Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SC Analysis > Historical Overview of Side Channel Attacks > Flashcards

Historical Overview of Side Channel Attacks Flashcards

1
Q

Overview of SC history

A

Prime+Probe => FLUSH/RELOAD => Speculation assisted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Prime+Probe

A

○ Secret exponent split into small groups of bits, called windows
○ For each window, use window to index into a table of partial results, then combine result into overall result
○ Entries in partial results table are very large => occupy multiple cache blocks
○ Attacker fills cache with its own data (Prime), RSA evicts the data, attacker requests same data again (probe)
==> can recover entire secret key from exponent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 mitigations for cache-based SC

A
  1. Cache partitioning - each process has its own line in the set and cannot access other processes’ lines
  2. Prevent high-accuracy measurement of time - cache hit vs miss is measured in 100s of nanoseconds => don’t allow processes to get elapsed time in ns
  3. Make sequence of block accesses not dependent on secret data (preferred, no processor support needed)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

FLUSH/Reload

A

○ Attack on modular exponentiation
§ If (bit == 1) then: X
§ (Do nothing if bit is 0)
○ Attacker program loads crypto library into memory
○ System libs are loaded into memory once (to save space)
○ Attacker program uses clflush instruction to flush the instruction X out of the cache block
○ ==> Presence / absence of a that block in the cache tells us if the last bit was a 0 or a 1
Attacker can just read instruction X, and measure how long it took (slow? Block not in the cache, bit is 0, fast? Block is in the cache, bit is 1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Mitigation for FLUSH+RELOAD

A

secret-independent control flow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spectre (variant 2)

A

§ Used Prime-and-Probe-like shared cache SC
§ Victim RSA with scatter-gather
§ Train branch-predictor so that it loads from memory based on a wval-based address
§ Use Prime and Probe to recover

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

how to train branch predictor in spectre variant 2

A
  • If secret is stored in R1, make victim program speculatively start executing at an address that uses R1 to access memory
  • Can then use a cache SC to tell which memory was accessed ==> can figure out what value was in R1 ==> now know the secret
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

SC Analysis (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions