Port Contention for Fun and Profit

Alejandro Cabrera Aldaya, Billy B. Brumley, Sohaib ul Hassan, Cesar Pereida García, Nicola Tuveri

Tutkimustuotos: KonferenssiartikkeliScientificvertaisarvioitu

112 Sitaatiot (Scopus)

Abstrakti

Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing our channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount an end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application.
AlkuperäiskieliEnglanti
Otsikko2019 IEEE Symposium on Security and Privacy (SP) (2019)
JulkaisupaikkaSan Francisco, CA, US
KustantajaIEEE
Sivut1037-1054
Sivumäärä18
ISBN (elektroninen)978-1-5386-6660-9
DOI - pysyväislinkit
TilaJulkaistu - 20 toukok. 2019
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisussa
TapahtumaIEEE Symposium on Security and Privacy - San Francisco, Yhdysvallat
Kesto: 19 toukok. 201923 toukok. 2019

Julkaisusarja

Nimi
ISSN (painettu)1081-6011

Conference

ConferenceIEEE Symposium on Security and Privacy
Maa/AlueYhdysvallat
KaupunkiSan Francisco
Ajanjakso19/05/1923/05/19

Julkaisufoorumi-taso

  • Jufo-taso 2

Sormenjälki

Sukella tutkimusaiheisiin 'Port Contention for Fun and Profit'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä