Paper 2018/1060

Port Contention for Fun and Profit

Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, and Nicola Tuveri

Abstract

Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing said channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount and end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. To appear in the Proceedings of the IEEE Symposium on Security & Privacy, May 2019
Keywords
public-key cryptographyapplied cryptographyECDSAside-channel analysistiming attacksOpenSSLCVE-2018-5407
Contact author(s)
nicola tuveri @ tut fi
History
2019-02-01: revised
2018-11-06: received
See all versions
Short URL
https://ia.cr/2018/1060
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/1060,
      author = {Alejandro Cabrera Aldaya and Billy Bob Brumley and Sohaib ul Hassan and Cesar Pereida García and Nicola Tuveri},
      title = {Port Contention for Fun and Profit},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1060},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/1060}},
      url = {https://eprint.iacr.org/2018/1060}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.