10.1145/3060403.3060462acmconferencesArticle/Chapter ViewAbstractPublication PagesglsvlsiConference Proceedingsconference-collections
research-article
Public Access

A Novel Side-Channel Timing Attack on GPUs

Published:10 May 2017Publication History

ABSTRACT

To avoid information leakage during program execution, modern software implementations of cryptographic algorithms target constant timing complexity, i.e., the number of instructions executed does not vary with different inputs. However, many times the underlying microarchitecture behaves differently when processing varying data inputs, which covertly leaks confidential information through the timing channel. In this paper, we exploit a novel fine-grained microarchitectural timing channel, stalls that occur due to bank conflicts in a GPU's shared memory. Using this attack surface, we develop a differential timing attack that can compromise table-based cryptographic algorithms. We implement our timing attack on an Nvidia Kepler K40 GPU, and successfully recover the complete 128-bit AES encryption key using 10 million samples. We also evaluate the scalability of our attack method by attacking a 8192-thread implementation of the AES encryption algorithm, recovering some key bytes using 1 million samples.

References

  1. L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Transactions on Architecture and Code Optimization (TACO), 8(4):35, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. B. Gaster, L. Howes, D. R. Kaeli, P. Mistry, and D. Schaa. Heterogeneous Computing with OpenCL: Revised OpenCL 1. Newnes, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Z. H. Jiang, Y. Fei, and D. Kaeli. A complete key recovery timing attack on a gpu. In IEEE Int. Symp. on High Performance Computer Architecture (HPCA), March 2016.Google ScholarGoogle ScholarCross RefCross Ref
  4. J. Kong, O. Aciiçmez, J.-P. Seifert, and H. Zhou. Hardware-software integrated approaches to defend against software cache-based side channel attacks. In IEEE Int. Symp. on High Performance Computer Architecture, pages 393--404, 2009.Google ScholarGoogle ScholarCross RefCross Ref
  5. F. Liu, Q. Ge, Y. Yarom, F. Mckeen, C. Rozas, G. Heiser, and R. B. Lee. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In IEEE Int. Symp. on High Performance Computer Architecture, pages 406--418. IEEE, 2016.Google ScholarGoogle ScholarCross RefCross Ref
  6. F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache side-channel attacks are practical. In IEEE Symp. on Security & Privacy, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Nvidia. Nvidia cuda toolkit v7.0 documentation, 2015.Google ScholarGoogle Scholar
  8. Y. Yarom and K. Falkner. FlushGoogle ScholarGoogle Scholar
  9. reload: a high resolution, low noise, l3 cache side-channel attack. In USENIX Security Symp., pages 719--732, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Y. Yarom, D. Genkin, and N. Heninger. Cachebleed: A timing attack on OpenSSL constant time RSA, Aug. 2016.Google ScholarGoogle Scholar

Index Terms

  1. A Novel Side-Channel Timing Attack on GPUs

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in
        • Published in

          cover image ACM Conferences
          GLSVLSI '17: Proceedings of the on Great Lakes Symposium on VLSI 2017
          May 2017
          516 pages
          ISBN:9781450349727
          DOI:10.1145/3060403

          Copyright © 2017 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 10 May 2017

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article

          Acceptance Rates

          GLSVLSI '17 Paper Acceptance Rate48of197submissions,24%Overall Acceptance Rate312of1,156submissions,27%

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!