TY - GEN
T1 - New cache designs for thwarting software cache-based side channel attacks
AU - Wang, Zhenghong
AU - Lee, Ruby B.
PY - 2007
Y1 - 2007
N2 - Software cache-based side channel attacks are a serious new class of threats for computers. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache-based side channel attacks can also undermine general purpose systems. The attacks are easy to perform, effective on most platforms, and do not require special instruments or excessive computation power. In recently demonstrated attacks on software implementations of ciphers like AES and RSA, the full key can be recovered by an unprivileged user program performing simple timing measurements based on cache misses. We first analyze these attacks, identifying cache interference as the root cause of these attacks. We identify two basic mitigation approaches: the partition-based approach eliminates cache interference whereas the randomization-based approach randomizes cache interference so that zero information can be inferred. We present new security-aware cache designs, the Partition-Locked cache (PLcache) and Random Permutation cache (RPcache), analyze and prove their security, and evaluate their performance. Our results show that our new cache designs with built-in security can defend against cache-based side channel attacks in general-rather than only specific attacks on a given cryptographic algorithm-with very little performance degradation and hardware cost.
AB - Software cache-based side channel attacks are a serious new class of threats for computers. Unlike physical side channel attacks that mostly target embedded cryptographic devices, cache-based side channel attacks can also undermine general purpose systems. The attacks are easy to perform, effective on most platforms, and do not require special instruments or excessive computation power. In recently demonstrated attacks on software implementations of ciphers like AES and RSA, the full key can be recovered by an unprivileged user program performing simple timing measurements based on cache misses. We first analyze these attacks, identifying cache interference as the root cause of these attacks. We identify two basic mitigation approaches: the partition-based approach eliminates cache interference whereas the randomization-based approach randomizes cache interference so that zero information can be inferred. We present new security-aware cache designs, the Partition-Locked cache (PLcache) and Random Permutation cache (RPcache), analyze and prove their security, and evaluate their performance. Our results show that our new cache designs with built-in security can defend against cache-based side channel attacks in general-rather than only specific attacks on a given cryptographic algorithm-with very little performance degradation and hardware cost.
KW - Cache
KW - Computer architecture
KW - Processor
KW - Security
KW - Side channel
KW - Timing attacks
UR - http://www.scopus.com/inward/record.url?scp=35348816106&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=35348816106&partnerID=8YFLogxK
U2 - 10.1145/1250662.1250723
DO - 10.1145/1250662.1250723
M3 - Conference contribution
AN - SCOPUS:35348816106
SN - 1595937064
SN - 9781595937063
T3 - Proceedings - International Symposium on Computer Architecture
SP - 494
EP - 505
BT - ISCA'07
T2 - ISCA'07: 34th Annual International Symposium on Computer Architecture
Y2 - 9 June 2007 through 13 June 2007
ER -