TY - GEN
T1 - Unveiling hardware-based data prefetcher, a hidden source of information leakage
AU - Shin, Youngjoo
AU - Kim, Hyung Chan
AU - Kwon, Dokeun
AU - Jeong, Ji Hoon
AU - Hur, Junbeom
N1 - Funding Information:
We are grateful to the anonymous reviewers and our shepherd, Boris Köpf, for their valuable feedbacks. We also would like to thank Matt Caswell for suggesting the mitigation of prefetching vulnerability in OpenSSL library. This work was supported by the National Research Foundation of Korea (NRF) grant funded by the Korean government (MSIT) (No.2017R1C1B5015045 and No. 2016R1A2A2A05005402) and by the MSIP (Ministry of Science, ICT & Future Planning), Korea, under the National Program for Excellence in SW supervised by the IITP (Institute for Information & communications Technology Promotion)(2017-0-00096). This work was also supported in part by NSR grant (2018-057) and by an IITP grant funded by the MSIP (No. 2017-0-00184, Self-Learning Cyber Immune Technology Development).
PY - 2018/10/15
Y1 - 2018/10/15
N2 - Data prefetching is a hardware-based optimization mechanism used in most of the modern microprocessors. It fetches data to the cache before it is needed. In this paper, we present a novel microarchitectural attack that exploits the prefetching mechanism. Our attack targets Instruction pointer (IP)-based stride prefetching in Intel processors. Stride prefetcher detects memory access patterns with a regular stride, which are likely to be found in lookup table-based cryptographic implementations. By monitoring the prefetching activities near the lookup table, attackers can extract sensitive information such as secret keys from victim applications. This kind of leakage from prefetching has never been considered in the design of constant time algorithm to prevent side-channel attacks. We show the potential of the proposed attack by applying it against the Elliptic Curve Diffie-Hellman (ECDH) algorithm built upon the latest version of OpenSSL library. To the best of our knowledge, this is the first microarchitectural side-channel attack exploiting the hardware prefetching of modern microprocessors.
AB - Data prefetching is a hardware-based optimization mechanism used in most of the modern microprocessors. It fetches data to the cache before it is needed. In this paper, we present a novel microarchitectural attack that exploits the prefetching mechanism. Our attack targets Instruction pointer (IP)-based stride prefetching in Intel processors. Stride prefetcher detects memory access patterns with a regular stride, which are likely to be found in lookup table-based cryptographic implementations. By monitoring the prefetching activities near the lookup table, attackers can extract sensitive information such as secret keys from victim applications. This kind of leakage from prefetching has never been considered in the design of constant time algorithm to prevent side-channel attacks. We show the potential of the proposed attack by applying it against the Elliptic Curve Diffie-Hellman (ECDH) algorithm built upon the latest version of OpenSSL library. To the best of our knowledge, this is the first microarchitectural side-channel attack exploiting the hardware prefetching of modern microprocessors.
KW - ECDH algorithm
KW - Hardware prefetching
KW - Microarchitectural side-channel attacks
KW - OpenSSL
UR - http://www.scopus.com/inward/record.url?scp=85056861340&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056861340&partnerID=8YFLogxK
U2 - 10.1145/3243734.3243736
DO - 10.1145/3243734.3243736
M3 - Conference contribution
AN - SCOPUS:85056861340
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 131
EP - 145
BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 25th ACM Conference on Computer and Communications Security, CCS 2018
Y2 - 15 October 2018
ER -