Séminaire SemSecuElec : " SideLine and the advent of software-induced hardware attacks "- Joseph Gravellier et "Calibration Done Right: Noiseless Flush+Flush Attacks" - Guillaume Didier

Seminar
Starting on
Ending on
Location
Webminaire
Room
BBB: https://bbb.irisa.fr/b/ger-9qa-x6v access code: 662775
Speaker
Joseph Gravellier ( Mines Saint-Etienne - Thales ) et Guillaume Didier ( IRISA - DGA )
SemSecuElec
S É M I N A I R E
Sécurité des Systèmes Électroniques Embarqués
https://seminaires-dga.inria.fr/

Ce séminaire est ouvert à tous (académiques et industriels).
Suite aux contraintes sanitaires cette session aura lieu
en ligne sur l'instance Big Blue Button d'Inria Rennes.
https://bbb.irisa.fr/b/ger-9qa-x6v (code 662775)

       https://seminaires-dga.inria.fr/

Abonnement à la liste de diffusion des annonces :
https://sympa.inria.fr/sympa/info/sem-secu-elec

---------------------------------------------------------------
VENDREDI 19 MARS 2021
https://bbb.irisa.fr/b/ger-9qa-x6v (code 662775)
---------------------------------------------------------------

10h - 11h

" SideLine and the advent of software-induced hardware attacks "
by Joseph Gravellier ( Mines Saint-Etienne - Thales )
 
In this talk, we will discuss software-induced hardware attacks and their impact for IoT, cloud and mobile security. More specifically, I will introduce SideLine, a new power side-channel attack vector that can be triggered remotely to infer cryptographic secrets. SideLine is based on the intentional misuse of delay-lines components embedded in SoCs that use external memory. I will explain how we exploit the delay-line relationship with on-chip power consumption to capture side-channel leakage,  how we collect and store this information and how we use it to conduct power side-channel attacks. Different scenarios will be discussed along with the feasibility of remote hardware attacks in various scenarios.

11h - 12h

" Calibration Done Right: Noiseless Flush+Flush Attacks "
by Guillaume Didier ( IRISA - DGA )
 

Caches leak information through timing measurements and so-called side-channel attacks. Several primitives exist with different requirements and trade-offs. Flush+Flush is a stealthy and fast cache attack primitive that uses the timing of the clflush instruction depending on the presence of a line in the cache. However, the CPU interconnect plays a bigger role than thought in these timings, and therefore in the error rate of Flush+Flush.

In this paper, we show that a naive implementation that does not take into account the topology of the interconnect yields very important error rates, especially on modern CPUs as the number of cores increases. We, therefore, reverse-engineer this topology and revisit the calibration phase of Flush+Flush for different attacker models to determine the correct threshold for clflush hits and misses. We evaluate that our method yields noiseless side-channel attacks by attacking the AES T-tables implementation of OpenSSL, and by building a covert channel. We obtain a maximal capacity of 3.15 Mbit/s with our improved method, compared to 1.4 Mbit/s with a naive implementation of Flush+Flush on an Intel Core i9-9900 CPU.