Paper 2022/440

A Security Model for Randomization-based Protected Caches

Jordi Ribes-González
Oriol Farràs
Carles Hernández
Vatistas Kostalabros
Miquel Moretó
Abstract

Cache side-channel attacks allow adversaries to learn sensitive information about co-running processes by using only access latency measures and cache contention. This vulnerability has been shown to lead to several microarchitectural attacks. As a promising solution, recent work proposes Randomization-based Protected Caches (RPCs). RPCs randomize cache addresses, changing keys periodically so as to avoid long-term leakage. Unfortunately, recent attacks have called the security of state-of-the-art RPCs into question. In this work, we tackle the problem of formally defining and analyzing the security properties of RPCs. We first give security definitions against access-based cache side-channel attacks that capture security against known attacks such as Prime+Probe and Evict+Probe. Then, using these definitions, we obtain results that allow to guarantee security by adequately choosing the rekeying period, the key generation algorithm and the cache randomizer, thus providing security proofs for RPCs under certain assumptions.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
A major revision of an IACR publication in TCHES 2022
DOI
10.46586/tches.v2022.i3.1-25
Keywords
Cache side-channel attacks Timing attacks Randomization-based protected caches Randomly-mapped caches Pseudo-random functions Security definition
Contact author(s)
jordi ribes @ urv cat
oriol farras @ urv cat
carherlu @ upv es
vatistas kostalabros @ bsc es
miquel moreto @ bsc es
History
2022-09-16: revised
2022-04-12: received
See all versions
Short URL
https://ia.cr/2022/440
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/440,
      author = {Jordi Ribes-González and Oriol Farràs and Carles Hernández and Vatistas Kostalabros and Miquel Moretó},
      title = {A Security Model for Randomization-based Protected Caches},
      howpublished = {Cryptology ePrint Archive, Paper 2022/440},
      year = {2022},
      doi = {10.46586/tches.v2022.i3.1-25},
      note = {\url{https://eprint.iacr.org/2022/440}},
      url = {https://eprint.iacr.org/2022/440}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.