Abstract
Data prefetching is a hardware-based optimization mechanism used in most of the modern microprocessors. It fetches data to the cache before it is needed. In this paper, we present a novel microarchitectural attack that exploits the prefetching mechanism. Our attack targets Instruction pointer (IP)-based stride prefetching in Intel processors. Stride prefetcher detects memory access patterns with a regular stride, which are likely to be found in lookup table-based cryptographic implementations. By monitoring the prefetching activities near the lookup table, attackers can extract sensitive information such as secret keys from victim applications. This kind of leakage from prefetching has never been considered in the design of constant time algorithm to prevent side-channel attacks. We show the potential of the proposed attack by applying it against the Elliptic Curve Diffie-Hellman (ECDH) algorithm built upon the latest version of OpenSSL library. To the best of our knowledge, this is the first microarchitectural side-channel attack exploiting the hardware prefetching of modern microprocessors.
Original language | English |
---|---|
Title of host publication | CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security |
Publisher | Association for Computing Machinery |
Pages | 131-145 |
Number of pages | 15 |
ISBN (Electronic) | 9781450356930 |
DOIs | |
Publication status | Published - 2018 Oct 15 |
Event | 25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada Duration: 2018 Oct 15 → … |
Publication series
Name | Proceedings of the ACM Conference on Computer and Communications Security |
---|---|
ISSN (Print) | 1543-7221 |
Conference
Conference | 25th ACM Conference on Computer and Communications Security, CCS 2018 |
---|---|
Country/Territory | Canada |
City | Toronto |
Period | 18/10/15 → … |
Bibliographical note
Publisher Copyright:© 2018 Association for Computing Machinery.
Keywords
- ECDH algorithm
- Hardware prefetching
- Microarchitectural side-channel attacks
- OpenSSL
ASJC Scopus subject areas
- Software
- Computer Networks and Communications