Cache Side Channel Attacks

ECS 153

Information leakage

Alice wants to tell Bob which food truck to meet her at. They have shared a One Time Pad before hand.

Choices: Shah, Red, Buckhorn

Information leakage

Alice wants to tell Bob which food truck to meet her at. They have shared a One Time Pad before hand.

Choices: Shah, Red, Buckhorn

As Mallory, you see the following message: DD 30 A6 6F

What can you deduct from this?

Information leakage

Shah -> 45 4F AB 79

Red -> A9 65 CB

Buckhorn -> EB 61 8A CF 9B A2 B7 9D

Information leakage

Shah -> 45 4F AB 79

Red -> A9 65 CB

Buckhorn -> EB 61 8A CF 9B A2 B7 9D

They’re going to Shah’s, because it’s a 4-byte message!

Information leakage

Shah -> 45 4F AB 79

Red -> A9 65 CB

Buckhorn -> EB 61 8A CF 9B A2 B7 9D

They’re going to Shah’s, because it’s a 4-byte message!

The message content itself is secure, but it can still leak information.

What’s a side channel?

Anything that’s not information you get directly

​

What’s a side channel?

Anything that’s not information you get directly

Message length?

​

What’s a side channel?

Anything that’s not information you get directly

Message length?

Timing information?

​

What’s a side channel?

Anything that’s not information you get directly

Message length?

Timing information?

​

What’s a side channel?

Anything that’s not information you get directly

Message length?

Timing information?

Power consumption?

What’s a side channel?

Anything that’s not information you get directly

Message length?

Timing information?

Power consumption?

Van Eck Phreaking

​

​

​

​

​

https://www.cl.cam.ac.uk/~mgk25/pet2004-fpd.pdf

​

Cache refresher

Cache

Mem

CPU

T

i

m

e

Cache refresher

Cache

Mem

CPU

T

i

m

e

Can I haz 0x64fac?

Cache refresher

Cache

Mem

CPU

T

i

m

e

Can I haz 0x64fac?

I don’t have it.

Hey memory, what is it?

Cache refresher

Cache

Mem

CPU

T

i

m

e

Can I haz 0x64fac?

I don’t have it.

Hey memory, what is it?

Thinking……

Cache refresher

Cache

Mem

CPU

T

i

m

e

Can I haz 0x64fac?

I don’t have it.

Hey memory, what is it?

Thinking……

0xdeadbeef

Cache refresher

Cache

Mem

CPU

T

i

m

e

Can I haz 0x64fac?

I don’t have it.

Hey memory, what is it?

Thinking……

0xdeadbeef

Thanks. I’ll remember that.

Cache refresher

Cache

Mem

CPU

T

i

m

e

Can I haz 0x64fac?

I don’t have it.

Hey memory, what is it?

Thinking……

0xdeadbeef

Thanks. I’ll remember that.

Can I haz 0x64fac?

Cache refresher

Cache

Mem

CPU

T

i

m

e

Can I haz 0x64fac?

I don’t have it.

Hey memory, what is it?

Thinking……

0xdeadbeef

Thanks. I’ll remember that.

Can I haz 0x64fac?

It’s 0xdeadbeef.

Cache terminology

• Cache line
• One chunk of memory that’s stored in the cache
• Intel has 64-byte lines
• Cache set:
• Each memory address has a corresponding set that it should be put into
• Only have to look in one set to know if a cache line is there
• Each set can contain multiple lines
• 2048 sets per core in Intel L3 cache, each set can store 12 cache lines
• Cache hit/miss
• Eviction
• Getting rid of a cache line to make room for another

​

Skip

Cache terminology

Cache

Mem

CPU

Cache terminology

Cache

Mem

CPU

Hey! Give me the value at

0xABCDEF12~0xABCDEF15

Cache terminology

Cache

Mem

CPU

The address 0xABCDEF12 maps to cache set #1234

Cache terminology

Cache

Mem

CPU

Set #1233

Set #1234

Set #1235

Cache terminology

Cache

Mem

CPU

Set #1233

Set #1234

Set #1235

Miss!

Cache terminology

Cache

Mem

CPU

Hey memory! Give me 0xABCDEF00~0xABCDEF40

Cache terminology

Cache

Mem

CPU

Hey memory! Give me 0xABCDEF00~0xABCDEF40

Cache Line:

The cache stores one line (64 bytes) at a time

Cache terminology

Cache

Mem

CPU

ABCDEF00: af5c 79dc 0d28 e5bf 5b95 81e0 1048 ac0e .\y..(..[....H..

ABCDEF10: 3fb3 99fa d05f 3522 8251 ef37 742a 915a ?...._5".Q.7t*.Z

ABCDEF20: 9975 29d1 3424 2a90 2688 8327 1532 6d4e .u).4$*.&..'.2mN

ABCDEF30: d936 fa3b 4912 39b1 fe93 db1e 8436 eeda .6.;I.9......6..

Cache terminology

Cache

Mem

CPU

Set #1233

Set #1234

Set #1235

Cache terminology

Cache

Mem

CPU

Set #1233

Set #1234

Set #1235

Evict!

Cache terminology

Cache

Mem

CPU

Set #1233

Set #1234

Set #1235

Cache terminology

Cache

Mem

CPU

0xABCDEF12 contains:

99 FA D0 5F

Cache terminology

Cache

Mem

CPU

Hey! Give me the value at

0xABCDEF34~0xABCDEF37

Cache terminology

Cache

Mem

CPU

The address 0xABCDEF34 maps to cache set #1234

Cache terminology

Cache

Mem

CPU

Set #1233

Set #1234

Set #1235

Hit!

Cache terminology

Cache

Mem

CPU

0xABCDEF34 contains:

49 12 39 B1

Cache side channel attacks

The cache sits between the CPU and memory. If something is already in the cache, the next read from it will be faster

We can set the cache up a certain way, wait until the victim does something, and see how things change!

Used in all kinds of exploits, like spectre/meltdown

An example

An example

An example

Flush an address from cache

Record current time

secretfunction()

Record current time

Log difference

An example

An example

An example

​

​

Log start time: 1000

An example

​

​

Log start time: 1000

Cache hit!

An example

​

​

Log start time: 1000

Cache hit!

Log end time: 1200

Difference: 200

An example

​

​

​

An example

​

​

​

An example

​

​

Log start time: 2000

An example

​

​

Log start time: 2000

Cache miss!

An example

​

​

Log start time: 2000

Cache miss!

An example

​

​

Log start time: 2000

Cache miss!

Log end time: 2500

Difference: 500

An example

An example

​

​

​

​

Source code: https://bit.ly/2Xc73bh

Types of cache timing side channels

• Evict+Time
• Prime+Probe
• Flush+Reload

​

• All different sides of the same coin
• Make the cache look a certain way, see how it changes things
• If anyone has a three-sided coin or dice please let me know

Evict+Time

• Process

Evict+Time

• Process
• Run victim code, time

Evict+Time

• Process
• Run victim code, time
• Evict a cache set

Evict+Time

• Process
• Run victim code, time
• Evict a cache set
• Run victim code again, time

Evict+Time

• Process
• Run victim code, time
• Evict a cache set
• Run victim code again, time
• If the second run takes longer, it used the cache set
• Advantages?

Evict+Time

• Process
• Run victim code, time
• Evict a cache set
• Run victim code again, time
• If the second run takes longer, it used the cache set
• Advantages?
• Fairly consistent (compared to other methods)
• Disadvantages?

Evict+Time

• Process
• Run victim code, time
• Evict a cache set
• Run victim code again, time
• If the second run takes longer, it used the cache set
• Advantages?
• Fairly consistent (compared to other methods)
• Disadvantages?
• Need to call victim code reliably

Prime+Probe

• Process

Prime+Probe

• Process
• Prime the cache sets to contain only attacker data

Prime+Probe

• Process
• Prime the cache sets to contain only attacker data
• Probe the attacker data occasionally, record the time

Prime+Probe

• Process
• Prime the cache sets to contain only attacker data
• Probe the attacker data occasionally, record the time

Prime+Probe

• Process
• Prime the cache sets to contain only attacker data
• Probe the attacker data occasionally, record the time

Prime+Probe

• Process
• Prime the cache sets to contain only attacker data
• Probe the attacker data occasionally, record the time
• If your probe takes longer, the victim code has put something in the cache set
• Advantages?

Prime+Probe

• Process
• Prime the cache sets to contain only attacker data
• Probe the attacker data occasionally, record the time
• If your probe takes longer, the victim code has put something in the cache set
• Advantages?
• Can run concurrently with victim, better time resolution
• Disadvantages?

Prime+Probe

• Process
• Prime the cache sets to contain only attacker data
• Probe the attacker data occasionally, record the time
• If your probe takes longer, the victim code has put something in the cache set
• Advantages?
• Can run concurrently with victim, better time resolution
• Disadvantages?
• Noise

Flush+Reload

• Process

Flush+Reload

• Process
• Flush one cache line using CLFLUSH

Flush+Reload

• Process
• Flush one cache line using CLFLUSH
• Reload the data in the cache line, time

Flush+Reload

• Process
• Flush one cache line using CLFLUSH
• Reload the data in the cache line, time
• If the time takes to reload is short, the victim has used that cache line/memory location
• Advantages?

Flush+Reload

• Process
• Flush one cache line using CLFLUSH
• Reload the data in the cache line, time
• If the time takes to reload is short, the victim has used that cache line/memory location
• Advantages?
• Good resolution (down to cache line)
• Disadvantages?

Flush+Reload

• Process
• Flush one cache line using CLFLUSH
• Reload the data in the cache line, time
• If the time takes to reload is short, the victim has used that cache line/memory location
• Advantages?
• Good resolution (down to cache line)
• Disadvantages?
• Need shared memory

Mitigations

How can we defend against side channel attacks in general?

Mitigations

How can we defend against side channel attacks in general?

Leak less information

Mitigations

How can we defend against side channel attacks in general?

Leak less information

Mitigations

How can we defend against side channel attacks in general?

Leak less information

Obfuscate side channel

Mitigations

How can we defend against side channel attacks in general?

Leak less information

Obfuscate side channel

That’s it!

Questions?

PS: Good luck on your project presentations!

Hopefully you won’t be as much of a mess as I am today! [x