Activities per year
Abstract
Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing our channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount an end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application.
Original language | English |
---|---|
Title of host publication | 2019 IEEE Symposium on Security and Privacy (SP) (2019) |
Place of Publication | San Francisco, CA, US |
Publisher | IEEE |
Pages | 1037-1054 |
Number of pages | 18 |
ISBN (Electronic) | 978-1-5386-6660-9 |
DOIs | |
Publication status | Published - 20 May 2019 |
Publication type | A4 Article in conference proceedings |
Event | IEEE Symposium on Security and Privacy - San Francisco, United States Duration: 19 May 2019 → 23 May 2019 |
Publication series
Name | |
---|---|
ISSN (Print) | 1081-6011 |
Conference
Conference | IEEE Symposium on Security and Privacy |
---|---|
Country/Territory | United States |
City | San Francisco |
Period | 19/05/19 → 23/05/19 |
Keywords
- public-key-cryptography
- applied-cryptography
- ECDSA
- side-channel-analysis
- timing-attacks
- microarchitecture-attacks
- OpenSSL
- CVE-2018-5407
Publication forum classification
- Publication forum level 2
Fingerprint
Dive into the research topics of 'Port Contention for Fun and Profit'. Together they form a unique fingerprint.Datasets
-
PortSmash Proof-of-Concept exploit
Aldaya, A. C. (Creator), Brumley, B. (Creator), Sohaib ul Hassan, N. (Creator), Pereida Garcia, C. (Creator) & Tuveri, N. (Creator), Zenodo, 29 Jan 2019
DOI: 10.5281/zenodo.2552315, https://github.com/bbbrumley/portsmash/releases/tag/v1.0.0
Dataset
Activities
- 1 Regular membership of a society or network
-
COST Action (External organisation)
Brumley, B. (Member)
12 Dec 2014 → 11 Dec 2018Activity: Membership › Regular membership of a society or network