Paper Info
Title
FLUSH + PREFETCH: A Countermeasure Against Access-driven Cache-based Side-Channel Attacks
Abstract
Cache-based side-channel attacks (SCAs) are becoming a security threat to the emerging computing platforms. To mitigate these attacks, numerous countermeasures have been proposed. However, these countermeasures require either radical hardware modification or they are incompatible with the performance features like super-page and data de-duplication. This paper presents a countermeasure, called Flush+Prefetch, which obfuscates the memory access behavior of a secure application using independent threads that randomly access the memory belonging to secure application. Unlike existing state-of-the-art countermeasures, Flush+Prefetch works with commodity hardware and it is compatible with existing performance features. As a proof-of-concept, we have studied the effectiveness of Flush+Prefetch by defending the secret key of RSA cryptosystem against a high-resolution cache side-channel attack called Flush+Reload. We have evaluated the confidentiality of RSA decryption process on an Intel Xeon E5-2643 processor by generating 100,000 requests to a web-server sequentially while considering the effect on performance as well. Our experimental results show that the confidentiality of memory accesses by RSA is preserved under Flush+Prefetch countermeasure. Our results show that the performance, in terms of average execution time, is improved by 10.2% for best design case as compared to the system under attack.
Year
DOI
Venue
2020
10.1016/j.sysarc.2019.101698
Journal of Systems Architecture
Keywords
DocType
Volume
Side-Channel attacks (SCAs),Access driven cache-based SCAs,Obfuscation based countermeasure,Noise,Flush+Reload,RSA
Journal
104
Issue
ISSN
Citations 
C
1383-7621
1
PageRank 
References 
Authors
0.36
0
5
Name
Order
Citations
PageRank
M. Asim Mukhtar110.36
Maria Mushtaq211.03
Muhammad Khurram Bhatti3496.06
Vianney Lapotre4289.75
G. Gogniat5414.89