- Problem addressed by the paper
Improvement over previous last level cache side channel attack.
- Solution proposed in the paper. Why is it better than previous work?
An algorithm for the attacker to probe exactly one cache set without knowing the virtual address mapping and using temporal access patterns to identify the victim’s security-critical accesses. It is faster than previous works. It does not require sharing cores and memory with the victim. It also does not rely on exploiting vulnerabilities of VMM (Virtual Machine Manager) or cloud server platform. It also achieves higher granularity that enables leaking of cryptographic keys.
- The major results.
The implementation bandwidth of the cross-VM covert channel achieves 1.2 Mb/s which is 6x faster than previous works. The experiment shows that cross-VM, cross-cores attack is practical. Its data transfer rate is 3x faster than raw transfer rate reported in previous work.
B. Basic idea and approach. How does the solution work?
An algorithm for the attacker to probe exactly one cache set without knowing the virtual address mapping and using temporal access patterns instead of conventional spatial access patterns to identify the victim’s security-critical accesses. Then they show the case study by showing practicality of a cross-VM side-channel attack that is able to extract a key from secred-dependent execution paths, and demonstrate it on Square-and-Multiply modular exponentiation in an 3,072 bit el-Gamal decryption implementation in the newest version of GnuPG.
Following is the outline of the attack:
1) Finding the cache sets that contains the multiplication code.
2) Collecting cache-set activity traces for all the cache sets.
3) Filtering out traces that do not match the expected statistical properties of multiplier access.
4) Clustering the traces to amplify the signal.
5) Analyzing the clusters to recover the multiplier usage patterns and calculate the exponent
- Novel idea with measurable performance improvement over previous works.
- It also offers mitigation technique of their attack.
- It requires knowledge of the crypto software used by the victim. Without this information, the attack does not work.
- The case study was done in an environment without noise. It might not work well in the real-world noisy environment that can be caused by system activity or capture errors.
- The case study was not done in real cloud environment. The attack might not work if the cloud provider offers additional security protection than off-the-shelf cloud server software. They do not mention the problem of doing the experiment using available cloud server provider such as Google or Amazon.
E. Future work, Open issues, possible improvements
- The attack could be further improved by combining it with known vulnerabilities in the VMM or the operating system.