Micro-architectural Attacks and Countermeasures

Abstract: Micro-architectural analysis (MA) is a fast evolving area of side-channel cryptanalysis. This new area focuses on the effects of common processor components and their functionalities on the security of software cryptosystems. The main characteristic of micro-architectural attacks, which sets them aside from classical side-channel attacks, is the simple fact that they exploit the micro-architectural behavior of modern computer systems. Attackers could get running information through malicious software, then get some sensitive information through off-line analysis. This kind of attack has the following features: 1.) side channel information are acquired through software measurement on target machine with no need to use sophisticated devices. 2.) non-privilege process could get the running information of the privilege process. 3.) people can mount both a remote attack and local attack. This thesis mainly focuses one kinds of these attacks, data cache based timing attacks(CBTA). First, the main principle of CBTA is introduced, and several kinds of CBTA technique are discussed. Moreover, theoretical model is given under some attacks. Second, various countermeasures are described and their advantages and disadvantages are pointed out. Based on these discussions, the author proposes two anti-attack measures using hardware modification. Aiming at access-driven attacks, a XOR address remapping technique is proposed, which could obfuscate the mapping relationship between cache line and memory block. Aiming at timing-driven attacks, the IPMG mechanism is proposed innovatively. This mechanism could generate cache miss dynamically through observing the historic miss rate. These two mechanisms are realized on the MIPS processor and their effectiveness is verified on the FPGA board. At last, performance penalty and hardware cost are evaluated. The result shows that the proposed solution is effective with very low performance penalty and area cost