Paper 2018/119

Drive-by Key-Extraction Cache Attacks from Portable Code

Daniel Genkin, Lev Pachmanov, Eran Tromer, and Yuval Yarom

Abstract

We show how malicious web content can extract cryptographic secret keys from the user's computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user's computer. We show how this side-channel attack can be realized in both WebAssembly and PNaCl; how to attain very fine-grained measurements; and how to use these to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser's nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices. Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519's, are vulnerable to our attack.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Side-channel attackcache attackweb page confinementElGamalRSAECDH
Contact author(s)
tromer @ cs tau ac il
History
2018-01-31: received
Short URL
https://ia.cr/2018/119
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/119,
      author = {Daniel Genkin and Lev Pachmanov and Eran Tromer and Yuval Yarom},
      title = {Drive-by Key-Extraction Cache Attacks from Portable Code},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/119},
      year = {2018},
      url = {https://eprint.iacr.org/2018/119}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.