Port Contention for Fun and Profit

Alejandro Cabrera Aldaya, Billy B. Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

22 Citations (Scopus)


Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing our channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount an end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application.
Original languageEnglish
Title of host publication2019 IEEE Symposium on Security and Privacy (SP) (2019)
Place of PublicationSan Francisco, CA, US
Number of pages18
ISBN (Electronic)978-1-5386-6660-9
Publication statusPublished - 20 May 2019
Publication typeA4 Article in conference proceedings
EventIEEE Symposium on Security and Privacy - San Francisco, United States
Duration: 19 May 201923 May 2019

Publication series

ISSN (Print)1081-6011


ConferenceIEEE Symposium on Security and Privacy
Country/TerritoryUnited States
CitySan Francisco


  • public-key-cryptography
  • applied-cryptography
  • side-channel-analysis
  • timing-attacks
  • microarchitecture-attacks
  • OpenSSL
  • CVE-2018-5407

Publication forum classification

  • Publication forum level 2


Dive into the research topics of 'Port Contention for Fun and Profit'. Together they form a unique fingerprint.

Cite this