Skip to Main content Skip to Navigation
Conference papers

Calibration Done Right: Noiseless Flush+Flush Attacks

Guillaume Didier 1, 2, 3 Clémentine Maurice 4 
3 SPICY - Security & PrIvaCY
IRISA-D1 - SYSTÈMES LARGE ÉCHELLE
4 SPIRALS - Self-adaptation for distributed services and large software systems
Inria Lille - Nord Europe, CRIStAL - Centre de Recherche en Informatique, Signal et Automatique de Lille - UMR 9189
Abstract : Caches leak information through timing measurements and side-channel attacks. Several attack primitives exist with different requirements and trade-offs. Flush+Flush is a stealthy and fast one that uses the timing of the clflush instruction depending on whether a line is cached. We show that the CPU interconnect plays a bigger role than previously thought in these timings and in Flush+Flush error rate. In this paper, we show that a naive implementation that does not account for the topology of the interconnect yields very high error rates, especially on modern CPUs as the number of cores increases. We therefore reverse-engineer this topology and revisit the calibration phase of Flush+ Flush for different attacker models to determine the correct threshold for clflush hits and misses. We show that our method yields closeto-noiseless side-channel attacks by attacking the AES T-tables implementation of OpenSSL, and by building a covert channel. We obtain a maximal capacity of 5.8 Mbit/s with our method, compared to 1.9 Mbit/s with a naive Flush+Flush implementation on an Intel Core i9-9900 CPU.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03267431
Contributor : Clémentine Maurice Connect in order to contact the contributor
Submitted on : Tuesday, June 22, 2021 - 2:37:34 PM
Last modification on : Thursday, May 5, 2022 - 10:34:25 AM
Long-term archiving on: : Thursday, September 23, 2021 - 6:42:36 PM

File

dimva21_didier.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-03267431, version 1

Citation

Guillaume Didier, Clémentine Maurice. Calibration Done Right: Noiseless Flush+Flush Attacks. DIMVA 2021 - The 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Jul 2021, Lisboa / Virtual, Portugal. ⟨hal-03267431⟩

Share

Metrics

Record views

115

Files downloads

210