Skip to main content
SpringerLink
Log in

On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems

  • Conference paper
  • First Online:
Trusted Systems (INTRUST 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9473))

Included in the following conference series:

Abstract

Virtualization has become one of the most important security enhancing techniques for embedded systems during the last years, both for mobile devices and cyber-physical system (CPS). One of the major security threats in this context is posed by side channel attacks. In this work, Bernstein’s time-driven cache-based attack against AES is revisited in a virtualization scenario based on an actual CPS using the PikeOS microkernel virtualization framework. The attack is conducted in the context of the implemented virtualization scenario using different scheduler configurations. We provide experimental results which show that using dedicated cores for crypto routines will have a high impact on the vulnerability of such systems. We also compare the results to previous work in that field and our visualization directly shows the differences between cache architectures of the ARM Cortex-A8 and Cortex-A9. Further, a non-invasive countermeasure against timing attacks based on the scheduler of PikeOS is devised, which in fact increases the system’s security against cache timing attacks.

Parts of this contribution were supported by the German Federal Ministry of Education and Research in the project SIBASE through grant number 01IS13020.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Aeronautical Radio, Inc.: Avionics application software standard interface, ARNIC Specification p. 653 (1997)

    Google Scholar 

  4. Aly, H., ElGayyar, M.: Attacking AES using bernstein’s attack on modern processors. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 127–139. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  5. Bernstein, D.J.: Cache-timing attacks on AES. Technical report (2005)

    Google Scholar 

  6. Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  7. Gallais, J.-F., Kizhvatov, I., Tunstall, M.: Improved trace-driven cache-collision attacks against embedded AES implementations. In: Chung, Y., Yung, M. (eds.) WISA 2010. LNCS, vol. 6513, pp. 243–257. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  8. Gueron, S.: Intel\({\textregistered }\) advanced encryption standard (aes) instructions set. Technical report (2008)

    Google Scholar 

  9. Gullasch, D., Bangerter, E., Krenn, S.: Cache games - bringing access-based cache attacks on AES to practice. In: IEEE Symposium on Security and Privacy - S&P 2011. IEEE Computer Society (2011)

    Google Scholar 

  10. Kaiser, R., Wagner, S.: Evolution of the pikeos microkernel. In: First International Workshop on Microkernels for Embedded Systems, p. 50 (2007)

    Google Scholar 

  11. Käsper, E., Schwabe, P.: Faster and timing-attack resistant AES-GCM. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 1–17. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. Kim, T., Peinado, M., Mainar-Ruiz, G.: Stealthmem: system-level protection against cache-based side channel attacks in the cloud. In: Presented as Part of the 21st USENIX Security Symposium (USENIX Security 2012), pp. 189–204, Bellevue, WA, USENIX (2012)

    Google Scholar 

  13. Könighofer, R.: A fast and cache-timing resistant implementation of the AES. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 187–202. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Matsui, M., Nakajima, J.: On the power of bitslice implementation on intel core2 processor. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 121–134. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Neve, M., Seifert, J.-P., Wang, Z.: A refined look at bernstein’s aes side-channel analysis. In: ASIACCS, p. 369 (2006)

    Google Scholar 

  16. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, New York, NY, USA, pp. 199–212. ACM (2009)

    Google Scholar 

  18. Spreitzer, R., Gérard, B.: Towards more practical time-driven cache attacks. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 24–39. Springer, Heidelberg (2014)

    Google Scholar 

  19. Spreitzer, R., Plos, T.: On the applicability of time-driven cache attacks on mobile devices. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 656–662. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  20. Stefan, D., Buiras, P., Yang, E.Z., Levy, A., Terei, D., Russo, A., Mazières, D.: Eliminating cache-based timing attacks with instruction-based scheduling. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 718–735. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  21. Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-vm side-channels. In: 23rd USENIX Security Symposium (USENIX Security 2014), San Diego, CA, pp. 687–702. USENIX Association, August 2014

    Google Scholar 

  22. Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An optimal key enumeration algorithm and its application to side-channel attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  23. Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security evaluations beyond computing power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  24. Weiß, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Institut AISEC, Garching, Germany

    Michael Weiß & Benjamin Weggenmann

  2. Technische Universität München, Munich, Germany

    Moritz August & Georg Sigl

Authors
  1. Michael Weiß
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Benjamin Weggenmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Moritz August
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Georg Sigl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Weiß .

Editor information

Editors and Affiliations

  1. Google, New York, New York, USA

    Moti Yung

  2. Beijing Institute of Technology, Beijing, China

    Liehuang Zhu

  3. Institute for Infocomm Research, Singapore

    Yanjiang Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Weiß, M., Weggenmann, B., August, M., Sigl, G. (2015). On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems. In: Yung, M., Zhu, L., Yang, Y. (eds) Trusted Systems. INTRUST 2014. Lecture Notes in Computer Science(), vol 9473. Springer, Cham. https://doi.org/10.1007/978-3-319-27998-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-27998-5_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-27997-8

  • Online ISBN: 978-3-319-27998-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation