Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks

Shing Hing William Cheng; Chitchanok Chuengsatiansup; Daniel Genkin; Dallas McNeil; Toby Murray; Yuval Yarom; Zhiyuan Zhang

Paper 2024/149

Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks

Shing Hing William Cheng, University of Adelaide

Chitchanok Chuengsatiansup

, University of Melbourne

Daniel Genkin, Georgia Institute of Technology

Dallas McNeil, University of Adelaide

Toby Murray

, University of Melbourne

Yuval Yarom

, Ruhr University Bochum

Zhiyuan Zhang, University of Melbourne

Abstract

Speculative out-of-order execution is a strategy of masking execution latency by allowing younger instructions to execute before older instructions. While originally considered to be innocuous, speculative out-of-order execution was brought into the spotlight with the 2018 publication of the Spectre and Meltdown attacks. These attacks demonstrated that microarchitectural side channels can leak sensitive data accessed by speculatively executed instructions that are not part of the normal program execution. Since then, a significant effort has been vested in investigating how microarchitectural side channels can leak data from speculatively executed instructions and how to control this leakage. However, much less is known about how speculative out-of-order execution affects microarchitectural side-channel attacks. In this paper, we investigate how speculative out-of-order execution affects the Evict+Time cache attack. Evict+Time is based on the observation that cache misses are slower than cache hits, hence by measuring the execution time of code, an attacker can determine if a cache miss occurred during the execution. We demonstrate that, due to limited resources for tracking out-of-order execution, under certain conditions an attacker can gain more fine-grained information and determine whether a cache miss occurred in part of the executed code. Based on the observation, we design the Evict+Spec+Time attack, a variant of Evict+Time that can learn not only whether a cache miss occurred, but also in which part of the victim code it occurred. We demonstrate that Evict+Spec+Time is an order of magnitude more efficient than Evict+Time when attacking a T-table-based implementation of AES. We further show an Evict+Spec+Time attack on an S-box-based implementation of AES, recovering the key with as little as 14389 decryptions. To the best of our knowledge, ours is the first successful Evict+Time attack on such a victim.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Preprint.
Keywords: Cache-timing attacks out-of-order execution AES
Contact author(s): c chuengsatiansup @ unimelb edu au
genkin @ gatech edu
toby murray @ unimelb edu au
yuval yarom @ rub de
zhiyuanz5 @ student unimelb edu au
History: 2024-02-02: approved; 2024-02-01: received; See all versions
Short URL: https://ia.cr/2024/149
License: CC BY

BibTeX

@misc{cryptoeprint:2024/149,
      author = {Shing Hing William Cheng and Chitchanok Chuengsatiansup and Daniel Genkin and Dallas McNeil and Toby Murray and Yuval Yarom and Zhiyuan Zhang},
      title = {Evict+Spec+Time: Exploiting Out-of-Order Execution to Improve Cache-Timing Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2024/149},
      year = {2024},
      note = {\url{https://eprint.iacr.org/2024/149}},
      url = {https://eprint.iacr.org/2024/149}
}