Abstract
System-on-Chips (SoCs) are a key enabling technology for the Internet-of-Things (IoT), a hyper-connected world where on- and inter-chip communication is ubiquitous. SoCs usually integrate cryptographic hardware cores for confidentiality and authentication services. However, these components are prone to implementation attacks. During the operation of a cryptographic core, the secret key may passively be inferred through cache observations. Access-driven attacks exploiting these observations are therefore a vital threat to SoCs operating in IoT environments. Previous works have shown the feasibility of these attacks in the SoC context. Yet, the SoC communication structure can be used to further improve access-based cache attacks. The communication attacks are not as well-understood as other micro-architectural attacks. It is important to raise the awareness of SoC designers of such a threat. To this end, we present four contributions. First, we demonstrate an improved Prime+Probe attack on four different AES-128 implementations (original transformation tables, T0-Only, T2KB, and S-Box). As a novelty, this attack exploits the collisions of the bus-based SoC communication to further increase its efficiency. Second, we explore the impact of preloading on the efficiency of our communication-optimized attack. Third, we integrate three countermeasures (shuffling, mini-tables, and Time-Division Multiple Access (TDMA) bus arbitration) and evaluate their impact on the attack. Although shuffling and mini-tables countermeasures were proposed in previous work, their application as countermeasures against the bus-based attack was not studied before. In addition, TDMA as a countermeasure for bus-based attacks is an original contribution of this work. Fourth, we further discuss the implications of our work in the SoC design and its perspective with the new cryptographic primitives proposed in the ongoing National Institute of Standard and Technology Lightweight Cryptography competition. The results show that our improved communication-optimized attack is efficient, speeding up full key recovery by up to 400 times when compared to the traditional Prime+Probe technique. Moreover, the protection techniques are feasible and effectively mitigate the proposed improved attack.
- Mark Aagaard, Riham AlTawy, Guang Gong, Kalikinkar Mandal, and Raghvendra Rohit. 2019. ACE: An authenticated encryption and hash algorithm. Retrieved from https://uwaterloo.ca/communications-security-lab/lwc/ace.Google Scholar
- P. Burgio, M. Ruggiero, F. Esposito, M. Marinoni, G. Buttazzo, and L. Benini. 2010. Adaptive TDMA bus allocation and elastic scheduling: A unified approach for enhancing robustness in multi-core RT systems. In Proceedings of the IEEE International Conference on Computer Design. 187--194.Google Scholar
- Sumanta Chaudhuri. 2017. Cache timing attacks from the SoCFPGA coherency port (abstract only). In Proceedings of the ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (FPGA’17). Association for Computing Machinery, New York, NY, 295--296. DOI:https://doi.org/10.1145/3020078.3021802 Google Scholar
Digital Library
- Christof Beierle, Jérémy Jean, Stefan Kölbl, Gregor Leander, Amir Moradi, Thomas Peyrin, Yu Sasaki, Pascal Sasdrich, and Siang Meng Sim. 2019. SKINNY family of block ciphers. Retrieved from https://sites.google.com/site/skinnycipher/home.Google Scholar
- Christoph Dobraunig, Maria Eichlseder, Florian Mendel, and Martin Schläffer. 2019. ASCON Lightweight Authenticated Encryption & Hashing. Retrieved from https://ascon.iaik.tugraz.at/index.html.Google Scholar
- Pascal Cotret, Guy Gogniat, and Johanna Sepúlveda. 2016. Protection of heterogeneous architectures on FPGAs: An approach based on hardware firewalls. Microprocess. Microsyst. 42 (2016), 127--141. DOI:https://doi.org/10.1016/j.micpro.2016.01.013Google Scholar
Cross Ref
- Joan Daemen and Vincent Rijmen. 2002. The Design of Rijndael. Springer-Verlag New York, Inc., Secaucus, NJ, USA. Google Scholar
Digital Library
- Stefan Kölbl, Thomas Peyrin, Matthieu Rivain, Yu Sasaki, Dahmun Goudarzi, Jérémy Jean, and Siang Meng Sim. 2019. Pyajamask cipher. Retrieved from https://pyjamask-cipher.github.io/.Google Scholar
- Bob Doud. 2015. Accelerating the Data Plane With the TILE-Mx Manycore Processor. Retrieved from http://www.tilera.com/files/drim__EZchip_LinleyDataCenterConference_Feb2015_7671.pdf.Google Scholar
- Ramon Fernandes, Rodrigo Cataldo, Cesar Marcon, Georg Sigl, and Johanna Sepúlveda. 2016. A security aware routing approach for NoC-based MPSoC. In Proceedings of the 29th Symposium on Integrated Circuits and Systems Design (SBCCI’16). IEEE, 1--6. Google Scholar
Digital Library
- R. Fernandes, C. Marcon, R. Cataldo, and J. Sepúlveda. 2020. Using smart routing for secure and dependable NoC-based MPSoCs. IEEE/ACM Trans. Netw. 28, 3 (2020), 1158--1171.Google Scholar
Digital Library
- George Hatzivasilis, Konstantinos Fysarakis, Ioannis Papaefstathiou, and Charalampos Manifavas. 2018. A review of lightweight block ciphers. J. Cryptogr. Eng. 8, 2 (2018), 141--184.Google Scholar
Cross Ref
- Jim Held and Sean Koehl. 2010. Introducing the Single-chip Cloud Computer. Retrieved from https://simplecore.intel.com/newsroom-en-eu/wp-content/uploads/sites/13/2010/05/Intel_SCC_whitepaper_4302010.pdf.Google Scholar
- Leandro Soares Indrusiak, James Harbin, Cezar Reinbrecht, and Johanna Sepúlveda. 2019. Side-channel protected MPSoC through secure real-time networks-on-chip. Microprocess. Microsyst. 68 (2019), 34--46. DOI:https://doi.org/10.1016/j.micpro.2019.04.004Google Scholar
Cross Ref
- Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. S$A: A shared cache attack that works across cores and defies VM sandboxing—And its application to AES. In Proceedings of the IEEE Symposium on Security and Privacy (SP’13). Google Scholar
Digital Library
- Z. H. Jiang, Y. Fei, and D. Kaeli. 2016. A complete key recovery timing attack on a GPU. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA’16). 394--405. DOI:https://doi.org/10.1109/HPCA.2016.7446081Google Scholar
- Xin jie Zhao and Tao Wang. 2010. Improved cache trace attack on AES and CLEFIA by considering cache miss and S-box misalignment. Retrieved from http://eprint.iacr.org/2010/056.Google Scholar
- Kalray. 2013. KALRAY MPPA: A New Era of processing. Retrieved from https://de.slideshare.net/infokalray/kalray-sc13-external3.Google Scholar
- M. Kim, S. Kong, B. Hong, L. Xu, W. Shi, and T. Suh. 2017. Evaluating coherence-exploiting hardware Trojan. In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE’17). 157--162. Google Scholar
Digital Library
- Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. 2016. ARMageddon: Cache attacks on mobile devices. In Proceedings of the 25th USENIX Security Symposium (USENIXSecurity’16). USENIX Association, Austin, TX, 549--564. Retrieved from https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/lipp. Google Scholar
Digital Library
- National Institute of Standards and Technology. 2016. Announcing request for nominations for public-key post-quantum cryptographic algorithms. Retrieved from https://csrc.nist.gov/news/2016/public-key-post-quantum-cryptographic-algorithms.Google Scholar
- Michael Neve and Jean-Pierre Seifert. 2007. Advances on access-driven cache attacks on AES. In Selected Areas in Cryptography, Eli Biham and Amr Youssef (Eds.). Lecture Notes in Computer Science, Vol. 4356. Springer, Berlin, 147--162. Google Scholar
Digital Library
- B. Niazmand, S. Payandeh Azad, G. Jervan, and J. Sepúlveda. 2019. Design and verification of secure cache wrapper against access-driven side-channel attacks. In Proceedings of the 22nd Euromicro Conference on Digital System Design (DSD’19). 672--676.Google Scholar
- National Institute of Standards and Technology. 2015. NIST Lightweight Cryptography Project. Retrieved from https://csrc.nist.gov/Projects/lightweight-cryptography.Google Scholar
- D. A. Osvik, A. Shamir, and E. Tromer. 2006. Cache Attacks and Countermeasures: The Case of AES. Springer, Berlin.Google Scholar
- C. Rebeiro and D. Mukhopadhyay. 2015. Micro-architectural analysis of time-driven cache attacks: Quest for the ideal implementation. IEEE Trans. Comput. 64, 3 (Mar. 2015), 778--790. DOI:https://doi.org/10.1109/TC.2013.212Google Scholar
Cross Ref
- Chester Rebeiro, Debdeep Mukhopadhyay, Junko Takahashi, and Toshinori Fukunaga. 2009. Cache timing attacks on clefia. In Proceedings of the Conference on Progress in Cryptology (INDOCRYPT’09), Bimal Roy and Nicolas Sendrier (Eds.). Springer, Berlin, 104--118. Google Scholar
Digital Library
- C. Reinbrecht, B. Forlin, A. Zankl, and J. Sepúlveda. 2018. Earthquake—A NoC-based optimized differential cache-collision attack for MPSoCs. In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE’18). 648--653. DOI:https://doi.org/10.23919/DATE.2018.8342090Google Scholar
- C. Reinbrecht, S. Hamdioui, M. Taouil, B. Niazmand, T. Ghasempouri, J. Raik, and J. Sepúlveda. 2020. LiD-CAT: A lightweight detector for cache attacks. In Proceedings of the IEEE European Test Symposium (ETS’20).Google Scholar
- Cezar Reinbrecht, Altamiro Susin, Lilian Bossuet, and Johanna Sepulveda. 2016. Gossip NoC—Avoiding timing side-channel attacks through traffic management. In Proceedings of the IEEE Computer Society Annual Symposium on VLSI (ISVLSI’16).Google Scholar
Cross Ref
- C. Reinbrecht, A. Susin, L. Bossuet, G. Sigl, and J. Sepúlveda. 2016. Side-channel attack on NoC-based MPSoCs are practical: NoC Prime+Probe Attack. In Proceedings of the 29th Symposium on Integrated Circuits and Systems Design (SBCCI’16). 1--6. DOI:https://doi.org/10.1109/SBCCI.2016.7724051 Google Scholar
Digital Library
- Behnaz Rezvani, Flora Coleman, Sachin Sachin, and William Diehl. 2019. Hardware Implementations of NIST Lightweight Cryptographic Candidates: A First Look. Cryptology ePrint Archive, Report 2019/824. Retrieved from https://eprint.iacr.org/2019/824.Google Scholar
- J. Sepúlveda, D. Flórez, and G. Gogniat. 2015. Reconfigurable security architecture for disrupted protection zones in NoC-based MPSoCs. In Proceedings of the 10th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC’15). 1--8.Google Scholar
- J. Sepúlveda, M. Gross, A. Zankl, and G. Sigl. 2017. Exploiting bus communication to improve cache attacks on systems-on-chips. In Proceedings of the IEEE Computer Society Annual Symposium on VLSI (ISVLSI’17). 284--289. DOI:https://doi.org/10.1109/ISVLSI.2017.57Google Scholar
- Johanna Sepúlveda, Andreas Zankl, Daniel Flórez, and Georg Sigl. 2017. Towards protected MPSoC communication for information protection against a malicious NoC. Procedia Comput. Sci. 108 (2017), 1103--1112. DOI:https://doi.org/10.1016/j.procs.2017.05.139Google Scholar
Cross Ref
- Johanna Sepúlveda, Andreas Zankl, Daniel Flórez, and Georg Sigl. 2017. Towards protected MPSoC communication for information protection against a malicious NoC. Procedia Comput. Sci. 108 (2017), 1103--1112. DOI:https://doi.org/10.1016/j.procs.2017.05.139Google Scholar
Cross Ref
- Martha Johanna Sepúlveda, Jean-Philippe Diguet, Marius Strum, and Guy Gogniat. 2015. NoC-based protection for SoC time-driven attacks. IEEE Embed. Syst. Lett. 7, 1 (2015), 7--10.Google Scholar
Cross Ref
- Raphael Spreitzer and Thomas Plos. 2013. Cache-access pattern attack on disaligned AES T-tables. In Constructive Side-Channel Analysis and Secure Design, Emmanuel Prouff (Ed.). Lecture Notes in Computer Science, Vol. 7864. Springer, Berlin, 200--214. Google Scholar
Digital Library
- Kazuhiko Minematsu, Thomas Peyrin, Tetsu Iwata, and Mustafa Khairallah. 2019. Romulus authenticated encryption. Retrieved from https://romulusae.github.io/romulus/.Google Scholar
- Christoph Dobraunig, Bart Mennink, Tim Beyne, and Yu Long Chen. 2019. Elephant Lightweight Authenticated Encryption scheme. Retrieved from https://www.esat.kuleuven.be/cosic/elephant/.Google Scholar
- Zhenghong Wang and Ruby B. Lee. 2007. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th Annual International Symposium on Computer Architecture (ISCA’07). ACM, New York, NY, 494--505. DOI:https://doi.org/10.1145/1250662.1250723 Google Scholar
Digital Library
- Yuval Yarom, Daniel Genkin, and Nadia Heninger. 2017. CacheBleed: A timing attack on OpenSSL constant-time RSA. J. Cryptogr. Eng. 7, 2 (2017), 99--112.Google Scholar
Cross Ref
- Xiaokuan Zhang, Yuan Xiao, and Yinqian Zhang. 2016. Return-oriented flush-reload side channels on ARM and their implications for Android devices. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 858--870. Google Scholar
Digital Library
- Xinjie Zhao, Wang Tao, Mi Dong, Zheng Yuanyuan, and Lun Zhaoyang. 2008. Robust first two rounds access driven cache timing attack on AES. In Proceedings of the International Conference on Computer Science and Software Engineering, Vol. 3. 785--788. Google Scholar
Digital Library
Index Terms
Beyond Cache Attacks: Exploiting the Bus-based Communication Structure for Powerful On-Chip Microarchitectural Attacks
Recommendations
A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography
Invited TutorialSide-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection ...
Cross Processor Cache Attacks
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications SecurityMulti-processor systems are becoming the de-facto standard across different computing domains, ranging from high-end multi-tenant cloud servers to low-power mobile platforms. The denser integration of CPUs creates an opportunity for great economic ...
Cache timing attacks on NoC-based MPSoCs
AbstractRising demands for increased performance, lower energy consumption, connectivity and programming flexibility are nowadays driving the platforms, so-called Multi-Processor Systems-on-Chips (MPSoCs). These platforms are composed of ...






Comments