
Attacks on bypass channels: now not only PCs but also smartphones are under attack (analytical review)
Although mobile devices are in more and more demand, and attacks on cache memory bypass channels (hereinafter referred to as cache attacks) are a powerful way to crack modern microprocessor electronics, until 2016 there were only a few publications on the applicability of these attacks to smartphones . Moreover, these early publications were limited to considering attacks on the AES table and did not touch on more modern methods of internuclear attacks: Prime + Probe [6], Flush + Reload [6], Evict + Reload [7], Flush + Flush [8], Rowhammer [ 9]. In addition, until 2016, it was believed that internuclear cache attacks could only be carried out on Intel and AMD platforms, but recently they had also been carried out for ARM platforms (on smartphones and other mobile devices). [6]
In recent years, there has been a surge in interest from cybersecurity experts - to cache attacks on smartphones. This article is an analytical review of the main discoveries in this area for the period from 2015 to 2017.
- History of bypass channels
- Why cache attacks on ARM
are so unique - Varieties of cache attacks
- - Evict + Time
- - Prime + Probe
- - Flush + Reload
- - Evict + Reload
- - Flush + Flush
- - AnC
- Rowhammer effect
- System memory
deduplication - Pseudo-isolation of the operating system kernel - Inter-core
and interprocessor hidden channels
As for cache attacks on AES tables, despite the fact that it has been known for quite some time that these attacks are possible, the vulnerable implementation of AES tables is still used as the de facto standard; including in modern embedded crypto devices, such as SIM cards. For example, 3G / 4G networks use the AES authentication algorithm MILENAGE. His compromise allows you to clone USIM cards and eavesdrop on conversations. T.O. cache attacks on bypass channels are relevant for both SIM cards (used to access the 2G network) and USIM cards (used to access 3G / 4G networks). In 2015, the “differential power attack” (DPA) was described - an attack that recovers encryption keys (used by the MILENAGE algorithm) and other USIM card secrets in just a few minutes. [3]
History of bypass channels
- As the complexity of the software increases and as the number of advanced software protections increases, hacking of the system at the hardware level, in particular the use of cache attacks on bypass channels, is becoming an increasingly attractive alternative. These attacks are based on vulnerabilities found in the processor-memory architecture. [4]
- In 1985, the technology of reading information from video displays was introduced - by measuring the electromagnetic interference induced by them [10]. Based on this technology, in 2014 a keylogger was developed - built on the basis of a smartphone and radio antenna. [12]
- In 1996, it was shown that by carefully measuring the amount of time spent performing operations with private keys, various cryptographic systems, such as the DES cipher, can be hacked. In 2016, the attack on bypass channels on an encryption device using advanced elliptical cryptography was first demonstrated; during the attack, the secret decryption key was extracted from the target device located in another room. [thirteen]
- In 1997, the "differential distortion method" (DFA) was introduced - an attack that uses various models of micro-failures, as well as various methods of cryptanalysis; to restore secret settings from smart cards and other devices protected from unauthorized access. [11] Having physical access to the device, you can change the supply voltage, the frequency of the clock signal; or environmental conditions (temperature, etc.) - to make the smart card malfunction. Moreover, equipment malfunctions can be triggered - even by software intervention alone; and therefore it can be done in remote access mode.
- In 2014, an attack on cache bypasses was demonstrated; this attack uses information leaks caused by the difference in access time to the data, depending on whether they are in the cache or not; thus this attack makes it clear what data the code under investigation recently operated on. During this attack, a full recovery of AES keys was demonstrated. [9] A little later, in 2015, it was shown that cache bypass channels can be used not only to attack cryptographic systems, but also to collect information about keystrokes. [14]
- In 2014, it was demonstrated that accessing the same memory cell at a high frequency can provoke spontaneous bit switching in DRAM chips (Rowhammer effect). [9] Because DRAM scales to the smallest size, preventing electrical interference between individual cells is not easy. That is why the activation of a certain line from memory leads to distortion of data in adjacent lines.
- In 2015, it was demonstrated that the Rowhammer effect can be used to elevate privileges to the superuser. [15] In the same year, it was demonstrated that spontaneous bit switching can be triggered even by Java code uploaded to the website. [7] Initially, this scenario was implemented only for Intel and AMD systems using DDR3 and DDR4 modules. [16, 17] However, in 2016, this attack was also demonstrated on ARM platforms. [1] In the same year, it was shown that cache attacks can also be used to monitor cache activity in TrustZone. [1]
- In 2016, “reverse engineering” was carried out for the DRAM addressing functions commonly used in modern smartphones. As a result, additional ways of switching bits were discovered that are available for implementation on millions of Android devices, without the need to work in privileged mode. [1]
- In 2016, the attack on the last level of the ARM processor cache was demonstrated for the first time. This attack can be implemented for internuclear and interprocess cache attacks on bypass channels. [1]
Why cache attacks on ARM are so unique
- Attack methods such as Flush + Reload and Flush + Flush - use the unprivileged x86 clflush reset instruction to remove a data line from the cache. However, with the exception of ARMv8-A processors, ARM platforms do not have unprivileged cache reset instructions; and therefore, in 2016, an indirect cache extrusion method was proposed using the Rowhammer effect. [1]
- To conduct a successful cache attack, information such as the exact cycle time of accessing a memory cell is needed. Early cache attacks used system performance counters for these purposes, but this method is inefficient, since these counters on ARM processors are available only in privileged mode. However, in 2016, three alternative sources of synchronization were proposed, including those available in unprivileged mode. [1] One of them is the launch of a parallel synchronizing stream, which continuously increments a global variable. By reading the value of this variable, an attacker can measure the cycle time of accessing a memory cell.
- In addition, the so-called. pseudo-random substitution policy, as a result of which the crowding out of the cache is less predictable than in Intel and AMD processors. Nevertheless, in 2016, an effective cache attack was demonstrated even in such noisy conditions - for three smartphones: “OnePlus One” (uses “Snapdragon 801 SoC” with “Krait 400” processor of ARMv7-A architecture), “Alcatel One Touch Pop 2 ”(uses“ Snapdragon 410 SoC ”with a“ CortexA53 ”processor architecture ARMv8-A),“ Samsung Galaxy S6 ”(uses“ Samsung Exynos 7 Octa 7420 SoC ”with two processor clusters“ ARMv8-A ”). [1]
Varieties of cache attacks
- In general, a cache attack on bypass channels can be divided into three stages: 1) identification of the microarchitectural signal “seeping” from the “leaky” electronic system; Typical examples of such leaking microarchitectural signals are power consumption and electromagnetic radiation of integrated circuits. [2, 3]; 2) monitoring and analysis of this signal during system operation; 3) the identification of pattern differences microarchitectural signal. [2]
- Evict + Time. The basic idea is to determine which cache sets the victim program is accessing. Algorithm: 1) measure the execution time of the victim program; 2) displace a certain part of the cache; 3) measure the execution time of the victim program again. Using the time difference between the two dimensions, you can determine how much time a certain part of the cache was used by the victim at runtime. In 2010, a powerful type of attack based on Evict + Time was demonstrated - against AES on OpenSSL; without the need for open and encrypted texts. [18, 19]
- Prime + Probe.This method — like the previous one — allows an attacker to determine which cache sets the victim program is accessing. Algorithm: 1) fill a certain part of the cache; 2) transfer control to the victim program; 3) determine which part of the full cache still belongs to us. This can be done by measuring the access time to the addresses that the attacker used to fill the cache in the first stage. T.O. if the victim program uses addresses that are mapped to the same areas of the cache as the attacker, then it will force the attacker's data out of the cache; and an attacker can track this in the third stage. In [19], an attack using this mechanism was demonstrated - on OpenSSL AES and Linux dm-crypt. In 2015 [20] it was demonstrated how, using Prime + Probe, you can mount the internuclear and inter-machine hidden channels, and then attack ElGamal in GnuPG. In the same year, a successful attack on the implementation of OpenSSL AES in the cloud was demonstrated. [21]
- Flush + Reload.In 2011 [22] it was shown how clflush can be used to attack AES. Clflush is used to push a tracked memory cell out of the cache; followed by checking whether this cell was reloaded into the cache after the victim program executed a small number of instructions. Algorithm: 1) Project a binary (for example, a shared object) into its address space (using an appropriate system call, such as mmap); 2) extrude the cache line (code or data) from the cache; 3) transfer control to the victim program; 4) check whether this cache line (from clause 2) was loaded by the victim program (this check is carried out by measuring the access time to the memory cell). In 2014, the full restoration of the AES secret key in the VMWare virtual machine was demonstrated, via Flush + Reload cache attack. [23] In the same year, using the same attack, the restoration of the secret key of the OpenSSL algorithm ECDSA (digital signature algorithm based on elliptic curves) was demonstrated. [24] In 2015, through the Flush + Reload attack, the system mechanism of “memory deduplication” was compromised; as a result, the possibility of unauthorized communication between virtual machines running on a common physical machine. [25] In the same year, it was demonstrated how to use Flush + Reload to obtain information about which cryptographic libraries are used by various virtual machines running on a common physical machine. [26] In 2015, it was also shown that in addition to attacking cryptographic systems, the Flush + Reload method can also be used for a keylogger.
- Evict + Reload. It was introduced in 2015 [14]. Uses Flush + Reload for extrusion - instead of extrusion instructions. Although this attack does not make sense for x86 (since clflush does not need privileges), it is very relevant for ARM processors (since such an instruction is available only in privileged mode). The essence of Evict + Reload is that to force the desired cell out of the cache, we fill the cache with a large number of interconnected addresses, as a result of which the mechanism responsible for the crowding out itselfdecides to supplant the cache cell we need. In addition, in 2016 it was shown that an efficient and fast preemptive strategy can initiate spontaneous bit switching in adjacent rows of DRAM modules (as a result of multiple access to the same memory line) using applets written in JavaScript. [24] Thus cache attacks no longer depend on privileged cache flushing instructions like clflush.
- Flush + Flush. Attacks Flush + Reload and Prime + Probe cause numerous cache accesses, the duration of which can be measured (through system performance counters). The Flush + Flush attack, introduced in 2015, is precisely based on these observations. [8] The attack is almost the same as Flush + Reload. A binary or split file object is mapped to the address space of the attacker. The memory cell is forced out of the cache, and control is transferred to the victim program. However, instead of the reboot stage, where the cell we are observing is being accessed, it is again supplanted; without causing misses, in comparison with Flush + Reload or Prime + Probe. T.O. It's easy to tell if a memory location is cached or not.
- AnC.This is a newer modification of the cache attack “Evict + Time”, introduced in 2017. [4] A distinctive feature of AnC is that this cache attack relies on the analysis of cached page tables, which are used in most modern processors (Intel, AMD, ARM). [4] Today, at the heart of any processor is a "memory management unit" (MMU), which simplifies the management of available physical memory - through its virtualization; for subsequent use by several processes. The MMU uses the “page table” data structure to map virtual and physical memory cells. Page Tables is an attractive target for hardware attacks. For example, spontaneous switching of only one bit (caused by the Rowhammer effect) in the “page table” may be sufficient, so that the attacker gains control of the physical address of the memory, to which he should not receive access; and this may be enough to gain superuser privileges. [4]
Rowhammer effect
- A separate DRAM chip has a small capacity, and therefore several microcircuits are connected together on one board - in order to form the so-called DRAM series. One DRAM memory module may contain one or more DRAM rows. A DRAM chip consists of a two-dimensional array of cells. Each DRAM cell is a capacitor; 0 and 1 are the charged or discharged state of the capacitor. Each cell in the grid is connected to a neighboring cell by wire. If any cell is activated, then the voltage is applied both to its capacitor, and to all other capacitors of the same row. Since memory cells become smaller and smaller and closer to each other as technological progress, the interference caused by activation of a memory line very often affects the capacitor charges of adjacent lines. In 2014 it was demonstrated [9], that frequent access to the same DRAM-memory cell leads to the Rowhammer effect - spontaneous bit switching. This effect can be used to increase privileges (for example, to exit the security sandbox [15]); it can be implemented, among other things, as a result of the execution of unprivileged JavaScript code located on the website.
- To “clog” a specific memory cell, an attacker needs to find two addresses in the same DRAM bank - but on different lines. Certain address bits are used to select the line, channel and bank of the memory location. However, how the sampling function works is not documented. Therefore, in 2015 [27] a mechanism was introduced for the complete automation of reverse engineering of the corresponding function; using the fact that "string conflicts" lead to an increase in access time to memory. The essence of the approach used is to search for addresses that are mapped to the same DRAM bank, but on a different line; by repeatedly measuring the access time to two random addresses. For some pairs of addresses, the access time is longer than for others - this means that they belong to different lines, but to the same bank. Then these addresses are grouped into sets having the same channel, line and bank. These identified addresses are then used to reconstruct the addressing function — by generating all linear functions and applying them to all addresses from an arbitrarily selected subset. T.O. since the search space is small, brute force brute force is very effective here. [1]
- The first implementations of attacks using the Rowhammer effect relied either on probabilistic methods (due to which an unplanned system crash could occur during the attack); or specialized memory management functions: memory deduplication, MMU paravirtualization, pagemap interface. However, such functions on modern devices are either not available at all or disabled for security reasons. [thirty]
- Therefore, in 2016, the Drammer attack was introduced - free from the listed disadvantages and limitations. It relies only on the current capabilities of modern operating systems, which are available without superuser rights. In particular, the predictable behavior of the subsystem of the distribution of physical memory. This predictability is used to achieve the distribution of physical memory (in which sensitive data will be processed, such as tables of memory pages) in a vulnerable location of physical memory chosen by the attacker. The corresponding technique of "massaging the memory" was called Phys Feng Shui. To demonstrate the operability of the Drammer attack, an exploit implementation is provided that gives access to the root directory for an Android device. This exploit can be launched by any application without special permission; and without exploiting any software vulnerability. [thirty]
- T.O. Using the Drammer attack as an example, it was shown that attacks using the Rowhammer effect are applicable not only to personal computers (running on Intel and AMD processors), but also to mobile phones (running on ARM processors); This demonstration showed that modern software protection against this attack is ineffective and useless. [thirty]
- In 2016, the Flip Feng Shui (FFS) memory massage technique was introduced, a new vector for exploiting the Rowhammer effect, which allows an attacker to initiate predictable bit hops in an arbitrary place in physical memory; and have full control over this process; even with the complete absence of vulnerabilities in the attacked software. As part of a demonstration of the FFS technique, the update mechanism used by the Ubuntu / Debian operating systems was compromised. [31]
- In 2017, it was demonstrated that modern MLC NAND flash memory modules, which are widely used in solid-state SSD drives, are also susceptible to an attack using the Rowhammer effect. As a result of an attack on these media, an attacker could damage the data on them. And just by reading alone - without write requests. [5]
System memory deduplication
- The deduplication subsystem of content-oriented pages scans the entire system memory for identical physical memory pages; and glues them into one physical page. This mechanism can improve system performance when system memory is limited; for example, for smartphones or servers with a large number of virtual machines. [1]
- Shared memory (the prototype of deduplication) is a shared memory area that several programs can access to ensure data exchange or to avoid redundant copies of repeating program code in memory. Shared libraries reduce the amount of memory used and increase performance (due to reduced competition for the cache - there is only one code, and it does not need to be crowded out). Among other things, the shared memory mechanism allows you to implement the plug-in mechanism - when the program functions are defined by more than one single executable file, but can also be loaded from other places. In the kernel of the operating system, the shared memory mechanism is implemented by linking the same area of physical memory - with virtual address spaces of different processes. [1]
- Memory deduplication is a well-known technology for reducing the amount of memory used in virtual machines; now also used by default in Windows 8.1 and 10. The deduplication subsystem projects several identical copies of physical pages of memory - onto one shared copy, with access in the “copy on write” mode. As a result, with read requests, each process receives data from the same page. If the process wants to write data, then before it can do this, a separate copy of the page is created for it. As a result, writing to a shared page causes a “page failure”, and therefore writing to a shared page is much slower than writing to a regular page. An attacker who can create pages on the target system can exploit this time difference, to discover the existence of pages of interest to him. [35]
- In 2016, it was demonstrated how, through an attack on the bypass channel on the deduplication subsystem, an attacker can read any data from the system memory. Three techniques were presented for this. First, it was shown how, thanks to the ability to control the alignment of data in memory, it is possible to impose confidential information on known content; and then perform byte-based disclosure of sensitive data (for example, randomized 64-bit pointers). Secondly, it was shown how even without the ability to control the alignment, but having the ability to partially overwrite the data, the attacker can still achieve byte-based disclosure of confidential data. Thirdly, it was shown that even when it is not possible to control the alignment of the memory and partially overwrite the data, Byte-based disclosure of confidential information is still possible - by encouraging the target process to create a large number of interconnected pages. [35]
- To demonstrate these three attacks through a bypass channel to the deduplication subsystem, an active JavaScript attack was presented on the new Microsoft Edge browser - in the absence of software errors and with the active state of all available protections. As a result of this attack, the attacker gains full access to the address space of the browser; with the ability to read and write data. In addition, using the popular ngnix web server as an example, it was demonstrated how, using the same technique, you can capture all system memory: exit the isolated browser environment and attack any other independent process running on the same system. [35]
- T.O. expanding the functionality of operating systems leads to a constantly expanding surface of possible attacks. Even at first glance, harmless functions, such as memory deduplication, in the hands of an advanced attacker can lead to fatal consequences. [35]
Pseudo-isolation of the operating system kernel
- ASLR (pseudo-random distribution of address space) hides confidential information (shadow stacks and hidden regions) in a random place in a very large address space. A significant part of the “derandomizing” attacks rely on complex implementations of bypass channels, or probing the areas of the displayed memory. Assuming that there are no weak spots in the implementation of the “hidden regions”, these attacks usually lead to numerous system crashes and other visible side effects. For this reason, many researchers believe that pseudo isolation using ASLR is still quite strong. [33]
- However, in 2016, a powerful technique was introduced to hack ASLR and find hidden regions on 32-bit and 64-bit Linux platforms using a very small number of “malicious manipulations”. The originality of the proposed method lies in the fact that, instead of accessing the allocated memory areas, it operates with an unallocated address space - by repeatedly allocating large pieces of memory. Such manipulations allow an attacker to determine the location of hidden regions. T.O. ASLR is no longer strong protection. [33]
- Modern operating system kernels use ASLR - to protect the operating system from attacks that rely on knowledge of virtual addresses, in particular the so-called "Reverse oriented programming" (ROP). This is necessary because kernel code, as well as user program code, contains errors that can be used to undermine system security. Therefore, modern operating systems try to isolate kernel code from user space. [37]
- In May 2017, the KAISER security system was introduced, which claims to reliably isolate the kernel of the operating system from the user address space. But despite the marketing assurances dressed in technically convincing arguments, it essentially does not solve the problem, because it works at the program level. [37] In particular, KAISER cannot counteract the attack on BTB (target branch buffer), introduced in 2016. [36]
- In 2016, an attack on the branch buffer (BTB) was introduced. BTB indexing relies on the lower 30 bits of the virtual address. Just like in the cache attacks already presented, the attacker occupies parts of the BTB, executing several transition instructions in sequence. If the kernel of the operating system uses virtual addresses, with the same 30-bit values as the attacker, this selected sequence of commands will take longer. Through targeted execution of system calls, an attacker can obtain information about the virtual addresses of the code that is executed during a system call. A BTB attack can be used to circumvent the core pseudo-isolation defense mechanism. But this attack has not yet been implemented for the latest architectures such as Intel Skylake (Intel Skylake i7-6700K), since this architecture has not yet been reverse engineered. However, this is only a matter of time. [36]
- In April 2017, it was shown that pseudo-isolation based on randomization of memory allocation has exhausted itself and in the light of the existence of modern highly effective cache attacks cannot provide decent protection. [34]
Internuclear and interprocessor hidden channels
- Covert channels bypass isolation mechanisms in the cloud. In particular, hidden cache channels allow you to transfer several hundred kilobits per second - between unprivileged user programs located on different virtual machines. However, the caches are small, separable, and therefore such communications are susceptible to noise from any system activity and interruptions. [29]
- Cache attacks allow you to implement high-performance internuclear and interprocessor hidden cache channels - on modern smartphones; using Flush + Reload, Evict + Reload or Flush + Flush. The covert channel allows two unprivileged applications to communicate with each other without using any system data transfer mechanisms. Thanks to this, you can break out of the "sandbox" and bypass the "limited permissions" system. In particular, on Android, an attacker can use one application that has access to the personal contacts of the device owner - to send data via a hidden channel to another application; having access to the Internet (see example [28]). T.O. an attacker could steal personal information.
- The main idea of the covert channel is that the sender and receiver agree on the set of memory addresses of some shared library. They use to transfer information - loading a cell into the cache or unloading it from there. For example, if such a cell is in the cache, then it is one, and if not, then it is zero. In [1] a batch implementation of data transmission is presented; with the possibility of re-requesting undelivered packets; it uses the “send bit” and “confirmation bit”, which are implemented on the same principle; as well as the checksum entered. It turns out something like TCP over a covert channel.
- In 2017, the first of its kind implementation of a covert channel operating under the SSH protocol was presented with a relatively high bandwidth (45 Kbps); this implementation provides fail-safe communications between two virtual machines even in conditions of extreme cache noisy. Thanks to this SSH tunneling, the covert channel can be used, among other things, for communication via telnet service. [29]
- In 2015, a unique method of forming a covert channel was presented that was able to work effectively even in the presence of severe countermeasures. The general technique for counteracting the operation of covert channels is to pseudo-isolate the address space of critical processes - either by randomly allocating memory (so that an attacker could not track which part of the memory the target program is working with) or by allocating a separate processor core or separate physical module to perform critical operations dynamic memory. The technique under consideration for the formation of a hidden channel is based on an analysis of the thermal activity of a microprocessor system. [32]
- For this, temperature information is used, which is influenced by the processes occurring in the core. The following two effects are used here. Firstly, the residual thermal traces in the core are preserved even when the process has stopped its execution; and this trace is partially transmitted to the next process, which begins to execute on this core; thus information about one process can flow into another, which follows it on a schedule. Secondly, the thermal footprint also affects other cores (if these several cores are located on the same chip). [32]
- Of course, the bandwidth of the hidden heat channel is very limited, but these channels are quite suitable for transmitting such sensitive data as credit card numbers (16 digits). For example, the throughput of the “thermal channel” on the Intel Xeon server (with two processors of 8 cores) is 12.5bit / s. The credit card number on this channel is transmitted from 5 seconds to 4 minutes. [32]
- Also in 2015, as part of a demonstration of the possibilities of a hidden heat channel, it was shown that this technique allows the identification of applications based on their thermal traces. At the same time, over time, the efficiency and productivity of hidden thermal channels will only grow, because the user is provided with more and more detailed information about the temperature of the system so that he can take effective cooling measures. [32]
- In 2016, a new implementation of the hidden channel on Android was introduced, which works 250 times faster than any other previously proposed implementations. [1]
1. Moritz Lipp, Daniel Gruss. ARMageddon: Cache Attacks on Mobile Devices // Proceedings of the 25th USENIX Security Symposium. 2016. pp. 549-564.
2. Robert Callan. A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events // 47th Annual IEEE / ACM International Symposium on Microarchitecture (MICRO), Pages 242-254, December 2014.
3. Junrong Liu. Small Tweaks do Not Help: Differential Power Analysis of MILENAGE Implementations in 3G / 4G USIM Cards. 2015. BlackHat
4. by Herbert Bos, Ben Gras. Reverse Engineering Hardware Page Table Caches Using Side-Channel Attacks on the MMU . 2017.
5. the Yu of Cai, Saugata Ghose.Vulnerabilities in MLC NAND Flash Memory Programming: Experimental Analysis, Exploits, and Mitigation Techniques // 23rd IEEE Symposium on High Performance Computer Architecture, Industrial session, February 2017.
6. Falkner Katrina. Flush + Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack // Proceedings of the 23rd USENIX Security Symposium. 2014. pp. 719-732.
7. Gruss Daniel, Maurice Clementine M angard, Stefan. Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript . 2016.
8. Gruss by Daniel, by Klaus Wagner. Flush + Flush: A Stealthier Last-Level Cache Attack . 2015.
9. Kim Yoongu, Ross Daly.Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors // Proceeding of the 41st Annual International Symposium on Computer Architecuture. Piscataway, NJ, USA: IEEE Press, 2012 (ISCA '14).
10. Eck Wim. Electromagnetic radiation from video display units: An eavesdropping risk? // Computers and Security. No. 4, 1985. pp. 269-286.
11. Biham Eli, Shamir Adi. Differential Fault Analysis of Secret Key Cryptosystem // Advances in Cryptology - CRYPTO '97 Bd. 1294.
12. Callan Robert, Zajic Alenka.A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events // Proceedings of the 47th Annual IEEE / ACM International Symposium on Microarchitecture. 2014. pp. 242–254.
13. Genkin Daniel. ECDH key-extraction via low-bandwidth electromagnetic attacks on PCs // Cryptology ePrint Archive, Report 2016/129.
14. Gruss Daniel. Cache template attacks: Automating attacks on inclusive last-level caches // Proceedings of the 24th USENIX Security Symposium. 2015. pp. 897–912.
15. Seaborn Mark. Exploiting the DRAM rowhammer bug to gain kernel privileges . 2015.
16. Gruss by Daniel. Rowhammer bitflips on Skylake with DDR4 . 2016.
17. Lanteigne Mark. How Rowhammer Could Be Used to Exploit Weakness Weaknesses in Computer Hardware . 2016.
18. Osvik Dag, Shamir Adi. Cache Attacks and Countermeasures: the Case of AES // Topics in Cryptology. 2005. pp. 1-20.
19. Tromer Eran, Osvik Dag. Efficient cache attacks on AES, and countermeasures // Journal of Cryptology. 23 (1), 2010. pp. 37-71.
20. Liu Fangfei, Yarom, Yuval. Last-level cache side-channel attacks are practical // Proceedings of the IEEE Symposium on Security and Privacy Bd. 2015. pp. 605-622.
21. Eisenbarth Thomas.A Shared Cache Attack that Works Across Cores and Defies VM Sandboxing - and its Application to AES // IEEE Symposium on Security and Privacy. 2015.
22. Gullasch by David, Endre Bangerter. Cache games - Bringing access-based cache attacks on AES to practice // Proceedings of the IEEE Symposium on Security and Privacy. 2011. pp. 490-505.
23. Irazoqui Gorka, Inci Mehmet. Wait a minute! A fast, cross-VM attack on AES // Lecture Notes in Computer Science Bd. 2014. pp. 299-319.
24. Yarom Yuval, Benger Naomi. Recovering OpenSSL ECDSA Nonces Using the Flush + Reload Cache Side-channel Attack // Cryptology ePrint Archive, Report 2014/140 (2014).
25. Gulmezoglu Berk, Inci Mehmet.A Faster and More Realistic Flush + Reload Attack on AES // Proceedings of the 6th international workshop on Constructive Side-Channel Analysis and Secure Design. 2015. pp. 111-126.
26. Irazoqui Gorka, Inc. Mehmet. Know Thy Neighbor: Crypto Library Detection in Cloud // Proceedings of the Privacy Enhancing Technologies. 2015. pp. 25-40.
27. Pessl Peter, Gruss Daniel. Reverse Engineering Intel DRAM Addressing and Exploitation . 2015.
28. Marforio Claudio, Ritzdorf Hubert. Analysis of the communication between colluding applications on modern smartphones // Proceedings of the 28th Annual Computer Security Applications Conference. 2012. pp. 51-60.
29. Clementine Maurice, Manuel Webe.Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud . 2017.
30. by Victor van der Veen, Lindorfer. Drammer: Deterministic Rowhammer Attacks on Mobile Platforms // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016. pp. 1675-1689.
31. Kaveh Razavi, Ben Gras. Flip Feng Shui: Hammering a Needle in the Software Stack // Proceedings of the 25th USENIX Security Symposium. 2016. pp. 1-18.
32. Ramya Jayaram Masti, Devendra Rai. Thermal Covert Channels on Multi-core Platforms // Proceedings of the 24th USENIX Security Symposium. 2015. pp. 865-880.
33. Angelos Oikonomopoulos.Poking Holes in Information Hiding // Proceedings of the 25th USENIX Security Symposium. 2016. pp. 121-138.
34. Koen Koning. No Need to Hide: Protecting Safe Regions on Commodity Hardware // Proceedings of the Twelfth European Conference on Computer Systems. 2017. pp. 437-452.
35. Erik Bosman. Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector // Proceedings of the IEEE Symposium on Security and Privacy. 2016. pp. 987-1004.
36. Evtyushkin, D., Ponomarev, D. Jump over ASLR: Attacking branch predictors to bypass ASLR // Proceedings of the 49th International Symposium on Microarchitecture. 2016. pp. 1-13.
37. by Daniel Gruss, of Moritz Lipp. KASLR is Dead: Long Live KASLR. 2017.
Only registered users can participate in the survey. Please come in.
Which translation is most suitable for Side-Channel Attacks?
- 15.6% Attacks on bypass channels (as in the series "Agents Shch.I.T.") 5
- 43.7% Side channel attacks (as in the term PEMIN) 14
- 40.6% Attacks on third-party channels (as they say on "] [Aker") 13
- 0% Your own version (write in the comments) 0