
تعداد نشریات | 34 |
تعداد شمارهها | 1,306 |
تعداد مقالات | 9,427 |
تعداد مشاهده مقاله | 9,188,269 |
تعداد دریافت فایل اصل مقاله | 5,620,722 |
ارزیابی کاربردی حملات کانال جانبی مبتنی بر آسیب پذیریهای پردازندهها | ||
پدافند الکترونیکی و سایبری | ||
مقاله 9، دوره 12، شماره 3 - شماره پیاپی 47، آبان 1403، صفحه 101-118 اصل مقاله (1009.47 K) | ||
نوع مقاله: مقاله پژوهشی | ||
نویسندگان | ||
احمد قنادان زاده1؛ مهدی ملازاده* 2؛ علی مقدسی3؛ مهدی اصفهانی4 | ||
1دانشجوی دکتری، دانشگاه جامع امام حسین (ع)، تهران، ایران | ||
2استادیار، دانشگاه جامع امام حسین (ع)، تهران، ایران | ||
3استادیار، دانشگاه جامع امام حسین(ع)، تهران، ایران | ||
4پژوهشگر،دانشگاه صنعتی شریف، تهران، ایران | ||
تاریخ دریافت: 09 مرداد 1403، تاریخ بازنگری: 28 شهریور 1403، تاریخ پذیرش: 23 مهر 1403 | ||
چکیده | ||
در سال های اخیر وسایل الکترونیکی همچون لپتاپ، کامپیوتر، تلفنهای همراه هوشمند و دیگر وسایل الکترونیکی هوشمند به شدت افزایش یافته که تمام این وسایل الکترونیکی از یک یا چند پردازنده در داخل خود استفاده می نمایند که با توجه به نوع معماری هر پردازنده ممکن است آسیبپذیریهای متفاوتی داشته باشند. در این مقاله بررسی و ارزیابی آسیبپذیریهای کانال جانبی مبتنی بر آسیبپذیریهای پردازندههای اینتل و آرم بر اساس روش تحلیل سلسله مراتبی انجام شده است. حملات انجام شده بر اساس آسیبپذیریهای موجود به 6 دستهی کلی تقسیمبندی شده است که بر اساس شاخصهایی چون زمان، امکانپذیری، اثربخشی و هزینه مورد ارزیابی قرار گرفته است. در بین 6 حملهی بررسی شده، 3 حملهی مبتنی بر زمان، حملهی کانال جانبی توان با اندازهگیری نرمافزاری و حملهی مبتنی بر حافظهی نهان به ترتیب بیشترین امتیاز را براساس معیارهای ارزیابی به خود اختصاص داده اند و حملهی کانال جانبی توان با اندازهگیری سختافزاری کمترین امتیاز را داشته است که در اینجا نرخ ناسازگاری کلی برابر با مقدار 06/0 شده است که قابل قبول است. همچنین 3 زیرمعیار درصد بازیابی کلید(گذرواژه)، سطح دسترسی و قابلیت ایجاد کانال پنهان بیشترین تاثیر را بر روی گزینههای تصمیم داشته اند. در نهایت این گزینهها علاوه بر رتبهبندی کلی بر اساس هرکدام از معیارها نیز امتیازبندی شدهاند. از منظر زمان حملهی مبتنی بر زمان و حملهی کانال جانبی توان با اندازهگیری سختافزاری به ترتیب بیشترین و کمترین امتیاز و اولیویت را دارند و از منظر امکانپذیری حملهی مبتنی بر زمان و حملهی کانال جانبی توان با اندازهگیری نرمافزاری به ترتیب دارای بیشترین و کمترین اولویت هستند. همچنین از منظر اثربخشی حملهی مبتنی بر زمان و حملهی کانال جانبی توان با اندازهگیری سختافزاری به ترتیب اولویت بیشتر و کمتری داشته و از منظر هزینه نیز حملهی مبتنی بر زمان و حملهی مبتنی بر ریزمعماری به ترتیب دارای بیشترین و کمترین امتیاز و اولویت شدند. در ادامه میزان خطر این 6 راهکار با استفاده از پارامتر CVSS امتیازدهی شده و رتبهبندی شد. نتایج این ارزیابی نشان میدهد که 3 حملهی مبتنی بر زمان، حملهی مبتنی بر ریزمعماری و حملهی مبتنی بر حافظهی نهان به ترتیب بیشتری خطر را برای قربانی داشته و بیشترین آسیب را وارد خواهند نمود. | ||
کلیدواژهها | ||
آسیبپذیری پردازندهها؛ تحلیل سلسله مراتبی؛ حافظهی نهان؛ ارزیابی خطر | ||
موضوعات | ||
سخت افزار | ||
عنوان مقاله [English] | ||
Evaluation of Side-Channel Attacks for Different Types of Processors Vulnerabilities | ||
نویسندگان [English] | ||
Ahmad GhannadanZadeh1؛ Mahdi Mollazadeh2؛ Ali Moghaddasi3؛ Mahdi Esfahani4 | ||
1PhD student, Imam Hossein University, Tehran, Iran | ||
2Assistant Professor, Imam Hossein University, Tehran, Iran | ||
3Assistant Professor, Imam Hossein University, Tehran, Iran | ||
4Researcher, Sharif University of Technology, Tehran, Iran | ||
چکیده [English] | ||
In recent years, electronic devices such as laptops, computers, smart mobile phones and other smart electronic devices have greatly increased, and all these electronic devices use one or more processors inside them, which according to the type of architecture of each processor may have different vulnerabilities. In this paper Investigation and evaluation of side channel vulnerabilities based on the vulnerabilities of Intel and ARM processors has been done based on the hierarchical analysis method. Based on the existing vulnerabilities, the attacks have been divided into 6 general categories, which have been evaluated based on indicators such as time, possibility, effectiveness, and cost. Among the 6 attacks investigated, 3 time-based attack, power side channel attack with software measurement and cache-based attack have respectively assigned the most points based on the evaluation criteria and the power side-channel with hardware measurement attack has the lowest score, where the overall mismatch rate is 0.06, which is acceptable. Also, 3 sub-criteria of key (password) recovery percentage, access level and covert channel ability have had the greatest impact on decision options. Finally, in addition to the overall ranking, these options are also scored based on each of the criteria. From the time point of view, the time-based attack and the power side channel attack with hardware measurement have the highest and the lowest priority, respectively, and from the possibility point of view, the time-based attack and the power side channel attack with software measurement have the highest and lowest priority, respectively. Also, from the effectiveness point of view, time-based attack and side-channel power attack with hardware measurement have higher and lower priority, respectively, and from the cost point of view, time-based attack and micro-architecture-based attack have the highest and lowest points and priority, respectively. Next, the risk level of these 6 strategies was scored and ranked using the CVSS parameter. The results of this evaluation show that 3 time-based attacks, micro-architecture-based attacks, and cache-based attacks, respectively, are more dangerous for the victim and will cause the most damage. | ||
کلیدواژهها [English] | ||
Processors Vulnerability, Hierarchical analysis, Cache, Risk Assessment | ||
مراجع | ||
[1] “Web of Science.” [Online]. Available: https://www.webofscience.com/wos/woscc/basic-search. [Accessed: 10-Nov-2022]. [2] D. A. Osvik, A. Shamir, and E. Tromer, “Cache Attacks and Countermeasures: The Case of AES,” in Journal of Cryptology, vol. 23, no. 1, 2006, pp. 1–20. [3] C. Su and Q. Zeng, “Survey of CPU Cache-Based Side-Channel Attacks: Systematic Analysis, Security Models, and Countermeasures,” Secur. Commun. Networks, vol. 2021, pp. 1–15, Jun. 2021. [4] C. Percival, “Cache missing for fun and profit,” BSDCan 2005. 2005. [5] M. Neve and J. P. Seifert, “Advances on access-driven cache attacks on AES,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4356 LNCS. pp. 147–162, 2007. [6] E. Tromer, D. A. Osvik, and A. Shamir, “Efficient Cache Attacks on AES, and Countermeasures,” J. Cryptol., vol. 23, no. 1, pp. 37–71, Jan. 2010. [7] O. Aciiçmez, “Yet another MicroArchitectural attacks: Exploiting I-cache,” Proceedings of the ACM Conference on Computer and Communications Security. pp. 11–18, 2007. [8] O. Aciiçmez and W. Schindler, “A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4964 LNCS. pp. 256–273, 2008. [9] F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, “Last-level cache side-channel attacks are practical,” Proceedings - IEEE Symposium on Security and Privacy, vol. 2015-July. pp. 605–622, 2015. [10] F. Brasser, U. Müller, A. Dmitrienko, K. Kostiainen, S. Capkun, and A. R. Sadeghi, “Software grand exposure: SGX cache attacks are practical,” 11th USENIX Workshop on Offensive Technologies, WOOT 2017, co-located with USENIX Security 2017. 2017. [11] M. Schwarz, S. Weiser, D. Gruss, C. Maurice, and S. Mangard, “Malware guard extension: Using SGX to conceal cache attacks,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2017, vol. 10327 LNCS, pp. 3–24. [12] J. Götzfried, M. Eckert, S. Schinzel, and T. Müller, “Cache Attacks on Intel SGX,” in Proceedings of the 10th European Workshop on Systems Security, 2017, pp. 1–6. [13] R. Hund, C. Willems, and T. Holz, “Practical timing side channel attacks against kernel space ASLR,” Proceedings - IEEE Symposium on Security and Privacy. pp. 191–205, 2013. [14] D. Gullasch, E. Bangerter, and S. Krenn, “Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice,” in 2011 IEEE Symposium on Security and Privacy, 2011, pp. 490–505. [15] Y. Yarom and K. Falkner, “{FLUSH+RELOAD}: A High Resolution, Low Noise, L3 Cache {Side-Channel} Attack,” in 23rd USENIX Security Symposium (USENIX Security 14), 2014, pp. 719–732. [16] G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar, “Wait a minute! A fast, cross-VM attack on AES,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8688 LNCS. pp. 299–319, 2014. [17] B. Gülmezo Ğ Lu, M. S. İnci, G. Irazoqui, T. Eisenbarth, and B. Sunar, “A faster and more realistic flush+reload attack on AES,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2015, vol. 9064, pp. 111–126. [18] N. Benger, J. van de Pol, N. P. Smart, and Y. Yarom, “‘Ooh Aah... Just a Little Bit’ : A Small Amount of Side Channel Can Go a Long Way,” 2014, pp. 75–92. [19] J. van de Pol, N. P. Smart, and Y. Yarom, “Just a Little Bit More,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9048, 2015, pp. 3–21. [20] Y. Yarom and N. Benger, “Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack,” IACR Cryptology. pp. 12–14, 2014. [21] T. Allan, B. B. Brumley, K. Falkner, J. Van De Pol, and Y. Yarom, “Amplifying side channels through performance degradation,” ACM International Conference Proceeding Series, vol. 5-9-Decemb. pp. 422–435, 2016. [22] Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, “Cross-tenant side-channel attacks in PaaS clouds,” in Proceedings of the ACM Conference on Computer and Communications Security, 2014, pp. 990–1003. [23] D. Gruss, R. Spreitzer, and S. Mangard, “Cache template attacks: Automating attacks on inclusive last-level caches,” in Proceedings of the 24th USENIX Security Symposium, 2015, pp. 897–912. [24] M. Esfahani, H. Soleimany, and M. R. Aref, “Modified Cache-Template Attack on AES,” Scientia Iranica, vol. 29, no. 4. p. 8, 2022. [26] C. Pereida García, B. B. Brumley, and Y. Yarom, “Make Sure DSA Signing Exponentiations Really are Constant-Time,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, vol. 24-28-Octo, pp. 1639–1650. [27] D. Gruss, C. Maurice, K. Wagner, and S. Mangard, “Flush+Flush: A Fast and Stealthy Cache Attack,” 2016, pp. 279–299. [28] G. Didier and C. Maurice, “Calibration Done Right: Noiseless Flush+Flush Attacks,” 2021, pp. 278–298. [29] A. Saxena and B. Panda, “DABANGG : Time for Fearless Flush based Cache Attacks,” Cryptology ePrint Archive, no. Report 2020/637. 2020. [30] A. Saxena and B. Panda, “DABANGG: A Case for Noise Resilient Flush-Based Cache Attacks,” in 2022 IEEE Security and Privacy Workshops (SPW), 2022, pp. 323–334. [31] N. Zhang, K. Sun, D. Shands, W. Lou, and Y. T. Hou, “Truspy: Cache side-channel information leakage from the secure world on arm devices,” Cryptol. ePrint Arch., 2016. [32] N. Zhang, K. Sun, D. Shands, W. Lou, and Y. T. Hou, “TruSense: Information Leakage from TrustZone,” in Proceedings - IEEE INFOCOM, 2018, vol. 2018-April, pp. 1097–1105. [33] M. Lipp, D. Gruss, R. Spreitzer, C. Maurice, and S. Mangard, “Armageddon: Cache attacks on mobile devices,” Proceedings of the 25th USENIX Security Symposium. pp. 549–564, 2016. [34] R. Guanciale, H. Nemati, C. Baumann, and M. Dam, “Cache Storage Channels: Alias-Driven Attacks and Verified Countermeasures,” in Proceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016, 2016, pp. 38–55. [35] “wolfSSL: Embedded SSL/TLS Library.” [Online]. Available: https://www.wolfssl.com/products/wolfssl/. [Accessed: 06-Sep-2022]. [36] M. Green, L. Rodrigues-Lima, A. Zankl, G. Irazoqui, J. Heyszl, and T. Eisenbarth, “AutoLock: Why cache attacks on arm are harder than you think,” Proceedings of the 26th USENIX Security Symposium. pp. 1075–1091, 2017. [37] B. Lapid and A. Wool, “Navigating the samsung trustzone and cache-attacks on the keymaster trustlet,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, vol. 11098 LNCS, pp. 175–196. [38] B. Lapid and A. Wool, “Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2019, vol. 11349 LNCS, pp. 235–256. [40] M. Esfahani, H. Soleimany, and M. R. Aref, “Enhanced cache attack on AES applicable on ARM-based devices with new operating systems,” Comput. Networks, vol. 198, 2021. [41] H. Lee, S. Jang, H.-Y. Kim, and T. Suh, “Hardware-Based FLUSH+RELOAD Attack on Armv8 System via ACP,” in 2021 International Conference on Information Networking (ICOIN), 2021, pp. 32–35. [42] G. Haas, S. Potluri, and A. Aysu, “ITimed: Cache Attacks on the Apple A10 Fusion SoC,” Proceedings of the 2021 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2021. pp. 80–90, 2021. [45] M. Lipp et al., “PLATYPUS: Software-based power side-channel attacks on x86,” Proceedings - IEEE Symposium on Security and Privacy, vol. 2021-May. pp. 355–371, 2021. [46] P. C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman,” CRYPTO - Annual International Cryptology Conference. pp. 104–113, 1996. [47] M. Lipp et al., “Meltdown: Reading kernel memory from user space,” in 27th USENIX Security Symposium (USENIX Security 18), 2018, pp. 973–990. [48] P. Kocher et al., “Spectre attacks: Exploiting speculative execution,” Proceedings - IEEE Symposium on Security and Privacy, vol. 2019-May. pp. 1–19, 2019. [49] C. Canella et al., “A systematic evaluation of transient execution attacks and defenses,” Proc. 28th USENIX Secur. Symp., pp. 249–266, 2019. [50] D. Ryu, Y. Kim, and J. Hur, “Gamma-Knife: Extracting Neural Network Architecture Through Software-Based Power Side-Channel,” IEEE Trans. Dependable Secur. Comput., pp. 1–17, 2023. [51] B. Gulmezoglu, A. Moghimi, T. Eisenbarth, and B. Sunar, “FortuneTeller: Predicting Microarchitectural Attacks via Unsupervised Deep Learning,” arXiv Prepr. arXiv1907.03651, vol., no., p. 16, Jul. 2019. [52] M. Mollazadeh, H. Lashkarian, M. Sheikh Mohammadi, and K. Mirzaei, “Evaluation Model of Vulnerabilities of Network Centric Warfare Based on Hierarchical Analysis Process,” J. Command Control, vol. 2, no. 1, p. 25, 2019. (In Persian) [53] “Common Vulnerability Scoring System.” [Online]. Available: https://www.first.org/cvss/. [Accessed: 14-Sep-2023]. [54] “CVSS v4.0 Specification Document.” [Online]. Available: https://www.first.org/cvss/v4.0/specification-document. [Accessed: 25-Jan-2024]. [55] X. Lou, T. Zhang, J. Jiang, and Y. Zhang, “A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography,” ACM Comput. Surv., vol. 54, no. 6, pp. 1–37, Jul. 2022. [56] L. Wang, Z. Zhu, Z. Wang, and D. Meng, “Colored Petri Net Based Cache Side Channel Vulnerability Evaluation,” IEEE Access, vol. 7, pp. 169825–169843, 2019. | ||
آمار تعداد مشاهده مقاله: 290 تعداد دریافت فایل اصل مقاله: 39 |