A Comparison Study on Flush+Reload and Prime+Probe Attacks on AES Using Machine Learning Approaches

@inproceedings{Allaf2017ACS,
  title={A Comparison Study on Flush+Reload and Prime+Probe Attacks on AES Using Machine Learning Approaches},
  author={Zirak Allaf and Mo Adda and Alexander E. Gegov},
  booktitle={UKCI},
  year={2017}
}
AES, ElGamal are two examples of algorithms that have been developed in cryptography to protect data in a variety of domains including native and cloud systems, and mobile applications. There has been a good deal of research into the use of side channel attacks on these algorithms. This work has conducted an experiment to detect malicious loops inside Flush+Reload and Prime+Prob attack programs against AES through the exploitation of Hardware Performance Counters (HPC). This paper examines the… 
View via Publisher
pure.port.ac.uk
23 Citations
Highly Influential Citations
1
Background Citations
9
Methods Citations
10

23 Citations

Citation Type

Citation Type

Challenges of Using Performance Counters in Security Against Side-Channel Leakage
TLDR
This paper provides experimental evaluation and analysis of the potential challenges, perils and pitfalls of using Performance Counters in security, and proposes effective mitigation techniques against such attacks.
Run-time Detection of Prime + Probe Side-Channel Attack on AES Encryption Algorithm
TLDR
A run-time detection mechanism for access-driven cache-based Side-Channel Attacks (CSCAs) on Intel’s x86 architecture is presented and results show detection accuracy of 99% for Prime+Probe attack with performance overhead of 3-4% at the highest detection speed.
ConfMVM: A Hardware-Assisted Model to Confine Malicious VMs
  • Zirak Allaf, M. Adda, A. Gegov
  • Computer Science
    2018 UKSim-AMSS 20th International Conference on Computer Modelling and Simulation (UKSim)
  • 2018
TLDR
This paper proposes the detection of malicious loop activities within the Flush+Reload programs through the introduction of a new classification technique that has the ability to classify Flush-Reload attacks with a level of accuracy approaching 99% for native and 96% for cloud systems without increasing the cost of detection in a cloud systems above that in native systems.
TrapMP: Malicious Process Detection By Utilising Program Phase Detection
  • Zirak Allaf, M. Adda, A. Gegov
  • Computer Science
    2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)
  • 2019
TLDR
A real-time detection and identification system against side-channel attacks that takes shorter execution time without additional costs, and the model benefits from very low overhead performance of approximately less than 1 % of the host system.
Malicious Loop Detection Using Support Vector Machine
  • Zirak Allaf, M. Adda, A. Gegov
  • Computer Science
    2019 IEEE International Symposium on INnovations in Intelligent SysTems and Applications (INISTA)
  • 2019
TLDR
This paper presents the development of the real-time system for detecting side-channel attacks, which uses processors' performance indicators to capture malicious Flush+ Reload activities with an accuracy of up to 99%.
Sherlock Holmes of Cache Side-Channel Attacks in Intel's x86 Architecture
TLDR
It is demonstrated that machine learning models, when coupled with intelligent performance monitoring of concurrent processes at hardware-level, can be used in security for early-stage detection of high precision and stealthier CSCAs.
Comprehensive Evaluation of Machine Learning Countermeasures for Detecting Microarchitectural Side-Channel Attacks
TLDR
A comprehensive evaluation of various machine learning-based countermeasures for real-time side-channel attack detection based on low-level microarchitectural features to identify the most efficient ML classifiers forreal-time microarch Architectural SCAs detection.
Machine Learning For Security: The Case of Side-Channel Attack Detection at Run-time
TLDR
Experimental evaluation and comparative analysis on the use of various Machine Learning models for detecting Cache-based Side Channel Attacks in Intel's x86 architecture and quantitative & qualitative analysis of at least 12 ML models used for CSCA detection for the first time are presented.
Hardware Performance Counter-Based Fine-Grained Malware Detection
TLDR
The tamper-resistant hardware metrics prove to be a better security feature than the high-level softwar features in detecting malicious programs using hardware-based features.
WHISPER: A Tool for Run-Time Detection of Side-Channel Attacks
TLDR
This work argues in favor of detection-based protection, which would help apply mitigation only after successful detection of the attack at runtime, and proposes a machine learning based side-channel attack (SCA) detection tool, called WHISPER, that satisfies the above mentioned design constraints.
...
...

References

SHOWING 1-10 OF 20 REFERENCES
Modeling side-channel cache attacks on AES
TLDR
This paper presents an accurate timing model to distinguish when a process is or not being attacked regarding to timing measurements, and provides a detection algorithm that detects over 96% of attacks with false positive rates around 5%.
FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack
TLDR
This paper presents FLUSH+RELOAD, a cache side-channel attack technique that exploits a weakness in the Intel X86 processors to monitor access to memory lines in shared pages and recovers 96.7% of the bits of the secret key by observing a single signature or decryption round.
Predicting program phases and defending against side-channel attacks using hardware performance counters
TLDR
By detecting and predicting program phases, the scheduler can make sure that programs in the same program phase are not scheduled on the same processor core, thus helping to mitigate potential side-channel attacks.
Cache Attacks and Countermeasures: The Case of AES
TLDR
An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache.
Cryptanalysis of DES Implemented on Computers with Cache
TLDR
The results of applying an attack against the Data Encryption Standard (DES) implemented in some applications, using side-channel information based on CPU delay as proposed in (11), found that the cipher can be broken with 2 known plaintexts and 2 24 calculations at a success rate > 90%, using a personal computer with 600-MHz Pentium III.
Cache-Based Application Detection in the Cloud Using Machine Learning
TLDR
It is demonstrated that it is possible to train meaningful models to successfully predict applications running in co-located instances and with minimal and simple manual processing steps feature vectors can be used to train models using support vector machines to classify the applications with high degree of success.
Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice
TLDR
This paper considers the AES block cipher and presents an attack which is capable of recovering the full secret key in almost real time for AES-128, requiring only a very limited number of observed encryptions, and is the first working attack on AES implementations using compressed tables.
Cross-VM side channels and their use to extract private keys
TLDR
This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victims using the most recent version of the libgcrypt cryptographic library.
Wait a Minute! A fast, Cross-VM Attack on AES
TLDR
The results of this study show that there is a great security risk to OpenSSL AES implementation running on VMware cloud services when the deduplication is not disabled.
Memory deduplication as a threat to the guest OS
TLDR
A memory disclosure attack takes advantage of a difference in write access times on deduplicated memory pages that are re-created by Copy-On-Write to reveal the existence of an application or file on another virtual machine.
...
...