Lecture 11: Side Channel Attacks and Countermeasures

Question 1

Explain one difference between attacks through “Side channels” and “Fault injection”

Answer 1

• Side channels: passive, non-invasive attacks

- Fault injection: active, partially invasive attack

Question 2

Explain how a “Timing Side Channel Attack” could work

Answer 2

• In the case of guessing a pin
  o Evaluate the time it takes to evaluate different numbers
  o If it can be determined that two or more numbers take roughly the same amount of time to evaluate, then something can also be said about the validity of these numbers when compared to each other

Question 3

Explain how a “Time Driven Side Channel Attack” could play out

Answer 3

• Attacker triggers an execution of the victim (i.e. encryption)
• Measures (indirectly or directly) the execution time
• Uses this knowledge to estimate the number of cache misses and hits of the victim
• From number of hits/misses it estimate a secret value

Question 4

Explain how a “Trace Driven Side Channel Attack” could play out

Answer 4

• Attacker has many capabilities
• Profile the cache activities during execution of the victim
• Thus, observe the cache effects of an operation

Question 5

Explain how a “Access Driven Side Channel Attack” could play out

Answer 5

• Attacker determines the cache lines accessed by the victim

* By observing cache side effects of victim’s computation on the behavior of the attacker

Question 6

Explain how a “Instruction Cache Side Channel Attack” could play out

Answer 6

• Attacker determines the cache lines accessed by the victim

* By observing cache side effects of victim’s computation on the behavior of the attacker

Question 7

Give some examples of practical problems for an attacker when performing a Side Channel Attack

Answer 7

•	Noise
o	Other processes may interfere
•	Ability to probe 
o	The probing process can interfere
•	Multiple accesses make difficult to extract secrets from eviction patterns

Question 8

List some ways to protect against Side Channel Attacks

Answer 8

• Eliminating the side channel
• Cache flushing
• Actively eliminating the side channel
• Hardware countermeasures
• Reducing side-channel bandwidth

Question 9

List some ways in which one could “Eliminate the Side Channel”, and some drawbacks with them

Answer 9

•	Totally disable caches
•	Disable caches for the victim
o	For trace driven and access driven attacks
•	Disable caches for the attacker
o	To prevent him to prime/probe
•	Huge performance impact

Question 10

Explain what “Cache Flushing” is good for, and how it is done

Answer 10

• Only for access driven attacks
o Flush at the beginning
o Flush at exiting
• If attacker shares memory, then flush at beginning and exiting
o Attacker could prime the cache and measure execution time of the victim
o Attacker could measure if something is in the cache after the execution of the victim

Question 11

Explain how “Cache Partitioning” is done, and some problems with it

Answer 11

•	For access driven and trace driven attacks
•	Usually via MMU
•	Assume 8KB cache, 4KB pages, 2 processes
o	Even pages are reserved for process 1
o	Odd pages are reserved for process 2
•	Attacker cannot monitor cache accesses
•	Problems
o	Under-utilization of caches
o	Difficult for several processes

Question 12

Explain how a way of “Actively eliminating the side channel” could be designed

Answer 12

• For access driven attacks
• Victim can explicitly evict all lines that can leak secrets (i.e. SBox) when exiting
• Victim can normalize that of the cache when starting by priming it with data that can be accessed

Question 13

Give some examples of how one could “Reduce Side-channel bandwidth”

Answer 13

• Introduce noise
o Trace-driven and access driven: by accessing random data
o Timing-channels: by adding random computations
• Randomize position of data structure
• Reduce precision in measuring time
o E.g. introduce random noise
o (attacker could access an external source for timing, like GPS signal or network protocols)

Question 14

Give two examples of how Side Channel Attacks can be detected

Answer 14

• identify a process that primes caches:
  o at context switch cache contains suspicious (unrelated) addresses
• identify a process that probes caches:
  o frequent syscall requests to access system time

Question 15

Explain what “Constant time programming” is, and how it works

Answer 15

• Cache state depends on sequence of memory accesses (loads, stores, instruction fetches) performed
• Execution time depends on sequence of memory accesses and sequence of instruction executed
• Make these constants
• Constant time programming
  o Never branch
  o Always access the same entry of arrays