Are Timing-Based Side-Channel Attacks Feasible in Shared, Modern Computing Hardware?

Are Timing-Based Side-Channel Attacks Feasible in Shared, Modern Computing Hardware?

Reza Montasari (School of Computing and Digital Technology, Birmingham City University, Birmingham, UK), Amin Hosseinian-Far (Department of Business Systems and Operations, The University of Northampton, Northampton, UK), Richard Hill (Department of Computer Science, University of Huddersfield, Huddersfield, UK), Farshad Montaseri (Independent Researcher, Iran), Mak Sharma (School of Computing and Digital Technology, Birmingham City University, Birmingham, UK) and Shahid Shabbir (School of Computing and Digital Technology, Birmingham City University, Birmingham, UK)
DOI: 10.4018/IJOCI.2018040103

Abstract

This article describes how there exist various vulnerabilities in computing hardware that adversaries can exploit to mount attacks against the users of such hardware. Microarchitectural attacks, the result of these vulnerabilities, take advantage of microarchitectural performance of processor implementations, revealing hidden computing process. Leveraging microarchitectural resources, adversaries can potentially launch timing-based side-channel attacks in order to leak information via timing. In view of these security threats against computing hardware, the authors analyse current attacks that take advantage of microarchitectural elements in shared computing hardware. This analysis focuses only on timing-based side-channel attacks against the components of modern PC platforms - with references being made also to other platforms when relevant - as opposed to any other variations of side-channel attacks which have a broad application range. To this end, the authors analyse timing attacks performed against processor and cache components, again with references to other components when appropriate.
Article Preview

1. Introduction

Side-Channel Attacks, hereafter referred to as SCAs, pose serious security and privacy threats to modern and shared computing hardware (Ge et al., 2016; Liu et al., 2015; Xiao and Xiao, 2013; Kong, 2009). They are the result of spatial and temporal sharing of processor components between various applications as they run on the processor. A SCA – both theoretical (Hu, 1992, Page, 2002) and practical (Bernstein, 2005; Osvik et al., 2006) – is carried out through the exploitation of inadvertent information leakage from computing hardware (Gruss, 2017; Spreitzer et al., 2016) or via the exploitation of Microarchitectural channels in order to deduce secrete keys such as those utilised in symmetric cryptography (Inci et al., 2016; Yarom and Benger, 2014; Zhang et al., 2014). For instance, through a SCA, an attacker will be able to exfiltrate secret keys used in cryptographic implementations, or gain information about it by probing the runtime. As an example, in 128-bit AES implementations that utilises four 1KB precomputed SBox tables such as OpenSSL (OpenSSL, 2016; Gullasch et al., 2011; Neve and Seifert, 2006), the probing of the ciphertext can result in the extraction of the complete secret key (Zhang et al., 2014; Agrawal and Mishra, 2012; Neve and Seifert, 2006). Various systems have inherent side-channel vulnerabilities that can be exploited by the attackers to launch devastating SCAs. For instance, an adversary can simplsy carry out a differential power analysis (Kocher et al., 2017; Moradi et al., 2011; Kocher et al., 2011; Barenghi et al., 2010; Coppens et al., 2009; Schramm et al., 2004; Guilley et al., 2004; Kocher et al., 2004) or monitor electromagnetic radiation (Longo et al., 2015; Hayashi et al., 2013; Homma et al., 2010), etc., in order to deduce vital data from the victims’ systems (Zhang and Lee, 2014).

Furthermore, processor architecture features including simultaneous multithreading (Tromer et al., 2010; Aciiçmez et al., 2007; Percival, 2005), control speculation and shared caches (Steffan et al., 2000; Tsai and Yew, 1996) can unintentionally accelerate side channels or enable new side channels (Yarom and Falkner, 2014; Wang and Lee, 2006). As a result, attackers can detect and exploit contention between hardware threads on the multiplier unit (Ge et al., 2016; Guan et al., 2015; Chen and Venkataramani, 2014). Such contention can be also exploited to create a side channel (Liu et al., 2016; Hunger et al., 2015; Ristenpart et al., 2009), for instance, to enable a malicious thread to differentiate multiplications from squaring in OpenSSL’s RSA implementation (Aciiçmez et al., 2007; Wang and Lee, 2006). These attacks can determine the latency which result from contentious threats that are made to wait for access to functional units (Ge et al., 2016; Tromer et al., 2010; Ristenpart et al., 2009).

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 9: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 8: 4 Issues (2018): 3 Released, 1 Forthcoming
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing