitigate such attacks. However, existing works do not take the cache hierarchy into consideration, failing to address the issue that different levels of caches have different performance and security requirements. In this work, we propose and implement a hybrid randomization scheme, named H(2)Cache, to mitigate cache side-channel attacks. H(2)Cache leverages two randomization approaches and applies them to different levels of caches. It strengthens the security of cache modules, while satisfying the performance and resource utilization requirements. Specifically, we design a table-based randomization method for the L1 cache, which uses a hashed virtual index to look up the actual cache set index. The L2 cache in H(2)Cache takes a computation-based randomization function to calculate the cache set index. We have implemented a prototype of H(2)Cache and extensively evaluated it using a self-designed RISC-V processor on the FPGA platform. We demonstrate the security of H(2)Cache through simulated attack programs and quantitative analysis. Meanwhile, the evaluation results of performance and resource utilization have shown its efficacy.

Pengfei Guo,Yingjian Yan,Junjie Wang,Jingxin Zhong,Yanjiang Liu,Jinsong Xu

DOI: https://doi.org/10.1016/j.cose.2023.103480

IF: 5.105

2023-09-13

Computers & Security

Abstract:Caches are key microarchitectural components of modern processors to improve memory access speed. However, attackers can readily implement timing side-channel attacks by exploiting the inherent time difference between cache hits and misses, which brings serious security threats to computer systems. In recent years, cache attacks have achieved fruitful consequences regarding attack techniques, targets, and platforms. At the same time, in order to measure the cache vulnerability, researchers have been looking at verifying the security policies and have proposed a variety of evaluation metrics. However, there are certain limitations in the current metrics, such as harsh assumptions, the distinguishing ability cannot be maintained all the time, the false positive and false negative noises can not be explicitly quantified, other tools are needed, and the verification environment is difficult to reproduce. To face these issues, we proposed a set of evaluation metrics, which includes the highest score (HS), minimum rounds to disclosure (MRD), and key score scissors differential (KSSD); we give the formal expressions in practice and theoretical, respectively. In order to facilitate the accurate reproduction of the experimental environment and results, we build a dual-core RISC-V bare-metal system based on the open-source framework Chipyard. On this basis, we conduct comprehensive evaluations to exploit vulnerabilities within the RISC-V cache architecture to verify the validity of the metrics suite. Furthermore, we compared the metrics with the commonly used success rate (SR) and guessing entropy (GE). The comparison results show that our proposed metrics suite can accurately depict the effects of attacks. Moreover, KSSD can maintain discrimination and converge quickly; MRD has more practical guidance; HS can specifically describe false negative noises. Finally, we perform a theoretical evaluation of AES algorithms with different T-table implementations using the proposed metrics, analyze the system's false positive and false negative noises, and suggest how the number of cache evictions can be determined under the random replacement policy.

computer science, information systems

Zihan Xu,Lingfeng Yin,Yongqiang Lyu,Haixia Wang,Gang Qu,Dongsheng Wang

DOI: https://doi.org/10.1109/asp-dac52403.2022.9712560

2022-01-01

Abstract:Defending cache timing side-channels has become a major concern in modern secure processor designs. However, a formal method that can completely check if a given cache design can defend against timing side-channel attacks is still absent. This study presents CacheGuard, a behavior model checker for cache timing side-channel security. Compared to current state-of-the-art prose rule-based security analysis methods, CacheGuard covers the whole state space for a given cache design to discover unknown side-channel attacks. Checking results on standard cache and state-of-the-art secure cache designs discovers 5 new attack strategies, and potentially makes it possible to develop a timing side channel-safe cache with the aid of CacheGuard.

Pengfei Guo,Yingjian Yan,Fan Zhang,Chunsheng Zhu,Lichao Zhang,Zibin Dai

DOI: https://doi.org/10.1016/j.cose.2023.103255

2023-04-10

Abstract:Cryptographic devices are vulnerable to side-channel attacks, which have attracted broad attention in the hardware security field. The side-channel analysis framework proposed at Eurocrypt 2009 has been widely adopted in academia, containing key elements such as points of interest, leakage models, distinguishers, and security metrics. This classical framework, however, is not intuitively compatible with recent micro-architectural attacks such as cache attacks, therefore, few attempts have been made to link them. In this paper, we extend the classical side-channel analysis framework and migrate its ideas to access-driven cache attacks. We find that cache attacks can be effectively incorporated into this framework. Specifically, we propose a leakage model called cache access pattern vector according to the cache timing leakage characteristics. Furthermore, we propose data preprocessing schemes such as noise reduction, dimensionality reduction, and vector expansion to implement efficient attacks. Subsequently, we proposed seven distinguishers in three categories: difference of means-based analysis, vector distance-based analysis, and mutual information-based analysis. Moreover, we attacked the last round of the AES fast software implementation algorithm based on the Chipyard platform. According to the experimental results, all proposed methods can successfully extract the key, and five of them are comparable to mainstream cache analysis in attack efficiency. Finally, we evaluate the five efficient distinguishers under three different cache micro-architectures using guessing entropy. Based on the experimental environment of this paper, vector distance-based distinguishers have the best attack efficiency, and the difference of mean-based analysis has the worst. Surprisingly, the most general mutual information-based attacks can achieve excellent medium results in a few attack rounds without the help of static analysis tools. Meanwhile, the experimental results demonstrate that cache micro-architecture directly impacts the attack effect, in which the smaller cache line size benefits the attacks, while the random replacement policy increases the noise and difficulty of the attacks.

computer science, information systems

Shuai Wang,Yuyan Bao,Xiao Liu,Pei Wang,Danfeng Zhang,Dinghao Wu

DOI: https://doi.org/10.48550/arXiv.1905.13332

2019-05-31

Abstract:Cache-based side channels enable a dedicated attacker to reveal program secrets by measuring the cache access patterns. Practical attacks have been shown against real-world crypto algorithm implementations such as RSA, AES, and ElGamal. By far, identifying information leaks due to cache-based side channels, either in a static or dynamic manner, remains a challenge: the existing approaches fail to offer high precision, full coverage, and good scalability simultaneously, thus impeding their practical use in real-world scenarios. In this paper, we propose a novel static analysis method on binaries to detect cache-based side channels. We use abstract interpretation to reason on program states with respect to abstract values at each program point. To make such abstract interpretation scalable to real-world cryptosystems while offering high precision and full coverage, we propose a novel abstract domain called the Secret-Augmented Symbolic domain (SAS). SAS tracks program secrets and dependencies on them for precision, while it tracks only coarse-grained public information for scalability. We have implemented the proposed technique into a practical tool named CacheS and evaluated it on the implementations of widely-used cryptographic algorithms in real-world crypto libraries, including Libgcrypt, OpenSSL, and mbedTLS. CacheS successfully confirmed a total of 154 information leaks reported by previous research and 54 leaks that were previously unknown. We have reported our findings to the developers. And they confirmed that many of those unknown information leaks do lead to potential side channels.

Cryptography and Security

Ankit Pulkit,Smita Naval,Vijay Laxmi

2023-12-18

Abstract:Side-channel attacks have become prominent attack surfaces in cyberspace. Attackers use the side information generated by the system while performing a task. Among the various side-channel attacks, cache side-channel attacks are leading as there has been an enormous growth in cache memory size in last decade, especially Last Level Cache (LLC). The adversary infers the information from the observable behavior of shared cache memory. This paper covers the detailed study of cache side-channel attacks and compares different microarchitectures in the context of side-channel attacks. Our main contributions are: (1) We have summarized the fundamentals and essentials of side-channel attacks and various attack surfaces (taxonomies). We also discussed different exploitation techniques, highlighting their capabilities and limitations. (2) We discussed cache side-channel attacks and analyzed the existing literature on cache side-channel attacks on various parameters like microarchitectures, cross-core exploitation, methodology, target, etc. (3) We discussed the detailed analysis of the existing mitigation strategies to prevent cache side-channel attacks. The analysis includes hardware- and software-based countermeasures, examining their strengths and weaknesses. We also discussed the challenges and trade-offs associated with mitigation strategies. This survey is supposed to provide a deeper understanding of the threats posed by these attacks to the research community with valuable insights into effective defense mechanisms.

Cryptography and Security

Xinjie Zhao,Fan Zhang,Shize Guo,Tao Wang,Zhijie Shi,Huiying Liu,Keke Ji

DOI: https://doi.org/10.1007/978-3-642-29912-4_17

2012-01-01

Abstract:Algebraic side-channel attack (ASCA) is a powerful cryptanalysis technique different from conventional side-channel attacks. This paper studies ASCA from three aspects: enhancement, analysis and application. To enhance ASCA, we propose a generic method, called Multiple Deductions-based ASCA (MDASCA), to cope the multiple deductions caused by inaccurate measurements or interferences. For the first time, we show that ASCA can exploit cache leakage models. We analyze the attacks and estimate the minimal amount of leakages required for a successful ASCA on AES under different leakage models. In addition, we apply MDASCA to attack AES on an 8-bit microcontroller under Hamming weight leakage model, on two typical microprocessors under access driven cache leakage model, and on a 32-bit ARM microprocessor under trace driven cache leakage model. Many better results are achieved compared to the previous work. The results are also consistent with the theoretical analysis. Our work shows that MDASCA poses great threats with its excellence in error tolerance and new leakage model exploitation.

Qian Ke,Chunlu Wang,Haixia Wang,Yongqiang Lyu,Zihan Xu,Dongsheng Wang

DOI: https://doi.org/10.1109/dsc55868.2022.00015

2022-01-01

Abstract:A new class of transient execution-based attacks, as known as Microarchitectural Data Sampling (MDS), were discovered in recent studies, such as RIDL, Fallout, and ZombieLoad, which have imposed severe threats to general-purpose processors. In MDS attacks, the attacker can steal the information from privileged CPU internal buffers, such as store buffers, line fill buffers, and load ports. To prevent these buffers from leaking information, processor vendors proposed mitigation via microcode update that overwrites CPU internal buffers as soon as the privilege levels are changed. However, the problem if a given architecture is safe against MDS attacks is still to be fully solved.In this study, we propose a formal verification method based on model checking to verify the microarchitectural security against MDS attacks. We formulate the MDS attacks as operation sequences, and set up a behavior model to describe the microarchitectural design correlated MDS attacks. A operation sequence is considered as an MDS attack if the operation sequence can obtain transient illegal data leaked from internal buffers during the operations. We enumerate all the possible sequences by binary decision diagram (BDD)-based statechart traversal, and output all the counterexamples. The experimental results show that the proposed method can sufficiently check the MDS attacks, and a kind of attack is detected to be able to bypass the mitigation proposed by Intel, which was contemporarily proposed as CacheOut attack.

Chao Su,Qingkai Zeng

DOI: https://doi.org/10.1155/2021/5559552

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Privacy protection is an essential part of information security. The use of shared resources demands more privacy and security protection, especially in cloud computing environments. Side-channel attacks based on CPU cache utilize shared CPU caches within the same physical device to compromise the system’s privacy (encryption keys, program status, etc.). Information is leaked through channels that are not intended to transmit information, jeopardizing system security. These attacks have the characteristics of both high concealment and high risk. Despite the improvement in architecture, which makes it more difficult to launch system intrusion and privacy leakage through traditional methods, side-channel attacks ignore those defenses because of the shared hardware. Difficult to be detected, they are much more dangerous in modern computer systems. Although some researchers focus on the survey of side-channel attacks, their study is limited to cryptographic modules such as Elliptic Curve Cryptosystems. All the discussions are based on real-world applications (e.g., Curve25519), and there is no systematic analysis for the related attack and security model. Firstly, this paper compares different types of cache-based side-channel attacks. Based on the comparison, a security model is proposed. The model describes the attacks from four key aspects, namely, vulnerability, cache type, pattern, and range. Through reviewing the corresponding defense methods, it reveals from which perspective defense strategies are effective for side-channel attacks. Finally, the challenges and research trends of CPU cache-based side-channel attacks in both attacking and defending are explored. The systematic analysis of CPU cache-based side-channel attacks highlights the fact that these attacks are more dangerous than expected. We believe our survey would draw developers’ attention to side-channel attacks and help to reduce the attack surface in the future.

Ziqiao Zhou,Michael K. Reiter,Yinqian Zhang

DOI: https://doi.org/10.48550/arXiv.1603.05615

2016-03-18

Abstract:We present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical memory pages shared between security domains to disable sharing of LLC lines, thus preventing "Flush-Reload" side channels via LLCs. It also manages cacheability of memory pages to thwart cross-tenant "Prime-Probe" attacks in LLCs. We have implemented our approach as a memory management subsystem called CacheBar within the Linux kernel to intervene on such side channels across container boundaries, as containers are a common method for enforcing tenant isolation in Platform-as-a-Service (PaaS) clouds. Through formal verification, principled analysis, and empirical evaluation, we show that CacheBar achieves strong security with small performance overheads for PaaS workloads.

Cryptography and Security

Xinjie Zhao,Tao Wang,Shize Guo,Fan Zhang,Zhijie Shi,Huiying Liu,Kehui Wu

2011-01-01

Abstract:Introduced in 2009, Algebraic Side-Channel Attack (ASCA) has become a very effective cryptanalysis technique that is different from conventional side-channel attacks such as DPA and CPA. In this paper, we propose an innovative and generic attack framework named as SATETASCA (SAT based Error Tolerant Algebraic Side-Channel Attack). The proposed framework is effective even if the leakage information is not accurate and has large variants or errors. We show its generality by successfully launching SAT-ETASCA to AES on two different platforms, using different types of leakages. The first attack is to an AES implementation on an 8-bit microcontroller, using the Hamming weight leakage model. We demonstrate that SAT-ETASCA can recover the full key even when the obtained leakage information has about 60% errors. The second attack is based on an innovative idea of applying the external cache …

Hossein Hosseinzadeh,Mihailo Isakov,Mostafa Darabi,Ahmad Patooghy,Michel A. Kinsy

DOI: https://doi.org/10.1109/MWSCAS.2017.8053051

2017-10-25

Abstract:Side channel attacks are a major class of attacks to crypto-systems. Attackers collect and analyze timing behavior, I/O data, or power consumption in these systems to undermine their effectiveness in protecting sensitive information. In this work, we propose a new cache architecture, called Janus, to enable crypto-systems to introduce randomization and uncertainty in their runtime timing behavior and power utilization profile. In the proposed cache architecture, each data block is equipped with an on-off flag to enable/disable the data block. The Janus architecture has two special instructions in its instruction set to support the on-off flag. Beside the analytical evaluation of the proposed cache architecture, we deploy it in an ARM-7 processor core to study its feasibility and practicality. Results show a significant variation in the timing behavior across all the benchmarks. The new secure processor architecture has minimal hardware overhead and significant improvement in protecting against power analysis and timing behavior attacks.

Cryptography and Security

Chang Li,Fei Qiao,Huazhong Yang

DOI: https://doi.org/10.1109/ICETC.2010.5529184

2010-01-01

Abstract:Embedded cryptographic devices not only suffer from traditional physical side channel attacks, but also undergo software cache-based side channel attacks recently. The attacks can easily get the user's confidential data via information leakage in caches, and don't require any special instruments. Among existing countermeasures, software solutions can defend the attacks perfectly while leading to significant performance degradation. Hardware solutions are very effective in reducing performance overhead while their structures are complex. This paper presents a novel easily implemented cache architecture which has an added small cache and adopts certain operation mechanism. Compared with traditional cache architecture, it has reduction in miss rate ranging between 20% and 50%, and has about 8.5% of reduction in power consumption, and is secure at the same time. This paper presents both theoretical analysis and experimental results. In our experiments, the MiBench suite is used to evaluate the cache performance of miss rate and energy consumption, and the security of cache is also analyzed. It also supplies the result of Synopsys Design Compiler of the RTL cache code under the 0.18μm CMOS technology.

Guangyuan Hu,Ruby B. Lee

2023-06-05

Abstract:Hardware caches are essential performance optimization features in modern processors to reduce the effective memory access time. Unfortunately, they are also the prime targets for attacks on computer processors because they are high-bandwidth and reliable side or covert channels for leaking secrets. Conventional cache timing attacks typically leak secret encryption keys, while recent speculative execution attacks typically leak arbitrary illegally-obtained secrets through cache timing channels. While many hardware defenses have been proposed for each class of attacks, we show that those for conventional (non-speculative) cache timing channels do not work for all speculative execution attacks, and vice versa. We maintain that a cache is not secure unless it can defend against both of these major attack classes. We propose a new methodology and framework for covering such relatively large attack surfaces to produce a Speculative and Timing Attack Resilient (STAR) cache subsystem. We use this to design two comprehensive secure cache architectures, STAR-FARR and STAR-NEWS, that have very low performance overheads of 5.6% and 6.8%, respectively. To the best of our knowledge, these are the first secure cache designs that cover both non-speculative cache side channels and cache-based speculative execution attacks. Our methodology can be used to compose and check other secure cache designs. It can also be extended to other attack classes and hardware systems. Additionally, we also highlight the intrinsic security and performance benefits of a randomized cache like a real Fully Associative cache with Random Replacement (FARR) and a lower-latency, speculation-aware version (NEWS).

Cryptography and Security,Hardware Architecture

Robert Brotzman,Danfeng Zhang,Mahmut Taylan Kandemir,Gang Tan

DOI: https://doi.org/10.1145/3485506

2021-10-20

Proceedings of the ACM on Programming Languages

Abstract:The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.

Xige ZHANG,ZHU Jiacheng,MA Jun,SHEN Lixiang,ZHOU Jiahui,MU Dejun,Jiacheng ZHU,Jun MA,Lixiang SHEN,Jiahui ZHOU,Dejun MU

DOI: https://doi.org/10.1051/jnwpu/20244210092

2024-02-01

Xibei Gongye Daxue Xuebao/Journal of Northwestern Polytechnical University

Abstract:Large scale integrate circuits is facing serious threat such as design vulnerabilities, side channels, and hardware Trojans. Traditional functional verification method is difficult to ensure high test coverage, and it is also difficult to detect security vulnerabilities such as side channels and stealthy hardware Trojans. Formal verification methods focus on the equivalence and functional correctness of design, and are difficult to meet security and reliability verification needs. The present work proposes a hardware security and reliability verification method from formal model. The present method can develop formal models for describing the security and reliability behaviour of hardware designs. It can detect potential security vulnerabilities in hardware designs. Experimental results show that the verification method is effective in detecting sensitive information leakage and modification caused by side channels and hardware Trojans.

Yujie Cui,Hongwei Cui,Xu Cheng

DOI: https://doi.org/10.1109/tc.2023.3254918

2023-01-01

Abstract:Caches have been used to construct various covert and side channels. Most existing cache channels exploit the timing difference between cache hits and cache misses. We highlight that cache misses in different states may have more significant time differences. This paper presents in detail how replacement latency differences can be used to construct timing-based channels (called WB channels) to leak information. Any modification to a cache line by a sender will set it to the dirty state, and the receiver can observe this through measuring the latency of replacing this cache set. This paper evaluates WB channels from implementation complexity, stability, scalability, bandwidth, and stealthiness. Experimental results show that WB channel can not only transmit information covertly with high bandwidth but also has the strong anti-interference ability. Moreover, many previous cache defense and detection mechanisms target attacks exploiting the timing difference between cache hits and cache misses. This paper discusses the effectiveness of the WB channels against some such strategies. Moreover, this paper shows how to use our WB channel to mount a side-channel attack against a real-world security-sensitive application, such as AES implemented in OpenSSL-1.0.1e.

Qi Chen,Dongyan Zhao,Liang Liu,Xuesong Yan,Yidong Yuan,Xige Zhang,Hongmei Wu,Zhe Wang

DOI: https://doi.org/10.1016/j.csi.2021.103569

IF: 3.721

2022-01-01

Computer Standards & Interfaces

Abstract:Side-channel attacks (SCAs) have become a significant threat nowadays to cryptographic devices, especially central processing units (CPUs). Based on the implementation of AES-128, the side-channel information leakage analysis is carried out in a 32-bit CPU microarchitecture in this work. Correlation power analysis (CPA) results show that it is obvious to reveal the secret key by using only 30 power traces based on the net-list simulation. Three flexibly configurable hardware-based countermeasures are proposed to prevent information leakage in the arithmetic and logic unit (ALU), register file (RF) and load/store unit (LSU), respectively, which are the most sensitive components according to our analysis. The proposed countermeasures have different protection effects on the CPU since the required trace number to reveal the secret key has increased from 30 to 100 similar to 120,000. Moreover, the anti-attack capability of the CPU is improved by 4000 times using the three countermeasures simultaneously. The proposed countermeasures can be freely combined while considering the CPU security and implementation overhead. In practice, the anti-attack capability of the CPU can be further improved when the proposed countermeasures are implemented in real-world measurements, because additional noise will be introduced during the measurements.