Defeating cache timing attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



A lot of things have been said recently on attacks against cryptographic primitives that make use of cache memory. Those attacks are not new and if you want a more complete story of those attacks you mail me I will send you the complete list of paper related to this subject. Now 2 kind of attacks seems to emerge: - Passive attacks: just observe the timing of the code and try to find correlation between time variation and key

-Active Attacks: try to create correlation between timing and the key. Those attacks may involve hyperthreading, or malicious code which produce interruptions and cache flushes.

Now the big problem is how to deal with those attacks:
- for active attacks the countermeasure is quite simple : take a dummy key and evaluate cache misses of several encryptions. If the misses ratio are too big: the implementation is under attack (the only difficulty is too evaluate the work load of processor). If we only want to defeat Hyperthreading attacks, we just have to code the algorithm using hyperthreading. The first thread compute the algorithm and the second perform prefetch for the first thread.

- passive attacks are more complicated to defeat. The first solution is to use constant time memory access algorithm (removing lookup table). We can also warmup the cache to reduce memory latency using prefetch instruction. This solution is not available when cache is small in comparison of the table.

Those countermeasures are in test. I hope that it will ready for WeWorc conference.

The conclusion is that those attacks are not really dangerous. Several software countermeasures are possible and it does not require to completely change cache architecture.

What do you think about my countermeasures ? I will be pleased with any comments or idea on attacks and countermeasures.


Cédric Lauradoux
Inria Rocquencourt
Project team CODES
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux