Sarani Bhattacharya

Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis

Rowhammer attacks have exposed a serious vulnerability in modern DRAM chips to induce bit flips in data which is stored in memory. In this paper, we develop a methodology to combine timing analysis to perform the hammering in a controlled manner to create bit flips in cryptographic keys which are stored in memory. The attack would require only user level privilege for Linux kernel versions before 4.0 and is unaware of the memory location of the key. An intelligent combination of timing Prime + Probe attack and row-buffer collision is shown to induce bit flip faults in a 1024 bit RSA key on modern processors using realistic number of hammering attempts. This demonstrates the feasibility of fault analysis of ciphers using purely software means on commercial x86 architectures, which to the best of our knowledge has not been reported earlier. The attack is also relevant for the newest Linux kernel in a Cross-VM environment where the VMs having root privilege are not denied to access the pagemap.

Who Watches the Watchmen?: Utilizing Performance Monitors for Compromising Keys of RSA on Intel Platforms

Asymmetric-key cryptographic algorithms when implemented on systems with branch predictors, are subjected to side-channel attacks exploiting the deterministic branch predictor behavior due to their key-dependent input sequences. We show that branch predictors can also leak information through the hardware performance monitors which are accessible by an adversary at the user-privilege level. This paper presents an iterative attack which target the key-bits of 1024 bit RSA, where in offline phase, the system’s underlying branch predictor is approximated by a theoretical predictor in literature. Subsimulations are performed to classify the message-space into distinct partitions based on the event branch misprediction and the target key bit value. In online phase, we ascertain the secret key bit using branch mispredictions obtained from the hardware performance monitors which reflect the behavior of the underlying predictor hardware. We theoretically prove that the probability of success is equivalent to the accurate modelling of the theoretical predictor to the underlying system predictor. Experimentations reveal that the success-rate increases with message-count and reaches such a significant value so as to consider side-channel from the performance counters as a real threat to RSA-like ciphers due to the underlying branch predictors and needs to be considered for developing secured-systems.

Hardware Prefetchers Leak: A Revisit of SVF for Cache-Timing Attacks

Micro-architectural features have an influence on security against cache attacks. This paper shows that modern hardware prefetchers enabled in cache memories to reduce the miss penalty, can be a source of information leakage with respect to cache-timing attacks. The work revisits the Side Channel Vulnerability Factor (SVF) proposed in ISCA¿12 and shows how to adapt the metric to assess the vulnerability of a prefetcher in cache-timing attacks. We use the modified metric denoted Timing-SVF, to show that standard prefetchers based on sequential algorithms can leak information in cache timing attacks. The findings have been established by experimental validations on a standard 128 bit cipher, called CLEFIA, designed by Sony Corporation Ltd. and used for light weight cryptography.

Timing Channels in Cryptography: A Micro-Architectural Perspective

This book deals with timing attacks on cryptographic ciphers. It describes and analyzes various unintended covert timing channels that are formed when ciphers are executed in microprocessors. The book considers modern superscalar microprocessors which are enabled with features such as multi-threaded, pipelined, parallel, speculative, and out-of order execution. Various timing attack algorithms are described and analyzed for both block ciphers as well as public-key ciphers. The interplay between the cipher implementation, the system architecture, and the attacks success is analyzed. Further hardware and software countermeasures are discussed with the aim of illustrating methods to build systems that can protect against these attacks.

An Introduction to Timing Attacks

This chapter introduces side-channel attacks and timing attacks on implementations of cryptographic ciphers. It classifies timing attacks, presents the essential requirements for the attack to succeed, and discusses the attackers success. The chapter also outlines the contents of the book.

Formal fault analysis of branch predictors: attacking countermeasures of asymmetric key ciphers

Implementations of asymmetric key algorithm have been threatened via timing side channels due to the behavior of the underlying branch predictors. However, the effect of faults on such predictors and the consequences thereof on the security of crypto-algorithms have not been studied. Motivated by the fact that unknown branch predictors of standard processors bear a strong correlation with 2-bit dynamic predictors, this paper develops a formal analysis of such a bimodal predictor under the effect of faults. Assuming a popular bit-flip fault model, the analysis shows that differences of branch misses under the effect of such faults can be exploited to attack implementations of RSA-like asymmetric key algorithms, based on square and multiplication operations. Furthermore, these attacks can be also threatening against Montgomery ladder of CRT-RSA (RSA implemented using Chinese Remainder Theorem) and even against fault attack countermeasures which stop or randomize the output in case of a fault. The theoretical claims have been substantiated by detailed fault simulations, where the difference of branch misses has been observed using the “perf” tool in Linux.

Unraveling timewarp: what all the fuzz is about?

Timing attacks are a threat to networked computing systems especially the emerging cloud computing infrastructures. The precision timestamp counters present in modern microprocessors is a popularly used side channel source for timing information. These counters are able to measure the variability of timings that are caused from microarchitectural effects, like cache access patterns and branch miss predictions, and have been routinely used for demonstrating practical attacks against well known ciphers. Recently, researchers have attempted to inhibit precision timing measurements by fuzzing the timestamp, through a time-warped mechanism. In this paper, we demonstrate that in spite of fuzzing time, timing attack are still possible.

Advanced Fault Attacks in Software: Exploiting the Rowhammer Bug

In this chapter, we present to the readers a recently reported fault attack technique in the cryptographic literature - attacks exploiting the Rowhammer bug on actual modern-day processors. Rowhammer attacks have exposed a serious vulnerability in modern DRAM chips to induce bit flips in data which is stored in memory. We present here a methodology to combine timing analysis to perform the hammering in a controlled manner to create bit flips in cryptographic keys which are stored in memory. The attack would require only user level privilege for Linux kernel versions before 4.0 and is unaware of the memory location of the key. An intelligent combination of timing Prime \(+\) Probe attack and row-buffer collision is shown to induce bit flip faults in a 1024 bit RSA key on modern processors using realistic number of hammering attempts. This demonstrates the feasibility of fault analysis of ciphers using purely software means on commercial x86 architectures. The attack is also relevant for the newest Linux kernel in a Cross-VM environment where the VMs having root privilege are not denied to access the pagemap.

A Formal Security Analysis of Even-Odd Sequential Prefetching in Profiled Cache-Timing Attacks

Hardware cache prefetching has a profound impact on the memory access pattern of ciphers which are exploited in profiled cache-timing attacks. In this paper, we formally demonstrate that memory access patterns influenced by sequential prefetching and its variant, known as even-odd prefetcher has varying information leakage dependent on the alignment of the underlying tables used in the cipher implementation. This demonstrates that a suitable architecture choice for the hardware prefetcher combined with appropriate memory alignment in software can lead to prefetching architectures which are leakage resilient.

Rapid detection of rowhammer attacks using dynamic skewed hash tree

RowHammer attacks pose a security threat to DRAM chips by causing bit-flips in sensitive memory regions. We propose a technique that combines a sliding window protocol and a dynamic integrity tree to rapidly detect multiple bit-flips caused by RowHammer attacks. Sliding window protocol monitors the frequent accesses made to the same bank in short intervals to identify the vulnerable rows. Dynamic integrity tree relies on SHA-3 Keccak hash function while maintaining the minimal number of vulnerable rows at any particular time to enable detection of bit flips. We demonstrate the effectiveness of the proposed approach by performing RowHammer attacks using the prime and probe method with a DDR3 DRAM. We show that the dynamic tree structure only needs to maintain a small number of vulnerable rows at a time, thus notably reducing the height of the integrity tree to enable rapid detection of the bit-flips.