IAIK/cache_template_attacks IAIK/cache_template_attacks

  • Stars
    star
    131
  • Rank 267,204 (Top 6 %)
  • Language
    C
  • License
    The Unlicense
  • Created about 9 years ago
  • Updated 9 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
IAIK/cache_template_attacks
github

IAIK

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repository contains several tools to perform Cache Template Attacks

Cache Template Attacks

This repository contains several tools to perform Cache Template Attacks.

Cache Template Attacks are a new generic attack technique, allowing to profile and exploit cache-based information leakage of any program automatically, without prior knowledge of specific software versions or even specific system information.

The underlying cache attack used in this repository is Flush+Reload as presented by Yarom and Falkner in "FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack" (2014).

The "Cache Template Attacks" paper by Gruss, Spreitzer and Mangard was published at USENIX Security 2015.

One note before starting

The programs should work on x86-64 Intel CPUs independent of the operating system (as long as you can compile it). Different OS specific version of the tools are provided in subfolders.

Warning: This code is provided as-is. You are responsible for protecting yourself, your property and data, and others from any risks caused by this code. This code may not detect vulnerabilities of your applications. This code is only for testing purposes. Use it only on test systems which contain no sensitive data.

Getting started: Calibration

Before starting the Cache Template Attack you have to find the cache hit/miss threshold of your system.

Use the calibration tool for this purpose:

cd calibration
make
./calibration

This program should print a histogram for cache hits and cache misses. Based on the histogram it suggests a suitable threshold value (this value is also returned by the program).

Note: In most programs I defined a constant MIN_CACHE_MISS_CYCLES. Change it based on your threshold, if necessary.

Getting started: Automated keypress profiling

It is helpful to start with well observable events like key strokes and an application which is known to process such events (for instance an editor). You find the profiling tools in the profiling folder.

Run the following commands to find keypress information leakage in a program (the program should be running and it should have focus as soon as you started the spy script):

cd profiling/linux_low_frequency_example
make
./spy.sh 5 200 gedit # in our example we profile keypresses in gedit

The resulting log file is in a format which can be parsed by LibreOffice Calc or similar software. You can analyze information leakage through the cache using this log file.

In detail: Keypresses (with libxdotool)

In this example we perform some steps by hand to illustrate what happens in the background. Therefore, we will first find the address range to attack.

$ cat /proc/`ps -A | grep gedit | grep -oE "^[0-9]+"`/maps | grep r-x | grep gdk-3
7fc963a05000-7fc963ab4000 r-xp 00000000 fc:01 2637370                    /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2

We do not care about the virtual addresses, but only the size of the address range and the offset in the file (which is 00000000 in this example). This is also the reason why we don't have to think about address space layout randomization.

Note: On Windows you can use the tool vmmap to find the same information.

This line can directly be passed to the profiling tool in the following step. We will create a Cache Template in this step. Using the libxdo library. Be sure to install it before trying this.

Note: There is a second version which runs without libxdo, but then you have to issue the events by some other means.

During the profiling we will simulate a huge number of key presses. Therefore, your test system will probably not be usable for a few minutes to hours. Switch to an already opened gedit window before ./spy is started. On Linux, run the following lines:

cd profiling/linux_low_frequency_example
make
echo "switch to gedit window"
sleep 5; ./spy 200 7fc963a05000-7fc963ab4000 r-xp 00000000 fc:01 2637370                    /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2 > libgdk.csv

On Windows with MSYS/MinGW, run the following lines:

cd profiling/windows_low_frequency_example
mingw32-make
echo "switch to notepad window"
sleep 5; ./spy 200 C:\Windows\System32\notepad.exe > notepad.csv

The resulting log file is in a format which can be parsed by LibreOffice Calc or similar software. You can analyze information leakage through the cache using this log file.

You are generally looking for events which have single high peaks, like the following:

file,  addr,   0,   1,   2,   3,   4,   5,   6,   7,   8,   9,   a,   b,   c,   d,   e,   f,   g,   h,   i,   j,   k,   l,   m,   n,   o,   p,   q,   r,   s,   t,   u,   v,   w,   x,   y,   z
/usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2, 0x85ec0,=   3/ 110,=   0/ 112,=   0/ 117,=   0/ 122,=   0/ 120,=   1/ 123,=   0/ 125,=   0/ 123,=   1/ 124,=   0/ 124,=   1/ 123,=   0/ 120,=   0/ 122,=   0/ 121,=   0/ 122,=   0/ 123,=   0/ 122,=   0/ 123,=   1/ 123,=   1/ 121,=   0/ 118,=   0/ 123,=   0/ 122,= 126/ 122,=   0/ 122,=   2/ 117,=   0/ 117,=   0/ 119,=   0/ 121,=   0/ 123,=   3/ 118,=  14/ 122,=   0/ 120,=   0/ 122,=   0/ 117,=   4/ 116

This one had 126 cache hits during 122 key presses of the key N. And almost none when pressing other keys.

To verify our results we will now use the generic exploitation spy tool:

cd exploitation/generic
make
./spy /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2 0x85ec0

Now this tool prints a message exactly when a user presses N (in any GTK3 window). This spy tool can also be used on Windows just like that.

In detail: Keypresses (without libxdotool)

Without libxdotool we can use the generic low frequency profiling tool. This tool requires you to generate the events somehow. Depending on what you want to profile this can be another program simulating key strokes, a jammed key, a program which constantly triggers the event to exploit (an encryption...). In our case we will just jam a key and create a Cache Template showing which addresses react on key strokes. To filter false positive cache hits we should then perform a second profiling scan without jamming a key.

Note: Cache Template Attacks can be fully automated, but this requires the event to be automated as well. In the previous example we used libxdotool for this purpose.

On Windows or OSX you might not have procfs to retrieve the shared library mappings. However, on Windows there is vmmap which gives you the same information and on OSX you can use at least ldd and scan the binary itself. Therefore, we execute the generic example tool similar as before:

cd profiling/generic_low_frequency_example
make
sleep 5; ./spy 200 7fc963a05000-7fc963ab4000 r-xp 00000000 fc:01 2637370                    /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2 > libgdk.csv

OpenSSL AES T-Table attack

This example requires a self-compiled OpenSSL library to enable it's T-Table-based AES implementation. Place libcrypto.so in the same folder and make sure the program actually uses it as a shared library. Then run

cd profiling/aes_example
make
./spy

The T-Table is easily locatable in the log file as there are only 64 addresses which are frequently accessed, but not always accessed. Subsequently, you can monitor addresses from the profile to derive information about secret keys.

In the exploitation phase the spy tool has to trigger encryptions itself with an unknown key and can then trivially determine the upper 4 bits of each key byte after about 64 encryptions.

Of course, we know that OpenSSL does not use a T-Table-based AES implementation anymore. But you can use this tool to profile any (possibly closed-source) binary to find whether it contains a crypto algorithm which leaks key dependent information through the cache. Just trigger the algorithm execution with fixed keys

Fully automated attack

In this example we will run a script which will automatically execute the profiling phase as described before and then switch to the multi_spy exploitation tool as soon as a result is available.

Then run

cd exploitation/multi_spy
make
cd ../../profiling/linux_low_frequency_automated
./spy.sh 5 200 /usr/lib/x86_64-linux-gnu/libgdk-3.so.0.1200.2

The spy tool should switch into exploitation mode after profiling is completed. The result of the profiling phase is printed on the screen, for instance:

Events per address:
 0x85d00:q
 0x85d40:q
 0x85d80:ghijklnqtuvwz
 0x85dc0:iuzn
 0x85e00:iznuj
 0x85e40:inzu
 0x85e80:n
 0x85ec0:n

That's it, now it's up to you to find out which of your software leaks data and how it could be exploited. I hope it helps you closing these leaks.

More Repositories

1

meltdown

This repository contains several applications, demonstrating the Meltdown bug.
C
4,092
star
2

ZombieLoad

Proof-of-concept for the ZombieLoad attack
C
812
star
3

rowhammerjs

Rowhammer.js - A Remote Software-Induced Fault Attack in JavaScript
C++
488
star
4

CJAG

CJAG is an open-source implementation of our cache-based jamming agreement.
C
281
star
5

armageddon

This repository contains tools to perform modern cache attacks on ARM.
C
279
star
6

KAISER

Kernel Address Isolation to have Side-channels Efficiently Removed
214
star
7

sgxrop

The code to the SGX-ROP paper
C
183
star
8

transientfail

Website and PoC collection for transient execution attacks
C
160
star
9

drama

This repository contains examples of DRAMA reverse-engineering and side-channel attacks
C++
157
star
10

ChromeZero

Google Chrome extension implementing JavaScript Zero
JavaScript
147
star
11

flush_flush

This repository contains examples of Flush+Flush cache attacks
C
147
star
12

merkle-tree

A C implementation of a dynamically resizeable binary SHA-256 hash tree (Merkle Tree).
C
126
star
13

sweb

SWEB Educational OS
C++
113
star
14

AEPIC

C
110
star
15

ios-analysis

Automated Binary Analysis on iOS
Shell
103
star
16

Picnic

Optimized implementation of the Picnic signature scheme
C
77
star
17

prefetch

This repository contains several tools to perform Prefetch Side-Channel Attacks
C
56
star
18

jstemplate

JavaScript Template Attack proof-of-concept implementation
HTML
53
star
19

hybrid-HE-framework

C
36
star
20

secure-block-device

The Secure Block Device Library is a software library that applies cryptographic confidentiality and integrity protection, including data freshness, to arbitrary block device like storage mechanisms.
C
34
star
21

flipfloyd

Tools for "Another Flip in the Wall"
C
33
star
22

interruptjs

Practical Keystroke Timing Attacks in Sandboxed JavaScript
HTML
31
star
23

msrevelio

C++
29
star
24

memsec

Framework for building transparent memory encryption and authentication solutions
VHDL
25
star
25

pairings_in_c

C library for bilinear pairings
C
24
star
26

keydrown

Eliminating Keystroke Timing Attacks
C
21
star
27

CollidePower

C
20
star
28

Chestnut

C
19
star
29

gzkbpp

Implementation of the ZKB++ proof system
C++
17
star
30

ascon_hardware

Hardware implementations of the authenticated encryption design ASCON
VHDL
17
star
31

flecc_in_c

FLECC_IN_C is a FLexible Elliptic Curve Cryptography library written IN C
Scilab
17
star
32

ProcHarvester

ProcHarvester - Fully Automated Analysis of Procfs Side-Channel Leaks on Android
Java
17
star
33

coco-alma

CocoAlma is an execution-aware tool for formal verification of masked implementations
Python
16
star
34

Donky

C
14
star
35

drawio2tikz

drawio2tikz - a tool to translate drawio xml files to readable and adaptable tikz code
Python
14
star
36

fish-begol

Implementation of the Fish and Begol signature schemes
C
13
star
37

marvellous-attacks

Attacks on Jarvis and Friday
Python
10
star
38

Jenny

C
10
star
39

halfdouble

C++
10
star
40

SCAnDroid

Java
9
star
41

Memory-Compression-Attacks

Memory Compression Attacks
C
9
star
42

data-gui

DATA GUI
Python
9
star
43

sgxjail

Makefile
8
star
44

wolfSSL-DoS

Proof of concept for denial of service attack on wolfSSL's DTLS server implementation.
C
8
star
45

ios-analysis-llvmslicer

C++
7
star
46

LayeredBinaryTemplating

Layered Binary Templating
Python
7
star
47

CoronaHeatMap

C++
6
star
48

CryptoSlice

Static Analysis of Cryptography in Android Applications
Java
6
star
49

coco-ibex

SystemVerilog
5
star
50

CacheSim

C++
5
star
51

CSIRowhammer

CSI:Rowhammer - Cryptographic Security and Integrity against Rowhammer
C
5
star
52

FLARE

C
5
star
53

CrySIL

JavaScript
4
star
54

CryptoTL

C++
4
star
55

LVI-NULLify

C
4
star
56

contextlight

The PoC for ConTExT-light
C
4
star
57

rebecca

REBECCA is a tool for the formal verification of masked cryptographic hardware implementations that, given the netlist of a masked hardware circuit, determines if a correct separation between shares is preserved throughout the circuit.
Verilog
4
star
58

libdropit

Proof-of-concept implementation of DropIt
C
3
star
59

daps-dl

Short DAPS from ECDSA in OpenSSL
C
3
star
60

TBIBS

Time-bound identity-based signatures (TBIBΣ) for Short-Lived Forward-Secure Delegation in TLS
Java
3
star
61

romulush_collisions

TeX
3
star
62

rainier-signatures

C++
2
star
63

bnpp_helium_signatures

C++
2
star
64

minefield

C++
2
star
65

trusted-location-based-services

Prototype 1, Prototype 2 and base components for Trusted Location Based Services on Android devices.
Java
2
star
66

ios-analysis-dagger

C++
2
star
67

Picnic-FPGA

FPGA implementation of Picnic and LowMC
VHDL
2
star
68

spearv

C
2
star
69

servas

1
star
70

sgxjail-sdk

Implementation of SGXJail in the Linux SGX SDK
C++
1
star
71

banquet-signature-variants

C++
1
star
72

mimc-analysis

mimc-analysis
C++
1
star
73

MPC-Accumulator

Java
1
star