Готові списки джерел за темами / Microarchitectural attack / Статті в журналах

Статті в журналах з теми "Microarchitectural attack"

Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Microarchitectural attack.
Автор: Grafiati
Опубліковано: 28 січня 2023

Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями

Оберіть тип джерела:

Ознайомтеся з топ-36 статей у журналах для дослідження на тему "Microarchitectural attack".

Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.

Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.

Переглядайте статті в журналах для різних дисциплін та оформлюйте правильно вашу бібліографію.

1

Mao, Yuxiao, Vincent Migliore, and Vincent Nicomette. "MATANA: A Reconfigurable Framework for Runtime Attack Detection Based on the Analysis of Microarchitectural Signals." Applied Sciences 12, no. 3 (January 29, 2022): 1452. http://dx.doi.org/10.3390/app12031452.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Microarchitectural attacks exploit target hardware properties to break software isolation techniques used by the processor. These attacks are extremely powerful and hard to detect since the determination of the program execution’s impact on the microarchitecture is at the same time not precisely understood and not easily observable at the software layer. Some approaches have attempted to benefit from existing hardware to better understand and detect the microarchitectural attacks (i.e., Hardware Performance Counters or Arm CoreSight), but such hardware was not meant to be used for cybersecurity, with reduced choice on observable signals and limited throughput of information. In this paper, we propose MATANA, an open and adaptive reconfigurable hardware/software co-designed framework. Combining fine-grained analysis of microarchitectural signals and software support, MATANA allows to design and assess detection mechanisms for attacks by characterizing their microarchitectural effects—in particular, microarchitectural attacks, but also some high-level attacks such as return-oriented programming attacks. The paper also describes a prototype implementation, built with a RISC-V softcore processor Rocket running Linux 4.15 on a Virtex-6 FPGA. We successfully used MATANA to analyze cache side-channel attacks and build attack detection logic from two different perspectives: instruction-based and memory-access-based. We also successfully detected return-oriented programming attacks by exhibiting a specific behavioral pattern on the microarchitecture.
2

Lou, Xiaoxuan, Tianwei Zhang, Jun Jiang, and Yinqian Zhang. "A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography." ACM Computing Surveys 54, no. 6 (July 2021): 1–37. http://dx.doi.org/10.1145/3456629.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Side-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection enforced by the operating system and steal the secrets from the program. In this article, we systematize microarchitectural side channels with a focus on attacks and defenses in cryptographic applications. We make three contributions. (1) We survey past research literature to categorize microarchitectural side-channel attacks. Since these are hardware attacks targeting software, we summarize the vulnerable implementations in software, as well as flawed designs in hardware. (2) We identify common strategies to mitigate microarchitectural attacks, from the application, OS, and hardware levels. (3) We conduct a large-scale evaluation on popular cryptographic applications in the real world and analyze the severity, practicality, and impact of side-channel vulnerabilities. This survey is expected to inspire side-channel research community to discover new attacks, and more importantly, propose new defense solutions against them.
3

Fournaris, Apostolos, Lidia Pocero Fraile, and Odysseas Koufopavlou. "Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks." Electronics 6, no. 3 (July 13, 2017): 52. http://dx.doi.org/10.3390/electronics6030052.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
4

Shepherd, Michael, Scott Brookes, and Robert Denz. "Transient Execution and Side Channel Analysis: a Vulnerability or a Science Experiment?" International Conference on Cyber Warfare and Security 17, no. 1 (March 2, 2022): 288–97. http://dx.doi.org/10.34190/iccws.17.1.20.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
In the world of computer security, attackers are constantly looking for new exploits to gain data from or control over a computer system. One category of exploit that can prove quite effective at accessing privileged data is side channel exploits. These exploits attempt to take advantage of vulnerabilities that are inherent in the design of a system rather than vulnerabilities in the code that has been written for and is running on said system. In other words, they exploit side effects of computation. Examples of this include measuring the power consumption of a system’s processor over time and analysing that power usage to leak system secrets or reading secrets from a system by analysing the electromagnetic radiation the system leaks as it processes data. Another type of side channel attack is a cache-based side channel attack, which exploits the timings of cache and memory accesses to determine data from the target system. We discuss some of the more common types of side channel attacks used to interpret data values from the microarchitectural changes created by transient executions. In particular, we will focus on attacks that are capable of recovering data that is processed through transient execution in some way and then wrongly accessed using a side channel, such as the Spectre and Meltdown classes of attack. We also discuss other attacks of a similar type and survey some popular mitigations for these attacks. We provide a survey of all available Spectre proof-of-concept repositories on GitHub, evaluating whether they work on different platforms. Finally, we review our experiences with these types of attacks on modern systems and comment on the attacks’ practicality, reliability, and portability. We conclude that these types of attacks are interesting, but there are some practicality and reliability concerns that make other attacks easier much of the time.
5

Gnanavel, S., K. E. Narayana, K. Jayashree, P. Nancy, and Dawit Mamiru Teressa. "Implementation of Block-Level Double Encryption Based on Machine Learning Techniques for Attack Detection and Prevention." Wireless Communications and Mobile Computing 2022 (July 9, 2022): 1–9. http://dx.doi.org/10.1155/2022/4255220.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Cloud computing is one of the most important business models of modern information technology. It provides a minimum of various services to the user interaction and low cost (hardware and software). Cloud services are based on the newline architectures on virtualization by using the multitenancy for better resource management and newline strong isolation between several virtual machines (VMs). The spying on a victim VM is challenging, particularly when one wants to use per-core microarchitectural features as a side channel. For example, the cache contains the most potential for damaging side channels, but shared information across different cores affects the cloud information. To overcome this problem, propose the Secure Block-Level Double Encryption (SBLDE) algorithm for user signature verification in the cloud server. It uses identity-based detection techniques to monitor the colocated VMs to identify abnormal cache data and channel behaviors typically during VM data transformation. The identity-based linear classification (IBLC) method is used for classifying the attacker channel when the data is transferred/retrieved from the VM cloud server. This cloud controller finds the channel misbehavior to block the port or channel, changing other available ports’ communication. The service verification provides strong user access permission on the cloud server when the unknown request to the cloud server suddenly executes the key authentication to verify the user permission. This linear classification trains the existing side-channel attack datasets to the classifier and identifies the VM cloud’s attack channel. The study focused on preventing attacks from interrupting the system and serves as an effective means for cross-VM side-channel attacks. This proposed method protects the cloud data and prevents cross-VM channel attack detection efficiently, compared to other existing methods. In this overall proposed method, SBLDE’s performance is to be evaluated and then compared with the existing method.
6

Di, Bang, Daokun Hu, Zhen Xie, Jianhua Sun, Hao Chen, Jinkui Ren, and Dong Li. "TLB-pilot: Mitigating TLB Contention Attack on GPUs with Microarchitecture-Aware Scheduling." ACM Transactions on Architecture and Code Optimization 19, no. 1 (March 31, 2022): 1–23. http://dx.doi.org/10.1145/3491218.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Co-running GPU kernels on a single GPU can provide high system throughput and improve hardware utilization, but this raises concerns on application security. We reveal that translation lookaside buffer (TLB) attack, one of the common attacks on CPU, can happen on GPU when multiple GPU kernels co-run. We investigate conditions or principles under which a TLB attack can take effect, including the awareness of GPU TLB microarchitecture, being lightweight, and bypassing existing software and hardware mechanisms. This TLB-based attack can be leveraged to conduct Denial-of-Service (or Degradation-of-Service) attacks. Furthermore, we propose a solution to mitigate TLB attacks. In particular, based on the microarchitecture properties of GPU, we introduce a software-based system, TLB-pilot, that binds thread blocks of different kernels to different groups of streaming multiprocessors by considering hardware isolation of last-level TLBs and the application’s resource requirement. TLB-pilot employs lightweight online profiling to collect kernel information before kernel launches. By coordinating software- and hardware-based scheduling and employing a kernel splitting scheme to reduce load imbalance, TLB-pilot effectively mitigates TLB attacks. The result shows that when under TLB attack, TLB-pilot mitigates the attack and provides on average 56.2% and 60.6% improvement in average normalized turnaround times and overall system throughput, respectively, compared to the traditional Multi-Process Service based co-running solution. When under TLB attack, TLB-pilot also provides up to 47.3% and 64.3% improvement (41% and 42.9% on average) in average normalized turnaround times and overall system throughput, respectively, compared to a state-of-the-art co-running solution for efficiently scheduling of thread blocks.
7

Gruss, Daniel. "Software-based microarchitectural attacks." it - Information Technology 60, no. 5-6 (December 19, 2018): 335–41. http://dx.doi.org/10.1515/itit-2018-0034.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Abstract Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Microarchitectural attacks leak this data (side channels) or exploit physical imperfections to take control of the entire system (fault attacks). In my thesis (D. Gruss. Software-based Microarchitectural Attacks. PhD thesis, Graz University of Technology, 2017), I improved over state of the art in microarchitectural attacks and defenses in three dimensions. I cover these briefly in this summary. First, I show that attacks can be fully automated. Second, I present several novel previously unknown side channels. Third, I show that attacks can be mounted in highly restricted environments such as sandboxed JavaScript code in websites, and on any computer system including smartphones, tablets, personal computers, and commercial cloud systems. These results formed one of the corner stones for attacks like Meltdown (M. Lipp et al. Meltdown: Reading kernel memory from user space. In USENIX Security Symposium, 2018) and Spectre (P. Kocher et al. Spectre attacks: Exploiting speculative execution. In S&P, 2019) which were discovered months after the thesis was concluded.
8

Montasari, Reza, Amin Hosseinian-Far, Richard Hill, Farshad Montaseri, Mak Sharma, and Shahid Shabbir. "Are Timing-Based Side-Channel Attacks Feasible in Shared, Modern Computing Hardware?" International Journal of Organizational and Collective Intelligence 8, no. 2 (April 2018): 32–59. http://dx.doi.org/10.4018/ijoci.2018040103.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
This article describes how there exist various vulnerabilities in computing hardware that adversaries can exploit to mount attacks against the users of such hardware. Microarchitectural attacks, the result of these vulnerabilities, take advantage of microarchitectural performance of processor implementations, revealing hidden computing process. Leveraging microarchitectural resources, adversaries can potentially launch timing-based side-channel attacks in order to leak information via timing. In view of these security threats against computing hardware, the authors analyse current attacks that take advantage of microarchitectural elements in shared computing hardware. This analysis focuses only on timing-based side-channel attacks against the components of modern PC platforms - with references being made also to other platforms when relevant - as opposed to any other variations of side-channel attacks which have a broad application range. To this end, the authors analyse timing attacks performed against processor and cache components, again with references to other components when appropriate.
9

Yong-Joon Park, Zhao Zhang, and Gyungho Lee. "Microarchitectural Protection Against Stack-Based Buffer Overflow Attacks." IEEE Micro 26, no. 4 (July 2006): 62–71. http://dx.doi.org/10.1109/mm.2006.76.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
10

Schwarz, Michael, and Daniel Gruss. "How Trusted Execution Environments Fuel Research on Microarchitectural Attacks." IEEE Security & Privacy 18, no. 5 (September 2020): 18–27. http://dx.doi.org/10.1109/msec.2020.2993896.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
11

Genkin, Daniel, and Yuval Yarom. "Whack-a-Meltdown: Microarchitectural Security Games [Systems Attacks and Defenses]." IEEE Security & Privacy 19, no. 1 (January 2021): 95–98. http://dx.doi.org/10.1109/msec.2020.3036146.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
12

Szefer, Jakub. "Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses." Journal of Hardware and Systems Security 3, no. 3 (September 13, 2018): 219–34. http://dx.doi.org/10.1007/s41635-018-0046-1.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
13

Ge, Qian, Yuval Yarom, David Cock, and Gernot Heiser. "A survey of microarchitectural timing attacks and countermeasures on contemporary hardware." Journal of Cryptographic Engineering 8, no. 1 (December 26, 2016): 1–27. http://dx.doi.org/10.1007/s13389-016-0141-6.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
14

Shin, Youngjoo. "Multibyte Microarchitectural Data Sampling and its Application to Session Key Extraction Attacks." IEEE Access 9 (2021): 80806–20. http://dx.doi.org/10.1109/access.2021.3085395.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
15

Rajendran, Jeyavijayan, Arun Karthik Kanuparthi, Mohamed Zahran, Sateesh K. Addepalli, Gaston Ormazabal, and Ramesh Karri. "Securing Processors Against Insider Attacks: A Circuit-Microarchitecture Co-Design Approach." IEEE Design & Test 30, no. 2 (April 2013): 35–44. http://dx.doi.org/10.1109/mdat.2013.2249554.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
16

Grycel, Jacob, and Patrick Schaumont. "SimpliFI: Hardware Simulation of Embedded Software Fault Attacks." Cryptography 5, no. 2 (June 7, 2021): 15. http://dx.doi.org/10.3390/cryptography5020015.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Fault injection simulation on embedded software is typically captured using a high-level fault model that expresses fault behavior in terms of programmer-observable quantities. These fault models hide the true sensitivity of the underlying processor hardware to fault injection, and they are unable to correctly capture fault effects in the programmer-invisible part of the processor microarchitecture. We present SimpliFI, a simulation methodology to test fault attacks on embedded software using a hardware simulation of the processor running the software. We explain the purpose and advantage of SimpliFI, describe automation of the simulation framework, and apply SimpliFI on a BRISC-V embedded processor running an AES application.
17

Yu, Jiyong, Mengjia Yan, Artem Khyzha, Adam Morrison, Josep Torrellas, and Christopher W. Fletcher. "Speculative taint tracking (STT)." Communications of the ACM 64, no. 12 (December 2021): 105–12. http://dx.doi.org/10.1145/3491201.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks. The main idea is that it is safe to execute and selectively forward the results of speculative instructions that read secrets, as long as we can prove that the forwarded results do not reach potential covert channels. The technical core of the paper is a new abstraction to help identify all micro-architectural covert channels, and an architecture to quickly identify when a covert channel is no longer a threat. We further conduct a detailed formal analysis on the scheme in a companion document. When evaluated on SPEC06 workloads, STT incurs 8.5% or 14.5% performance overhead relative to an insecure machine.
18

Omar, Hamza, Brandon D'Agostino, and Omer Khan. "OPTIMUS: A Security-Centric Dynamic Hardware Partitioning Scheme for Processors that Prevent Microarchitecture State Attacks." IEEE Transactions on Computers 69, no. 11 (November 1, 2020): 1558–70. http://dx.doi.org/10.1109/tc.2020.2996021.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
19

Fournaris, Apostolos P., Konstantinos Lampropoulos, and Odysseas Koufopavlou. "End Node Security and Trust vulnerabilities in the Smart City Infrastructure." MATEC Web of Conferences 188 (2018): 05005. http://dx.doi.org/10.1051/matecconf/201818805005.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
As cities gradually introduce intelligence in their core services and infrastructure thus becoming “smart cities”, they are deploying new Information Technology devices in the urban grid that are interconnected to a broad network. The main focus of widely implemented smart cities' services was the operation of sensors and smart devices across city areas that need low energy consumption and high connectivity. However, as 5G technologies are gradually been adopted in the smart city infrastructure thus solving that problem, the fundamental issue of addressing security becomes dominant. While latest network topologies and standards include security functions thus giving an illusion of security, there is little focus on the fact that many smart city end nodes cannot realize all security specifications without additional help. In this paper, we discuss briefly smart city security issues and focus on problem and security requirement that need to be address in the smart city end nodes, the sensors and actuators deployed within the city's grid. In this paper, attacks that cannot be thwarted by traditional cybersecurity solutions are discussed and countermeasures based on hardware are suggested in order to achieve a high level of trust. Also, the danger of microarchitectural and side channel attacks on these devices is highlighted and protection approaches are discussed.
20

Cabodi, Gianpiero, Paolo Camurati, Fabrizio Finocchiaro, and Danilo Vendraminetto. "Model-Checking Speculation-Dependent Security Properties: Abstracting and Reducing Processor Models for Sound and Complete Verification." Electronics 8, no. 9 (September 19, 2019): 1057. http://dx.doi.org/10.3390/electronics8091057.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and they do not exploit any software vulnerabilities. Moreover, they violate all security assumptions ensured by standard security procedures, (e.g., address space isolation), and, as a result, every security mechanism built upon these guarantees. These vulnerabilities allow the attacker to retrieve leaked data without accessing the secret directly. Indeed, they make use of covert channels, which are mechanisms of hidden communication that convey sensitive information without any visible information flow between the malicious party and the victim. The root cause of this type of side-channel attacks lies within the speculative and out-of-order execution of modern high-performance microarchitectures. Since modern processors are hard to verify with standard formal verification techniques, we present a methodology that shows how to transform a realistic model of a speculative and out-of-order processor into an abstract one. Following related formal verification approaches, we simplify the model under consideration by abstraction and refinement steps. We also present an approach to formally verify the abstract model using a standard model checker. The theoretical flow, reliant on established formal verification results, is introduced and a sketch of proof is provided for soundness and correctness. Finally, we demonstrate the feasibility of our approach, by applying it on a pipelined DLX RISC-inspired processor architecture. We show preliminary experimental results to support our claim, performing Bounded Model-Checking with a state-of-the-art model checker.
21

Sayadi, Hossein, Yifeng Gao, Hosein Mohammadi Makrani, Jessica Lin, Paulo Cesar Costa, Setareh Rafatirad, and Houman Homayoun. "Towards Accurate Run-Time Hardware-Assisted Stealthy Malware Detection: A Lightweight, yet Effective Time Series CNN-Based Approach." Cryptography 5, no. 4 (October 17, 2021): 28. http://dx.doi.org/10.3390/cryptography5040028.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
According to recent security analysis reports, malicious software (a.k.a. malware) is rising at an alarming rate in numbers, complexity, and harmful purposes to compromise the security of modern computer systems. Recently, malware detection based on low-level hardware features (e.g., Hardware Performance Counters (HPCs) information) has emerged as an effective alternative solution to address the complexity and performance overheads of traditional software-based detection methods. Hardware-assisted Malware Detection (HMD) techniques depend on standard Machine Learning (ML) classifiers to detect signatures of malicious applications by monitoring built-in HPC registers during execution at run-time. Prior HMD methods though effective have limited their study on detecting malicious applications that are spawned as a separate thread during application execution, hence detecting stealthy malware patterns at run-time remains a critical challenge. Stealthy malware refers to harmful cyber attacks in which malicious code is hidden within benign applications and remains undetected by traditional malware detection approaches. In this paper, we first present a comprehensive review of recent advances in hardware-assisted malware detection studies that have used standard ML techniques to detect the malware signatures. Next, to address the challenge of stealthy malware detection at the processor’s hardware level, we propose StealthMiner, a novel specialized time series machine learning-based approach to accurately detect stealthy malware trace at run-time using branch instructions, the most prominent HPC feature. StealthMiner is based on a lightweight time series Fully Convolutional Neural Network (FCN) model that automatically identifies potentially contaminated samples in HPC-based time series data and utilizes them to accurately recognize the trace of stealthy malware. Our analysis demonstrates that using state-of-the-art ML-based malware detection methods is not effective in detecting stealthy malware samples since the captured HPC data not only represents malware but also carries benign applications’ microarchitectural data. The experimental results demonstrate that with the aid of our novel intelligent approach, stealthy malware can be detected at run-time with 94% detection performance on average with only one HPC feature, outperforming the detection performance of state-of-the-art HMD and general time series classification methods by up to 42% and 36%, respectively.
22

Sakalis, Christos, Stefanos Kaxiras, and Magnus Själander. "Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks." ACM Transactions on Architecture and Code Optimization, September 19, 2022. http://dx.doi.org/10.1145/3563695.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
MicroScope and other similar microarchitectural replay attacks take advantage of the characteristics of speculative execution to trap the execution of the victim application in a loop, enabling the attacker to amplify a side-channel attack by executing it indefinitely. Due to the nature of the replay, it can be used to effectively attack software that are shielded against replay, even under conditions where a side-channel attack would not be possible (e.g., in secure enclaves). At the same time, unlike speculative side-channel attacks, microarchitectural replay attacks can be used to amplify the correct path of execution, rendering many existing speculative side-channel defenses ineffective. In this work, we generalize microarchitectural replay attacks beyond MicroScope and present an efficient defense against them. We make the observation that such attacks rely on repeated squashes of so-called “replay handles” and that the instructions causing the side-channel must reside in the same reorder buffer window as the handles. We propose Delay-on-Squash, a hardware-only technique for tracking squashed instructions and preventing them from being replayed by speculative replay handles. Our evaluation shows that it is possible to achieve full security against microarchitectural replay attacks with very modest hardware requirements, while still maintaining 97% of the insecure baseline performance.
23

Ryan, Keegan. "Return of the Hidden Number Problem." IACR Transactions on Cryptographic Hardware and Embedded Systems, November 9, 2018, 146–68. http://dx.doi.org/10.46586/tches.v2019.i1.146-168.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Side channels have long been recognized as a threat to the security of cryptographic applications. Implementations can unintentionally leak secret information through many channels, such as microarchitectural state changes in processors, changes in power consumption, or electromagnetic radiation. As a result of these threats, many implementations have been hardened to defend against these attacks. Despite these mitigations, this work presents a novel side-channel attack against ECDSA and DSA. The attack targets a common implementation pattern that is found in many cryptographic libraries. In fact, about half of the libraries that were tested exhibited the vulnerable pattern. This pattern is exploited in a full proof of concept attack against OpenSSL, demonstrating that it is possible to extract a 256-bit ECDSA private key using a simple cache attack after observing only a few thousand signatures. The target of this attack is a previously unexplored part of (EC)DSA signature generation, which explains why mitigations are lacking and the issue is so widespread. Finally, estimates are provided for the minimum number of signatures needed to perform the attack, and countermeasures are suggested to protect against this attack.
24

Stolz, Florian, Jan Philipp Thoma, Pascal Sasdrich, and Tim Güneysu. "Risky Translations: Securing TLBs against Timing Side Channels." IACR Transactions on Cryptographic Hardware and Embedded Systems, November 29, 2022, 1–31. http://dx.doi.org/10.46586/tches.v2023.i1.1-31.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Microarchitectural side-channel vulnerabilities in modern processors are known to be a powerful attack vector that can be utilized to bypass common security boundaries like memory isolation. As shown by recent variants of transient execution attacks related to Spectre and Meltdown, those side channels allow to leak data from the microarchitecture to the observable architectural state. The vast majority of attacks currently build on the cache-timing side channel, since it is easy to exploit and provides a reliable, fine-grained communication channel. Therefore, many proposals for side-channel secure cache architectures have been made. However, caches are not the only source of side-channel leakage in modern processors and mitigating the cache side channel will inevitably lead to attacks exploiting other side channels. In this work, we focus on defeating side-channel attacks based on page translations.It has been shown that the Translation Lookaside Buffer (TLB) can be exploited in a very similar fashion to caches. Since the main caches and the TLB share many features in their architectural design, the question arises whether existing countermeasures against cache-timing attacks can be used to secure the TLB. We analyze state-ofthe-art proposals for side-channel secure cache architectures and investigate their applicability to TLB side channels. We find that those cache countermeasures are notdirectly applicable to TLBs, and propose TLBcoat, a new side-channel secure TLB architecture. We provide evidence of TLB side-channel leakage on RISC-V-based Linux systems, and demonstrate that TLBcoat prevents this leakage. We implement TLBcoat using the gem5 simulator and evaluate its performance using the PARSEC benchmark suite.
25

Cabrera Aldaya, Alejandro, Cesar Pereida García, and Billy Bob Brumley. "From A to Z: Projective coordinates leakage in the wild." IACR Transactions on Cryptographic Hardware and Embedded Systems, June 19, 2020, 428–53. http://dx.doi.org/10.46586/tches.v2020.i3.428-453.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
At EUROCRYPT 2004, Naccache et al. showed that the projective coordinates representation of the resulting point of an elliptic curve scalar multiplication potentially allows to recover some bits of the scalar. However, this attack has received little attention by the scientific community, and the status of deployed mitigations to prevent it in widely adopted cryptography libraries is unknown. In this paper, we aim to fill this gap, by analyzing several cryptography libraries in this context. To demonstrate the applicability of the attack, we use a side-channel attack to exploit this vulnerability within libgcrypt in the context of ECDSA. To the best of our knowledge, this is the first practical attack instance. It targets the insecure binary extended Euclidean algorithm implementation using a microarchitectural side-channel attack that allows recovering the projective representation of the output point of scalar multiplication during ECDSA signature generation. We captured 100k traces to estimate the number of traces an attacker would need to compromise the libgcrypt ECDSA implementation, resulting in less than 2k for commonly used elliptic curve secp256r1, demonstrating the attack feasibility. During exploitation, we found two additional vulnerabilities. However, we remark the purpose of this paper is not merely exploiting a library but about providing an analysis on the projective coordinates vulnerability status in widely deployed open-source libraries, filling a gap between its original description in the academic literature and the adoption of countermeasures to thwart it in real-world applications.
26

Chakraborty, Anirban, Sarani Bhattacharya, Manaar Alam, Sikhar Patranabis, and Debdeep Mukhopadhyay. "RASSLE: Return Address Stack based Side-channel LEakage." IACR Transactions on Cryptographic Hardware and Embedded Systems, February 23, 2021, 275–303. http://dx.doi.org/10.46586/tches.v2021.i2.275-303.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Microarchitectural attacks on computing systems often stem from simple artefacts in the underlying architecture. In this paper, we focus on the Return Address Stack (RAS), a small hardware stack present in modern processors to reduce the branch miss penalty by storing the return addresses of each function call. The RAS is useful to handle specifically the branch predictions for the RET instructions which are not accurately predicted by the typical branch prediction units. In particular, we envisage a spy process who crafts an overflow condition in the RAS by filling it with arbitrary return addresses, and wrestles with a concurrent process to establish a timing side channel between them. We call this attack principle, RASSLE 1 (Return Address Stack based Side-channel Leakage), which an adversary can launch on modern processors by first reverse engineering the RAS using a generic methodology exploiting the established timing channel. Subsequently, we show three concrete attack scenarios: i) How a spy can establish a covert channel with another co-residing process? ii) How RASSLE can be utilized to determine the secret key of the P-384 curves in OpenSSL (v1.1.1 library)? iii) How an Elliptic Curve Digital Signature Algorithm (ECDSA) secret key on P-256 curve of OpenSSL can be revealed using Lattice Attack on partially leaked nonces with the aid of RASSLE? In this attack, we show that the OpenSSL implementation of scalar multiplication on this curve has varying number of add-and-sub function calls, which depends on the secret scalar bits. We demonstrate through several experiments that the number of add-and-sub function calls can be used to template the secret bit, which can be picked up by the spy using the principles of RASSLE. Finally, we demonstrate a full end-to-end attack on OpenSSL ECDSA using curve parameters of curve P-256. In this part of our experiments with RASSLE, we abuse the deadline scheduler policy to attain perfect synchronization between the spy and victim, without any aid of induced synchronization from the victim code. This synchronization and timing leakage through RASSLE is sufficient to retrieve the Most Significant Bits (MSB) of the ephemeral nonces used while signature generation, from which we subsequently retrieve the secret signing key of the sender applying the Hidden Number Problem. 1RASSLE is a non-standard spelling for wrestle.
27

Cabrera Aldaya, Alejandro, and Billy Bob Brumley. "Online Template Attacks: Revisited." IACR Transactions on Cryptographic Hardware and Embedded Systems, July 9, 2021, 28–59. http://dx.doi.org/10.46586/tches.v2021.i3.28-59.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
An online template attack (OTA) is a powerful technique previously used to attack elliptic curve scalar multiplication algorithms. This attack has only been analyzed in the realm of power consumption and EM side channels, where the signals leak related to the value being processed. However, microarchitecture signals have no such feature, invalidating some assumptions from previous OTA works.In this paper, we revisit previous OTA descriptions, proposing a generic framework and evaluation metrics for any side-channel signal. Our analysis reveals OTA features not previously considered, increasing its application scenarios and requiring a fresh countermeasure analysis to prevent it.In this regard, we demonstrate that OTAs can work in the backward direction, allowing to mount an augmented projective coordinates attack with respect to the proposal by Naccache, Smart and Stern (Eurocrypt 2004). This demonstrates that randomizing the initial targeted algorithm state does not prevent the attack as believed in previous works.We analyze three libraries libgcrypt, mbedTLS, and wolfSSL using two microarchitecture side channels. For the libgcrypt case, we target its EdDSA implementation using Curve25519 twist curve. We obtain similar results for mbedTLS and wolfSSL with curve secp256r1. For each library, we execute extensive attack instances that are able to recover the complete scalar in all cases using a single trace.This work demonstrates that microarchitecture online template attacks are also very powerful in this scenario, recovering secret information without knowing a leakage model. This highlights the importance of developing secure-by-default implementations, instead of fix-on-demand ones.
28

Skarlatos, Dimitrios, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher Fletcher. "MicroScope: Enabling Microarchitectural Replay Attacks." IEEE Micro, 2020, 1. http://dx.doi.org/10.1109/mm.2020.2986204.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
29

Weissman, Zane, Thore Tiemann, Daniel Moghimi, Evan Custodio, Thomas Eisenbarth, and Berk Sunar. "JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms." IACR Transactions on Cryptographic Hardware and Embedded Systems, June 19, 2020, 169–95. http://dx.doi.org/10.46586/tches.v2020.i3.169-195.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
After years of development, FPGAs are finally making an appearance on multi-tenant cloud servers. Heterogeneous FPGA-CPU microarchitectures require reassessment of common assumptions about isolation and security boundaries, as they introduce new attack vectors and vulnerabilities. In this work, we analyze the memory and cache subsystem and study Rowhammer and cache attacks enabled by two proposed heterogeneous FPGA-CPU platforms from Intel: the Arria 10 GX with an integrated FPGA-CPU platform, and the Arria 10 GX PAC expansion card which connects the FPGA to the CPU via the PCIe interface. We demonstrate JackHammer, a novel, efficient, and stealthy Rowhammer from the FPGA to the host’s main memory. Our results indicate that a malicious FPGA can perform twice as fast as a typical Rowhammer from the CPU on the same system and causes around four times as many bit flips as the CPU attack. We demonstrate the efficacy of JackHammer from the FPGA through a realistic fault attack on the WolfSSL RSA signing implementation that reliably causes a fault after an average of fifty-eight RSA signatures, 25% faster than a CPU Rowhammer. In some scenarios our JackHammer attack produces faulty signatures more than three times more often and almost three times faster than a conventional CPU Rowhammer. Finally, we systematically analyze new cache attacks in these environments following demonstration of a cache covert channel across FPGA and CPU.
30

Naghibijouybari, Hoda, Esmaeil Mohammadian Koruyeh, and Nael Abu-Ghazaleh. "Microarchitectural Attacks in Heterogeneous Systems: A Survey." ACM Computing Surveys, June 15, 2022. http://dx.doi.org/10.1145/3544102.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
With the increasing proliferation of hardware accelerators and the predicted continued increase in the heterogeneity of future computing systems, it is necessary to understand the security properties of such systems. In this survey article, we consider the security of heterogeneous systems against microarchitectural attacks, with a focus on covert- and side-channel attacks, as well as fault injection attacks. We review works that have explored the vulnerability of the individual accelerators (such as Graphical Processing Units, GPUs and Field Programmable Gate Arrays, FPGAs) against these attacks, as well as efforts to mitigate them. We also consider the vulnerability of other components within a heterogeneous system such as the interconnect and memory component. We believe that this survey is especially timely, as new accelerators and heterogeneous systems are being designed such that these designs understand the security threats and develop systems that are not only performant but also secure.
31

Cabrera Aldaya, Alejandro, and Billy Bob Brumley. "When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA." IACR Transactions on Cryptographic Hardware and Embedded Systems, March 2, 2020, 196–221. http://dx.doi.org/10.46586/tches.v2020.i2.196-221.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however, does not guarantee protection against side-channel attacks. In this paper, we analyze the security of the mbedTLS binary GCD algorithm, an implementation that offers interesting challenges when compared for example with OpenSSL, due to the usage of very tight loops in the former. Using practical experiments we demonstrate the mbedTLS binary GCD implementation is vulnerable to side-channel analysis using the SGX-Step framework against mbedTLS based SGX enclaves.We analyze the security of some use cases of this algorithm in this library, resulting in the discovery of a new vulnerability in the ECDSA code path that allows a single-trace attack against this implementation. This vulnerability is three-fold interesting: It resides in the implementation of a countermeasure which makes it more dangerous due to the false state of security the countermeasure currently offers. It reduces mbedTLS ECDSA security to an integer factorization problem. An unexpected GCD call inside the ECDSA code path compromises the countermeasure. We also cover an orthogonal use case, this time inside the mbedTLS RSA code path during the computation of a CRT parameter when loading a private key. The attack also exploits the binary GCD implementation threat, showing how a single vulnerable primitive leads to multiple vulnerabilities. We demonstrate both security threats with end-to-end attacks using 1000 trials each, showing in both cases single-trace attacks can be achieved with success rates very close to 100%.
32

Arikan, Kerem, Alessandro Palumbo, Luca Cassano, Pedro Reviriego, Salvatore Pontarelli, Giuseppe Bianchi, Oguz Ergin, and Marco Ottavi. "Processor Security: Detecting Microarchitectural Attacks via Count-Min Sketches." IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2022, 1–14. http://dx.doi.org/10.1109/tvlsi.2022.3171810.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
33

"Improving Performance and Mitigating Fault Attacks Using Value Prediction." Cryptography 2, no. 4 (September 23, 2018): 27. http://dx.doi.org/10.3390/cryptography2040027.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
We present Value Prediction for Security (VPsec), a novel hardware-only framework to counter fault attacks in modern microprocessors, while preserving the performance benefits of Value Prediction (VP.) VP is an elegant and hitherto mature microarchitectural performance optimization, which aims to predict the data value ahead of the data production with high prediction accuracy and coverage. Instances of VPsec leverage the state-of-the-art Value Predictors in an embodiment and system design to mitigate fault attacks in modern microprocessors. Specifically, VPsec implementations re-architect any baseline VP embodiment with fault detection logic and reaction logic to mitigate fault attacks to both the datapath and the value predictor itself. VPsec also defines a new mode of execution in which the predicted value is trusted rather than the produced value. From a microarchitectural design perspective, VPsec requires minimal hardware changes (negligible area and complexity impact) with respect to a baseline that supports VP, it has no software overheads (no increase in memory footprint or execution time), and it retains most of the performance benefits of VP under realistic attacks. Our evaluation of VPsec demonstrates its efficacy in countering fault attacks, as well as its ability to retain the performance benefits of VP on cryptographic workloads, such as OpenSSL, and non-cryptographic workloads, such as SPEC CPU 2006/2017.
34

Gulmezoglu, Berk. "XAI-based Microarchitectural Side-Channel Analysis for Website Fingerprinting Attacks and Defenses." IEEE Transactions on Dependable and Secure Computing, 2021, 1. http://dx.doi.org/10.1109/tdsc.2021.3117145.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
35

Gao, Si, Ben Marshall, Dan Page, and Thinh Pham. "FENL: an ISE to mitigate analogue micro-architectural leakage." IACR Transactions on Cryptographic Hardware and Embedded Systems, March 2, 2020, 73–98. http://dx.doi.org/10.46586/tches.v2020.i2.73-98.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
Ge et al. [GYH18] propose the augmented ISA (or aISA), a central tenet of which is the selective exposure of micro-architectural resources via a less opaque abstraction than normal. The aISA proposal is motivated by the need for control over such resources, for example to implement robust countermeasures against microarchitectural attacks. In this paper, we apply an aISA-style approach to challenges stemming from analogue micro-architectural leakage; examples include power-based Hamming weight and distance leakage from relatively fine-grained resources (e.g., pipeline registers), which are not exposed in, and so cannot be reliably controlled via, a normal ISA. Specifically, we design, implement, and evaluate an ISE named FENL: the ISE acts as a fence for leakage, preventing interaction between, and hence leakage from, instructions before and after it in program order. We demonstrate that the implementation and use of FENL has relatively low overhead, and represents an effective tool for systematically localising and reducing leakage.
36

Sachlos, Eleftherios, Nuno Reis, Chris Ainsley, Brian Derby, and Jan T. Czernuszka. "A Process to Make Collagen Scaffolds with an Artificial Circulatory System using Rapid Prototyping." MRS Proceedings 758 (2002). http://dx.doi.org/10.1557/proc-758-ll5.3.

Повний текст джерела
Стилі APA, Harvard, Vancouver, ISO та ін.
Анотація:
ABSTRACTTissue engineering aims to produce biological substitutes to restore or repair damaged human tissues or organs. The principle strategy behind tissue engineering involves seeding relevant cell(s) onto porous 3D biodegradable scaffolds. The scaffold acts as a temporary substrate where the cells can attach and then proliferate and differentiate. Collagen is the major protein constituent of the extracellular matrix in the human body and therefore an attractive scaffold material. Current collagen scaffolds are foams which limit the mass transport of oxygen and nutrients deep into the scaffold, and consequently cannot support the growth of thick-cross sections of tissue (greater than 500 μm). We have developed a novel process to make collagen and collagen-hydroxyapatite scaffolds containing an internal artificial circulatory system in the form of branching channels using a sacrificial mould, casting and critical point drying technique. The mould is made using a commercial rapid prototyping system, the Model-Maker II, and is designed to possess a series of connected shafts. The mould is dissolved away and the solvent itself removed by critical point drying with liquid carbon dioxide. Processed hydroxyapatite has been characterised by XRD and FTIR analysis. Tissue engineering with collagen scaffolds possessing controlled internal microarchitecture may be the key to growing thick cross-sections of human tissue.

До бібліографії