Cryptology ePrint Archive: Report 2013/448
Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack
Yuval Yarom and Katrina Falkner
Abstract: Sharing memory pages between non-trusting processes
is a common method of reducing the memory footprint
of multi-tenanted systems. In this paper we demonstrate
that, due to a weakness in the Intel X86 processors,
page sharing exposes processes to information leaks. We
present FLUSH+RELOAD, a cache side-channel attack
technique that exploits this weakness to monitor access
to memory lines in shared pages. Unlike previous cache
side-channel attacks, FLUSH+RELOAD targets the Last-
Level Cache (i.e. L3 on processors with three cache levels).
Consequently, the attack program and the victim do
not need to share the execution core.
We demonstrate the efficacy of the FLUSH+RELOAD
attack by using it to extract the private encryption keys
from a victim program running GnuPG 1.4.13. We tested
the attack both between two unrelated processes in a single
operating system and between processes running in
separate virtual machines. On average, the attack is able
to recover 96.7% of the bits of the secret key by observing
a single signature or decryption round.
Category / Keywords: Side Channel Attack, Cache, RSA, Exponentiation
Original Publication (in the same form): USENIX Security 2014
Date: received 18 Jul 2013, last revised 4 Jul 2014
Contact author: yval at cs adelaide edu au
Available format(s): PDF | BibTeX Citation
Version: 20140705:013009 (All versions of this report)
Short URL: ia.cr/2013/448
[ Cryptology ePrint archive ]