Drive-by key-extraction cache attacks from portable code

Daniel Genkin; Lev Pachmanov; Eran Tromer; Yuval Yarom

doi:10.1007/978-3-319-93387-0_5

Drive-by key-extraction cache attacks from portable code

Daniel Genkin
, Lev Pachmanov
, Eran Tromer^*
, Yuval Yarom

^*Corresponding author for this work

School of Computer Science and AI

University of Pennsylvania
University of Maryland, College Park
Tel Aviv University
Columbia University
Adelaide University
CSIRO

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

43 Scopus citations

Abstract

We show how malicious web content can extract cryptographic secret keys from the user’s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user’s computer. We show how this side-channel attack can be realized in WebAssembly and PNaCl; how to attain fine-grained measurements; and how to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser’s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices. Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519’s, are vulnerable to our attack.

Original language	English
Title of host publication	Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings
Editors	Bart Preneel, Frederik Vercauteren
Publisher	Springer Verlag
Pages	83-102
Number of pages	20
ISBN (Print)	9783319933863
DOIs	https://doi.org/10.1007/978-3-319-93387-0_5
State	Published - 2018
Event	16th International Conference on Applied Cryptography and Network Security, ACNS 2018 - Leuven, Belgium Duration: 2 Jul 2018 → 4 Jul 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10892 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Conference on Applied Cryptography and Network Security, ACNS 2018
Country/Territory	Belgium
City	Leuven
Period	2/07/18 → 4/07/18

Funding

Funders	Funder number
Australian Department of Education and Training
Blavatnik Interdisciplinary Cyber Research Center
Check Point Institute for Information Security
ICRC
Israeli Ministry of Science and Technology
National Science Foundation	#CCF-1423306, #CNS- 1445424
National Institute of Standards and Technology	8650-16-C-7622
Army Research Office	911NF-15-C-0236
Defense Advanced Research Projects Agency	#FA8650-16-C-7622
U.S. Department of Commerce
Leona M. and Harry B. Helmsley Charitable Trust	-1423306, -1445424, 70NANB15H328
Israeli Centers for Research Excellence
Ministry of Science and Technology, Israel	4/11

Access to Document

10.1007/978-3-319-93387-0_5

Cite this

Genkin, D., Pachmanov, L., Tromer, E., & Yarom, Y. (2018). Drive-by key-extraction cache attacks from portable code. In B. Preneel, & F. Vercauteren (Eds.), Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings (pp. 83-102). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10892 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-93387-0_5

Genkin, Daniel ; Pachmanov, Lev ; Tromer, Eran et al. / Drive-by key-extraction cache attacks from portable code. Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. editor / Bart Preneel ; Frederik Vercauteren. Springer Verlag, 2018. pp. 83-102 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7bd17e5cf58049cb8db3cc8cb847149c,

title = "Drive-by key-extraction cache attacks from portable code",

abstract = "We show how malicious web content can extract cryptographic secret keys from the user{\textquoteright}s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user{\textquoteright}s computer. We show how this side-channel attack can be realized in WebAssembly and PNaCl; how to attain fine-grained measurements; and how to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser{\textquoteright}s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices. Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519{\textquoteright}s, are vulnerable to our attack.",

author = "Daniel Genkin and Lev Pachmanov and Eran Tromer and Yuval Yarom",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG, part of Springer Nature 2018.; 16th International Conference on Applied Cryptography and Network Security, ACNS 2018 ; Conference date: 02-07-2018 Through 04-07-2018",

year = "2018",

doi = "10.1007/978-3-319-93387-0\_5",

language = "אנגלית",

isbn = "9783319933863",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "83--102",

editor = "Bart Preneel and Frederik Vercauteren",

booktitle = "Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings",

address = "גרמניה",

}

Genkin, D, Pachmanov, L, Tromer, E & Yarom, Y 2018, Drive-by key-extraction cache attacks from portable code. in B Preneel & F Vercauteren (eds), Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10892 LNCS, Springer Verlag, pp. 83-102, 16th International Conference on Applied Cryptography and Network Security, ACNS 2018, Leuven, Belgium, 2/07/18. https://doi.org/10.1007/978-3-319-93387-0_5

Drive-by key-extraction cache attacks from portable code. / Genkin, Daniel; Pachmanov, Lev; Tromer, Eran et al.
Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. ed. / Bart Preneel; Frederik Vercauteren. Springer Verlag, 2018. p. 83-102 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10892 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Drive-by key-extraction cache attacks from portable code

AU - Genkin, Daniel

AU - Pachmanov, Lev

AU - Tromer, Eran

AU - Yarom, Yuval

PY - 2018

Y1 - 2018

N2 - We show how malicious web content can extract cryptographic secret keys from the user’s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user’s computer. We show how this side-channel attack can be realized in WebAssembly and PNaCl; how to attain fine-grained measurements; and how to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser’s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices. Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519’s, are vulnerable to our attack.

AB - We show how malicious web content can extract cryptographic secret keys from the user’s computer. The attack uses portable scripting languages supported by modern browsers to induce contention for CPU cache resources, and thereby gleans information about the memory accesses of other programs running on the user’s computer. We show how this side-channel attack can be realized in WebAssembly and PNaCl; how to attain fine-grained measurements; and how to extract ElGamal, ECDH and RSA decryption keys from various cryptographic libraries. The attack does not rely on bugs in the browser’s nominal sandboxing mechanisms, or on fooling users. It applies even to locked-down platforms with strong confinement mechanisms and browser-only functionality, such as Chromebook devices. Moreover, on browser-based platforms the attacked software too may be written in portable JavaScript; and we show that in this case even implementations of supposedly-secure constant-time algorithms, such as Curve25519’s, are vulnerable to our attack.

UR - https://www.scopus.com/pages/publications/85049097792

U2 - 10.1007/978-3-319-93387-0_5

DO - 10.1007/978-3-319-93387-0_5

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85049097792

SN - 9783319933863

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 83

EP - 102

BT - Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings

A2 - Preneel, Bart

A2 - Vercauteren, Frederik

PB - Springer Verlag

T2 - 16th International Conference on Applied Cryptography and Network Security, ACNS 2018

Y2 - 2 July 2018 through 4 July 2018

ER -

Genkin D, Pachmanov L, Tromer E, Yarom Y. Drive-by key-extraction cache attacks from portable code. In Preneel B, Vercauteren F, editors, Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Proceedings. Springer Verlag. 2018. p. 83-102. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-93387-0_5

Drive-by key-extraction cache attacks from portable code

Abstract

Publication series

Conference

Funding

Access to Document

Other files and links

Fingerprint

Cite this