TY - GEN
T1 - ITimed
T2 - 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021
AU - Haas, Gregor
AU - Potluri, Seetal
AU - Aysu, Aydin
N1 - Publisher Copyright: © 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - This paper proposes the first cache timing side-channel attack on one of Apple's mobile devices. Utilizing a recent, permanent exploit named checkm8, we reverse-engineered Apple's BootROM and created a powerful toolkit for running arbitrary hardware security experiments on Apple's in-house designed ARM systems-on-a-chip (SoC). Using this toolkit, we then implement an access-driven cache timing attack (in the style of PRIME+PROBE) as a proof-of-concept illustrator. The advanced hardware control enabled by our toolkit allowed us to reverse-engineer key microarchitectural details of the Apple A10 Fusion's memory hierarchy. We find that the SoC employs a randomized cache-line replacement policy as well as a hardware-based L1 prefetcher. We propose statistical innovations which specifically account for these hardware structures and thus further the state-of-the-art in cache timing attacks. We find that our access-driven attack, at best, can reduce the security of OpenSSL AES-128 by 50 more bits than a straightforward adaptation of PRIME+PROBE, while requiring only half as many side channel measurement traces.
AB - This paper proposes the first cache timing side-channel attack on one of Apple's mobile devices. Utilizing a recent, permanent exploit named checkm8, we reverse-engineered Apple's BootROM and created a powerful toolkit for running arbitrary hardware security experiments on Apple's in-house designed ARM systems-on-a-chip (SoC). Using this toolkit, we then implement an access-driven cache timing attack (in the style of PRIME+PROBE) as a proof-of-concept illustrator. The advanced hardware control enabled by our toolkit allowed us to reverse-engineer key microarchitectural details of the Apple A10 Fusion's memory hierarchy. We find that the SoC employs a randomized cache-line replacement policy as well as a hardware-based L1 prefetcher. We propose statistical innovations which specifically account for these hardware structures and thus further the state-of-the-art in cache timing attacks. We find that our access-driven attack, at best, can reduce the security of OpenSSL AES-128 by 50 more bits than a straightforward adaptation of PRIME+PROBE, while requiring only half as many side channel measurement traces.
UR - https://www.scopus.com/pages/publications/85126781061
U2 - 10.1109/HOST49136.2021.9702290
DO - 10.1109/HOST49136.2021.9702290
M3 - Conference contribution
T3 - Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021
SP - 80
EP - 90
BT - Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 13 December 2021 through 14 December 2021
ER -