A survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography
Download 176.24 Kb.
|
- Navigate this page:
- Software vectors.
- Hardware vectors.
BACKGROUNDBasIcs of SIde-channel Affacks I I ∼ R ∼ S R S In a microarchitectural side-channel attack, the adversary steals secrets by exploiting observable information from the microarchitectural components. Given a secret input , the target application exhibits certain runtime behaviors (e.g., memory access patterns) and causes the underlying host system to reveal some characteristics . By identifying the correlation , the adversary is able to capture the microarchitectural characteristics as the side-channel information and infer the secret input. The success of microarchitectural side-channel attacks relies on vectors from both software and hardware levels. S S R ∼ S Software vectors. One necessary condition for microarchitectural attacks is that application’s runtime behaviors need to be correlated with the secrets: . Generally there are two sources of leakage. (1) Secret-dependent control ßow: When the secret changes, the application executes another code path. (2) Secret-dependent data ßow: The application may rely on the secret to determine the data access location. They yield di$erent behaviors distinguishable by the attacker. I ∼ R Hardware vectors. The key factor is that application’s behaviors can be reßected by the microarchi- tectural characteristics: . Two kinds of techniques exist to capture useful microarchitectural characteristics. (1) An adversary can directly check the states of the hardware component altered by the execution of the application. In this case, the attacker program needs to share the same component with the victim. (2) An adversary can measure the application’s execution time to indi- rectly infer its microarchitectural characteristics. In this case, the attack can be performed without the need to co-locate with the victim, but is only able to capture coarser-grained side-channel information. Thus, a large quantity of sessions are needed to statistically infer useful information. Download 176.24 Kb. Share with your friends:
|