Non deterministic caches

A simple and effective defense against side channel attacks

G. Keramidas, A. Antonopoulos, D. N. Serpanos, S. Kaxiras

Research output: Contribution to journalArticle

22 Citations (Scopus)

Abstract

Side channel cryptanalysis has received significant attention lately, because it provides a low-cost and facile way to reveal the secret information held on a secure computing system. One particular type of side channel attacks, called cache-based side channel attacks, aims to deduce information about the state of a cryptographic algorithm or its key by observing the data-dependent behavior of a microprocessor's cache memory. These attacks have been proven successful and very hard to protect against. In this paper, we introduce the use of the Cache Decay approach as an aid to guard against cache-based side channel attacks. Cache Decay controls the lifetime (called decay interval) of the cache items and was initially proposed for cache power leakage savings. By randomly selecting the decay interval of the cache, we actually create caches with non-deterministic behavior in regard to their statistics. Thus, as we demonstrate, multiple runs of the same algorithm (performing on the same input) will result in different cache statistics, defending against the attacker and reinforcing the protection offered by the system. In our work, we use a cycle-based processor simulator, enhanced with the required modifications, in order to evaluate our proposal and show that our technique can be used effectively to protect against cache-based side channel attacks.

Original languageEnglish
Pages (from-to)221-230
Number of pages10
JournalDesign Automation for Embedded Systems
Volume12
Issue number3
DOIs
Publication statusPublished - 1 Sep 2008
Externally publishedYes

Fingerprint

Statistics
Cache memory
Microprocessor chips
Simulators
Side channel attack
Costs

Keywords

  • Cache attack
  • Cache decay
  • Side channel attack
  • Side channel cryptanalysis

ASJC Scopus subject areas

  • Hardware and Architecture
  • Computer Graphics and Computer-Aided Design
  • Software

Cite this

Non deterministic caches : A simple and effective defense against side channel attacks. / Keramidas, G.; Antonopoulos, A.; Serpanos, D. N.; Kaxiras, S.

In: Design Automation for Embedded Systems, Vol. 12, No. 3, 01.09.2008, p. 221-230.

Research output: Contribution to journalArticle

Keramidas, G. ; Antonopoulos, A. ; Serpanos, D. N. ; Kaxiras, S. / Non deterministic caches : A simple and effective defense against side channel attacks. In: Design Automation for Embedded Systems. 2008 ; Vol. 12, No. 3. pp. 221-230.
@article{23317aa15f9c412d86a48d0a0710fbf6,
title = "Non deterministic caches: A simple and effective defense against side channel attacks",
abstract = "Side channel cryptanalysis has received significant attention lately, because it provides a low-cost and facile way to reveal the secret information held on a secure computing system. One particular type of side channel attacks, called cache-based side channel attacks, aims to deduce information about the state of a cryptographic algorithm or its key by observing the data-dependent behavior of a microprocessor's cache memory. These attacks have been proven successful and very hard to protect against. In this paper, we introduce the use of the Cache Decay approach as an aid to guard against cache-based side channel attacks. Cache Decay controls the lifetime (called decay interval) of the cache items and was initially proposed for cache power leakage savings. By randomly selecting the decay interval of the cache, we actually create caches with non-deterministic behavior in regard to their statistics. Thus, as we demonstrate, multiple runs of the same algorithm (performing on the same input) will result in different cache statistics, defending against the attacker and reinforcing the protection offered by the system. In our work, we use a cycle-based processor simulator, enhanced with the required modifications, in order to evaluate our proposal and show that our technique can be used effectively to protect against cache-based side channel attacks.",
keywords = "Cache attack, Cache decay, Side channel attack, Side channel cryptanalysis",
author = "G. Keramidas and A. Antonopoulos and Serpanos, {D. N.} and S. Kaxiras",
year = "2008",
month = "9",
day = "1",
doi = "10.1007/s10617-008-9018-y",
language = "English",
volume = "12",
pages = "221--230",
journal = "Design Automation for Embedded Systems",
issn = "0929-5585",
publisher = "Springer Netherlands",
number = "3",

}

TY - JOUR

T1 - Non deterministic caches

T2 - A simple and effective defense against side channel attacks

AU - Keramidas, G.

AU - Antonopoulos, A.

AU - Serpanos, D. N.

AU - Kaxiras, S.

PY - 2008/9/1

Y1 - 2008/9/1

N2 - Side channel cryptanalysis has received significant attention lately, because it provides a low-cost and facile way to reveal the secret information held on a secure computing system. One particular type of side channel attacks, called cache-based side channel attacks, aims to deduce information about the state of a cryptographic algorithm or its key by observing the data-dependent behavior of a microprocessor's cache memory. These attacks have been proven successful and very hard to protect against. In this paper, we introduce the use of the Cache Decay approach as an aid to guard against cache-based side channel attacks. Cache Decay controls the lifetime (called decay interval) of the cache items and was initially proposed for cache power leakage savings. By randomly selecting the decay interval of the cache, we actually create caches with non-deterministic behavior in regard to their statistics. Thus, as we demonstrate, multiple runs of the same algorithm (performing on the same input) will result in different cache statistics, defending against the attacker and reinforcing the protection offered by the system. In our work, we use a cycle-based processor simulator, enhanced with the required modifications, in order to evaluate our proposal and show that our technique can be used effectively to protect against cache-based side channel attacks.

AB - Side channel cryptanalysis has received significant attention lately, because it provides a low-cost and facile way to reveal the secret information held on a secure computing system. One particular type of side channel attacks, called cache-based side channel attacks, aims to deduce information about the state of a cryptographic algorithm or its key by observing the data-dependent behavior of a microprocessor's cache memory. These attacks have been proven successful and very hard to protect against. In this paper, we introduce the use of the Cache Decay approach as an aid to guard against cache-based side channel attacks. Cache Decay controls the lifetime (called decay interval) of the cache items and was initially proposed for cache power leakage savings. By randomly selecting the decay interval of the cache, we actually create caches with non-deterministic behavior in regard to their statistics. Thus, as we demonstrate, multiple runs of the same algorithm (performing on the same input) will result in different cache statistics, defending against the attacker and reinforcing the protection offered by the system. In our work, we use a cycle-based processor simulator, enhanced with the required modifications, in order to evaluate our proposal and show that our technique can be used effectively to protect against cache-based side channel attacks.

KW - Cache attack

KW - Cache decay

KW - Side channel attack

KW - Side channel cryptanalysis

UR - http://www.scopus.com/inward/record.url?scp=51749105240&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51749105240&partnerID=8YFLogxK

U2 - 10.1007/s10617-008-9018-y

DO - 10.1007/s10617-008-9018-y

M3 - Article

VL - 12

SP - 221

EP - 230

JO - Design Automation for Embedded Systems

JF - Design Automation for Embedded Systems

SN - 0929-5585

IS - 3

ER -