skip to main content
10.1145/2487726.2487729acmconferencesArticle/Chapter ViewAbstractPublication PageshaspConference Proceedingsconference-collections
research-article

Security testing of a secure cache design

Published: 23 June 2013 Publication History

Abstract

Cache side channel attacks are attacks that leak secret information through physical implementation of cryptographic operations, nullifying cryptographic protection. Recently, these attacks have received great interest. Previous research found that software countermeasures alone are not enough to defend against cache side channel attacks. Secure cache designs can thwart the root causes of cache side channels and are more efficient. For instance, Newcache is a cache design that can enhance security, performance and power efficiency simultaneously through dynamic memory-cache remapping and eviction randomization. However, these cache designs seldom had their security verified experimentally by mounting cache side channel attacks on them.
In this paper, we test the security of Newcache using representative classes of cache side channel attacks proposed for conventional set-associative caches. The results show that Newcache can defeat all these attacks. However, what if a very knowledgeable attacker crafted the attack strategy targeting the secure caches design? We redesign the attacks specifically for Newcache. The results show that Newcache can defeat even crafted access-driven attacks specifically targeted at it but sometimes succumbs to the specifically crafted timing attacks, which is due to a very subtle vulnerability in its replacement algorithm. We further secure Newcache by modifying its replacement algorithm slightly, thus defeating these specifically crafted timing attacks. In addition, the improved Newcache simplifies the replacement algorithm in the original Newcache design.

References

[1]
O. Aciiçmez and Çetin Kaya Koç. Trace-driven cache attacks on aes, 2006.
[2]
D. J. Bernstein. Cache-timing attacks on aes. Technical report, 2005.
[3]
J. Bonneau and I. Mironov. Cache-collision timing attacks against aes. cryptographic hardware and embedded systems. pages 201--215. Springer, 2006.
[4]
J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems. A practical implementation of the timing attack. In Proceedings of the The International Conference on Smart Card Research and Applications, pages 167--182, London, UK, 2000. Springer-Verlag.
[5]
L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim., 8(4):35:1--35:21, Jan. 2012.
[6]
D. Gullasch, E. Bangerter, and S. Krenn. Cache games --- bringing access-based cache attacks on aes to practice. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, pages 490--505, Washington, DC, USA, 2011. IEEE Computer Society.
[7]
P. C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, pages 388--397, London, UK, 1999. Springer-Verlag.
[8]
J. Kong, O. Aciicmez, J.-P. Seifert, and H. Zhou. Hardware-software integrated approaches to defend against software cache-based side channel attacks. In HPCA'09, pages 393--404, 2009.
[9]
R. Könighofer. A fast and cache-timing resistant implementation of the aes. In Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology, pages 187--202, Berlin, Heidelberg, 2008. Springer-Verlag.
[10]
R. B. Lee and Y.-Y. Chen. Processor accelerator for aes. In Proceeding of the IEEE 8th Symposium on Application Specific Processors, Anaheim, CA, 2010.
[11]
K. Mowery, S. Keelveedhi, and H. Shacham. Are aes x86 cache timing attacks still feasible? In Proceedings of the ACM Workshop on Cloud computing security workshop, pages 19--24, New York, NY, USA, 2012. ACM.
[12]
D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: The case of aes. In Proceedings of the Cryptographers' Track at the RSA conference on Topics in Cryptology, pages 1--20, Berlin, Heidelberg, 2006. Springer-Verlag.
[13]
D. Page. Theoretical use of cache memory as a cryptanalytic side-channel. IACR Cryptology ePrint Archive, 2002:169, 2002.
[14]
D. Page. Partitioned cache architecture as a side-channel defence mechanism, 2005.
[15]
C. Percival. Cache missing for fun and profit. In Proc. of BSDCan, 2005.
[16]
Z. Wang and R. Lee. A novel cache architecture with enhanced performance and security. In IEEE/ACM International Symposium on Microarchitecture, pages 83--93, 2008.
[17]
Z. Wang and R. B. Lee. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the annual international symposium on Computer architecture, pages 494--505, New York, NY, USA, 2007. ACM.
[18]
Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-vm side channels and their use to extract private keys. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 305--316, New York, NY, USA, 2012. ACM.

Cited By

View all
  • (2021)Side-Channel Attacks With Multi-Thread Mixed LeakageIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.302327816(770-785)Online publication date: 2021
  • (2020)An optimistic technique to detect Cache based Side Channel attacks in CloudPeer-to-Peer Networking and Applications10.1007/s12083-020-00996-114:4(2473-2486)Online publication date: 7-Sep-2020
  • (2019)Ghost loadsProceedings of the 16th ACM International Conference on Computing Frontiers10.1145/3310273.3321558(153-163)Online publication date: 30-Apr-2019
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
June 2013
77 pages
ISBN:9781450321181
DOI:10.1145/2487726
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 June 2013

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Funding Sources

Conference

HASP '13
Sponsor:

Acceptance Rates

HASP '13 Paper Acceptance Rate 9 of 13 submissions, 69%;
Overall Acceptance Rate 9 of 13 submissions, 69%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)10
  • Downloads (Last 6 weeks)0
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)Side-Channel Attacks With Multi-Thread Mixed LeakageIEEE Transactions on Information Forensics and Security10.1109/TIFS.2020.302327816(770-785)Online publication date: 2021
  • (2020)An optimistic technique to detect Cache based Side Channel attacks in CloudPeer-to-Peer Networking and Applications10.1007/s12083-020-00996-114:4(2473-2486)Online publication date: 7-Sep-2020
  • (2019)Ghost loadsProceedings of the 16th ACM International Conference on Computing Frontiers10.1145/3310273.3321558(153-163)Online publication date: 30-Apr-2019
  • (2019)Efficient invisible speculative execution through selective delay and value predictionProceedings of the 46th International Symposium on Computer Architecture10.1145/3307650.3322216(723-735)Online publication date: 22-Jun-2019
  • (2019)Design and Verification of Secure Cache Wrapper Against Access-Driven Side-Channel Attacks2019 22nd Euromicro Conference on Digital System Design (DSD)10.1109/DSD.2019.00108(672-676)Online publication date: Aug-2019
  • (2018)Security in Cache Memory: Review2018 Second International Conference on Computing Methodologies and Communication (ICCMC)10.1109/ICCMC.2018.8487674(659-662)Online publication date: Feb-2018
  • (2018)A Novel Approach to Detect and Mitigate Cache Side Channel Attack in Cloud EnvironmentSmart and Innovative Trends in Next Generation Computing Technologies10.1007/978-981-10-8660-1_27(361-370)Online publication date: 9-Jun-2018
  • (2017)Fog computing securityJournal of Cloud Computing: Advances, Systems and Applications10.1186/s13677-017-0090-36:1(1-22)Online publication date: 1-Dec-2017
  • (2017)How secure is your cache against side-channel attacks?Proceedings of the 50th Annual IEEE/ACM International Symposium on Microarchitecture10.1145/3123939.3124546(341-353)Online publication date: 14-Oct-2017
  • (2017)A Survey of Timing Channels and CountermeasuresACM Computing Surveys10.1145/302387250:1(1-39)Online publication date: 10-Mar-2017
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media