Paper 2013/448

Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack

Yuval Yarom and Katrina Falkner

Abstract

Sharing memory pages between non-trusting processes is a common method of reducing the memory footprint of multi-tenanted systems. In this paper we demonstrate that, due to a weakness in the Intel X86 processors, page sharing exposes processes to information leaks. We present FLUSH+RELOAD, a cache side-channel attack technique that exploits this weakness to monitor access to memory lines in shared pages. Unlike previous cache side-channel attacks, FLUSH+RELOAD targets the Last- Level Cache (i.e. L3 on processors with three cache levels). Consequently, the attack program and the victim do not need to share the execution core. We demonstrate the efficacy of the FLUSH+RELOAD attack by using it to extract the private encryption keys from a victim program running GnuPG 1.4.13. We tested the attack both between two unrelated processes in a single operating system and between processes running in separate virtual machines. On average, the attack is able to recover 96.7% of the bits of the secret key by observing a single signature or decryption round.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. USENIX Security 2014
Keywords
Side Channel AttackCacheRSAExponentiation
Contact author(s)
yval @ cs adelaide edu au
History
2014-07-05: revised
2013-07-22: received
See all versions
Short URL
https://ia.cr/2013/448
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/448,
      author = {Yuval Yarom and Katrina Falkner},
      title = {Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack},
      howpublished = {Cryptology ePrint Archive, Paper 2013/448},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/448}},
      url = {https://eprint.iacr.org/2013/448}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.