@MilanPatnaik
Microarchitectural Attack
Cache Based Attacks
Dr Milan Patnaik
Indian Institute of Technology Madras, India
Rashtriya Raksha University, India
@MilanPatnaik
Outline

Cache Timing Attacks.

Cache Covert Channel.

Flush + Reload Attack

Cache Collision Attacks.

Prime + Probe Attack

Time Driven Attacks

Transient Micro-architectural Attacks.

Meltdown

Spectre
@MilanPatnaik
Outline

Cache Timing Attacks.

Cache Covert Channel.

Flush + Reload Attack

Cache Collision Attacks.

Prime + Probe Attack

Time Driven Attacks

Transient Micro-architectural Attacks.

Meltdown

Spectre
@MilanPatnaik
Security

Cryptography

Passwords

Information Flow Policies

Privileged Rings

ASLR

Virtual Machines and confinement

Javascript and HTML5
(due to restricted access to system resources)

Enclaves (SGX and Trustzone)
@MilanPatnaik
Security

Cryptography

Passwords

Information Flow Policies

Privileged Rings

ASLR

Virtual Machines and confinement

Javascript and HTML5
(due to restricted access to system resouces)

Enclaves (SGX and Trustzone)
Cache timing attackCache timing attack
Branch prediction attackBranch prediction attack
Speculation AttacksSpeculation Attacks
Row hammerRow hammer
Fault Injection AttacksFault Injection Attacks
Cold boot attacksCold boot attacks
DRAM Row buffer (DRAMA)DRAM Row buffer (DRAMA)
@MilanPatnaik
Micro-architectural Attacks

Micro-architectural attacks are caused by:-


Performance optimizations

Inherent device properties

Stronger attackers
Security
Performance
@MilanPatnaik
Cache Timing Attacks
Cache Covert Channels
@MilanPatnaik
Cache Organisation
@MilanPatnaik
Cache Organisation
@MilanPatnaik
Cache Organisation
@MilanPatnaik
Cache Organisation
@MilanPatnaik
Cache Organisation
@MilanPatnaik
Cache Organisation
64 Sets
64 Bytes
32K L1d Cache
@MilanPatnaik
Cache Covert Channels
Process P2
@MilanPatnaik
Cache Covert Channels
Process P2
Cache Miss Set A
@MilanPatnaik
Cache Covert Channels
Process P2
Cache Miss Set B
@MilanPatnaik
Cache Covert Channels
Statistically
Time A Loads ~ Time B Loads
Process P2
@MilanPatnaik
Cache Covert Channels
Statistically
Time A Loads ~ Time B Loads
Process P2Process P1
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Process P2Process P1
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Process P2Process P1
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Process P2Process P1
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Statistically
Time A Loads > Time B Loads
Process P2Process P1
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Process P2Process P1
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Statistically
Time A Loads < Time B Loads
Process P2Process P1
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Process P2Process P1
bit = message
while (bit[i] != ‘\0’)
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels
Statistically
Time A Loads Vs Time B Loads
Process P2Process P1
bit = message
while (bit[i] != ‘\0’)
If (bit == 1)
Load A1p1
else
Load B1p1
@MilanPatnaik
Cache Covert Channels: Send Even 1
A0 Set
A1 Set
BO Set
BE Set
@MilanPatnaik
Cache Covert Channels

Indentifying

Cache Covert Channels are difficult

Variety of Covert Channels : File, Time etc

Quantifying

Bit rate of communication : bps

Elimination

Careful design

Seperation

Studying characteristic of operations

Rate of opening and closing of files
@MilanPatnaik
Cache Timing Attacks
Flush + Reload Attack
@MilanPatnaik
Copy On Write
 Child created is an exact replica of the parent process
 Page tables of the parent duplicated in the child
 New pages created only when parent (or child) modifies data

Postpone copying of pages as much as possible, thus
optimizing performance

Thus, common code sections (like libraries) would be
shared across processes.
• Making a copy of a process
is called forking.
– Parent (is the original)
– child (is the new process)
• When fork is invoked,
– child is an exact copy of
parent
• When fork is called all pages
are shared between parent
and child
• Easily done by copying the
Physical Memory
Parent
Page
Table
Child
Page
Table
Virtual Addressing Advantage
(easy to make copies of a process)
@MilanPatnaik
Copy On Write
Parent Child
@MilanPatnaik
Copy On Write
Parent Child
Parent Child
@MilanPatnaik
Process Tree
init
:
SSLEncryption()
:
:
SSLEncryption()
:
Virtual Memory
(process 1)
Virtual Memory
(process 2)
Process Tree
@MilanPatnaik
Process Tree
init
:
SSLEncryption()
:
:
SSLEncryption()
:
Virtual Memory
(process 1)
Virtual Memory
(process 2)
SSLEncryption()
Physical Memory
Process Tree
@MilanPatnaik
Process Tree
init
:
SSLEncryption()
:
:
SSLEncryption()
:
Virtual Memory
(process 1)
Virtual Memory
(process 2)
SSLEncryption()
Physical Memory
Process Tree
@MilanPatnaik
Interaction with LLC
ProcessesProcesses
Core 1Core 1
LLCLLC
:
SSLEncryption()
:
cache misses
Core 2Core 2
ProcessesProcesses
@MilanPatnaik
Interaction with LLC
ProcessesProcesses
Core 1Core 1
LLCLLC
:
SSLEncryption()
:
cache misses
Core 2Core 2
ProcessesProcesses
SLOW
@MilanPatnaik
Interaction with LLC
:
SSLEncryption()
:
cache hits
:
SSLEncryption()
:ProcessesProcesses
Core 1Core 1
LLCLLC
Core 2Core 2
ProcessesProcesses
@MilanPatnaik
Interaction with LLC
:
SSLEncryption()
:
cache hits
:
SSLEncryption()
:ProcessesProcesses
Core 1Core 1
LLCLLC
Core 2Core 2
ProcessesProcesses
FAST
@MilanPatnaik
Flush + Reload Attack
Part of an encryption algorithm
executed only when ei = 1
clflush Instruction
Takes an address as input.
Flushes that address from all caches
clflush (line 8)
Flush+Reload Attack, Yuval Yarom and Katrina Falkner (https://eprint.iacr.org/2013/448.pdf)
@MilanPatnaik
Flush + Reload Attack
ProcessesProcesses
Core 1Core 1
LLCLLC
Core 2Core 2
ProcessesProcesses
:
SSLEncryption()
:
:
Clflush(line 8)
:
@MilanPatnaik
Flush + Reload Attack
flush
reload
access victim
attacker
@MilanPatnaik
Flush + Reload Attack
@MilanPatnaik
Flush + Reload Attack : Counter
• Do not use copy-on-write
– Implemented by cloud providers
• Permission checks for clflush
– Do we need clflush?
• Non-inclusive cache memories
– AMD
– Intel i9 versions
• Fuzzing Clocks
• Software Diversification
– Permute location of objects in memory (statically and dynamically)
@MilanPatnaik
Cache Collision Attacks
Prime + Probe Attack
@MilanPatnaik
Cache Collision Attacks
• External Collision Attacks
– Prime + Probe Attack
• Internal Collision Attacks
– Time Driven Attacks
@MilanPatnaik
Prime + Probe Attack
Core 1Core 1
Last Level CacheLast Level Cache
Core 2Core 2
VictimVictim
SMT
Core
SMT
Core
L1 Cache MemoryL1 Cache Memory
SpySpy
VictimVictim SpySpy
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
Set N-2
Set N-1
@MilanPatnaik
Prime + Probe Attack
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
While(1){
for(each cache set){
start = time();
access all cache ways
end = time();
access_time = end – start
}
wait for some time
}
@MilanPatnaik
Prime + Probe Attack
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
While(1){
for(each cache set){
start = time();
access all cache ways
end = time();
access_time = end – start
}
wait for some time
}
@MilanPatnaik
Prime + Probe Attack
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
While(1){
for(each cache set){
start = time();
access all cache ways
end = time();
access_time = end – start
}
wait for some time
}
PRIME
@MilanPatnaik
Prime + Probe Attack
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
While(1){
for(each cache set){
start = time();
access all cache ways
end = time();
access_time = end – start
}
wait for some time
}
@MilanPatnaik
Prime + Probe Attack
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
While(1){
for(each cache set){
start = time();
access all cache ways
end = time();
access_time = end – start
}
wait for some time
}
@MilanPatnaik
Prime + Probe Attack
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
While(1){
for(each cache set){
start = time();
access all cache ways
end = time();
access_time = end – start
}
wait for some time
}
PROBE
@MilanPatnaik
Prime + Probe Attack
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
While(1){
for(each cache set){
start = time();
access all cache ways
end = time();
access_time = end – start
}
wait for some time
}
Time taken by sets that have
victim data is more due to the cache
misses
PROBE
@MilanPatnaik
Prime + Probe Attack
0 63
Each row is an iteration of the while loop; darker shades imply higher memory access time
Each block depicts one cache set access time
@MilanPatnaik
Example Prime+Probe: Cryptography
char Lookup[] = {x, x, x, . . . x};
char RecvDecrypt(socket){
char key = 0x12;
char pt, ct;
read(socket, &ct, 1);
pt = Lookup[key ^ ct];
return pt;
}
The attacker know the address of Lookup and the ciphertext (ct)
The memory accessed in Lookup depends on the value of key
Given the set number, one can identify bits of key ^ ct.
Key dependent memory accesses
@MilanPatnaik
Example Prime+Probe: Keystroke Sniffing
• Keystroke -- interrupt -- kernel mode switch -- ISR execution -- add to keyboard
buffer -- … -- return from interrupt
way 0 way 1 way 2 way 3
Set 0
Set 1
Set 2
Set 3
@MilanPatnaik
Example Prime+Probe: Keystroke Sniffing
• Regular disturbance seen in Probe Time Plot
• Period between disturbance used to predict passwords
Svetlana Pinet, Johannes C. Ziegler, and F.-Xavier Alario. 2016. Typing Is Writing: Linguistic Properties Modulate
Typing Execution. Psychon Bull Rev 23, 6
@MilanPatnaik
Cache Collision Attacks
Time Driven Attacks
@MilanPatnaik
Time Driven Attacks
Victim Attacker
@MilanPatnaik
Internal Collision : Cipher
Table Table
Part of a Cipher
P0 ,P4
If cache hit (less time) : If cache miss (more time):
00 KP  44 KP 
4P0P
0K 4K
4040
4400
PPKK
KPKP


4040
4400
PPKK
KPKP


Attacker
@MilanPatnaik
Internal Collision : Cipher
T
P0
K0
T
P4
K4
Block Cipher
Random
P0
Cipher Text
P4Suppose
(K0 = 00 and K4 = 50)
• P0 = 0, all other inputs are
random
• Make N time measurements
• Segregate into buckets
based on value of P4
• Find average time of each
bucket
• Find deviation of each
average from overall
average (DOM)
P4 Average
Time
DOM
00 2945.3 1.8
10 2944.4 0.9
20 2943.7 0.2
30 2943.7 0.2
40 2944.8 1.3
50 2937.4 -6.3
60 2943.3 -0.2
70 2945.8 2.3
: : :
F0 2941.8 -1.7
Average : 2943.57
Maximum : -6.34040
PPKK 
@MilanPatnaik
Questions
Cache Attacks