References & Citations
Computer Science > Cryptography and Security
Title: HyperDegrade: From GHz to MHz Effective CPU Frequencies
(Submitted on 4 Jan 2021 (v1), last revised 21 Sep 2021 (this version, v2))
Abstract: Performance degradation techniques are an important complement to side-channel attacks. In this work, we propose HyperDegrade -- a combination of previous approaches and the use of simultaneous multithreading (SMT) architectures. In addition to the new technique, we investigate the root causes of performance degradation using cache eviction, discovering a previously unknown slowdown origin. The slowdown produced is significantly higher than previous approaches, which translates into an increased time granularity for Flush+Reload attacks. We evaluate HyperDegrade on different Intel microarchitectures, yielding significant slowdowns that achieve, in select microbenchmark cases, three orders of magnitude improvement over state-of-the-art. To evaluate the efficacy of performance degradation in side-channel amplification, we propose and evaluate leakage assessment metrics. The results evidence that HyperDegrade increases time granularity without a meaningful impact on trace quality. Additionally, we designed a fair experiment that compares three performance degradation strategies when coupled with Flush+Reload from an attacker perspective. We developed an attack on an unexploited vulnerability in OpenSSL in which HyperDegrade excels -- reducing by three times the number of required Flush+Reload traces to succeed. Regarding cryptography contributions, we revisit the recently proposed Raccoon attack on TLS-DH key exchanges, demonstrating its application to other protocols. Using HyperDegrade, we developed an end-to-end attack that shows how a Raccoon-like attack can succeed with real data, filling a missing gap from previous research.
Submission history
From: Billy Bob Brumley [view email][v1] Mon, 4 Jan 2021 16:36:09 GMT (468kb,D)
[v2] Tue, 21 Sep 2021 17:37:33 GMT (779kb,D)
Link back to: arXiv, form interface, contact.