Enhanced cache attack on AES applicable on ARM-based devices with new operating systems

Esfahani, M ; Sharif University of Technology | 2021

197 Viewed
  1. Type of Document: Article
  2. DOI: 10.1016/j.comnet.2021.108407
  3. Publisher: Elsevier B.V , 2021
  4. Abstract:
  5. There are several key challenges in performing cache-based attacks on ARM-based devices. Lipp et al. introduced various techniques to tackle these challenges and applied successfully different cache-based attacks on ARM-based mobile devices. In the cache-based attacks proposed by Lipp et al. it is assumed that the attacker has access to the mapping of virtual addresses to physical addresses through/proc/self/pagemap which is an important limiting factor in Linux and newer versions of Android operating systems. To access this mapping, the attacker must know the root of the operating system. In this paper, we introduce an Evict+Reload attack on the T-table-based implementation of AES which applies to ARM-based devices in which root access is required to use the mapping of virtual addresses to physical addresses. The attack consists of two phases. The profiling is a preprocessing phase to profile all the timing characteristics when AES is executed with a known key. In this phase, the attacker can identify specific bits of the physical addresses of the AES T-table elements without having root access. In the exploitation phase, full key bytes are retrieved by a conventional Evict+Reload attack. To verify the theoretical model of our technique, we implemented the described attack on AES. © 2021 Elsevier B.V
  6. Keywords:
  7. ARM processors ; Computer operating systems ; Mapping ; Physical addresses ; AES ; Armageddon attack ; Cache attack ; Cache eviction strategy ; Evict+reload attack ; Preprocessing phase ; Theoretical modeling ; Timing characteristics ; Two phase ; Cache memory
  8. Source: Computer Networks ; Volume 198 , 2021 ; 13891286 (ISSN)
  9. URL: https://www.sciencedirect.com/science/article/abs/pii/S1389128621003790