IDP: An Analysis of a Cache-Based Timing Side Channel Attack and a Countermeasure on PikeOS
نویسنده
چکیده
Virtualization has become of increasing importance for the security of embedded systems during the last years. One of the major threats to this security is posed by side channel attacks. In this work, Bernstein’s time-driven cache-based timing attack against AES is revisited in a virtualization security scenario and the PikeOS micro kernel system is presented. A novel countermeasure against timing attacks based on the scheduler of PikeOS is devised. The attack is mounted in the context of the implemented virtualization scenario and the results of several experiments are reported. The countermeasure is compared to related approaches.
منابع مشابه
On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems
Virtualization has become one of the most important security enhancing techniques for embedded systems during the last years, both for mobile devices and cyber-physical system (CPS). One of the major security threats in this context is posed by side channel attacks. In this work, Bernstein’s time-driven cache-based attack against AES is revisited in a virtualization scenario based on an actual ...
متن کاملImproving Confidentiality Against Cache-based SCAs
Side channels and covert channels can give untrusted applications access to the trusted and sensitive data in order to retrieve private information.. In this poster, we present a countermeasure called the Smartflush against cache-based Side Channel Attacks (SCAs). The Smartflush is a quick-patch countermeasure proposed to counter timing attacks that exploit inclusive caches in Intel’s x86 archi...
متن کاملCollision attacks on processors with cache and countermeasures
Implementing cryptographic algorithms is a difficult problem since additional secret information can be recovered from some physical characteristics of a cryptographic device. Among all side-channel attacks, collision attacks and cache attacks are the most recent ones. The first technique uses side-channel information to detect internal collisions related to the algorithm. The second one exploi...
متن کاملCountermeasure against Side-Channel Attack in Shared Memory of TrustZone
In this paper we introduced countermeasures against side-channel attacks in the shared memory of TrustZone. We proposed zero-contention cache memory or policy between REE and TEE to prevent from TruSpy attacks in TrustZone. And we suggested that delay time of data path of REE is equal or similar to that of data path of TEE to prevent timing side-channel attacks. Also, we proposed security infor...
متن کاملCache-Timing Techniques: Exploiting the DSA Algorithm
Side-channel information is any type of information leaked through unexpected channels due to physical features of a system dealing with data. The memory cache can be used as a side-channel, leakage and exploitation of side-channel information from the executing processes is possible, leading to the recovery of secret information. Cache-based sidechannel attacks represent a serious threat to im...
متن کامل