Tampere University of Technology

TUTCRIS Research Portal

Port Contention for Fun and Profit

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Standard

Port Contention for Fun and Profit. / Cabrera Aldaya, Alejandro; Brumley, Billy B.; ul Hassan, Sohaib; Pereida García, Cesar; Tuveri, Nicola.

2019 IEEE Symposium on Security and Privacy (SP) (2019). San Francisco, CA, US : IEEE, 2019. p. 1037-1054.

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Harvard

Cabrera Aldaya, A, Brumley, BB, ul Hassan, S, Pereida García, C & Tuveri, N 2019, Port Contention for Fun and Profit. in 2019 IEEE Symposium on Security and Privacy (SP) (2019). IEEE, San Francisco, CA, US, pp. 1037-1054, IEEE Symposium on Security and Privacy, San Francisco, United States, 19/05/19. https://doi.org/10.1109/SP.2019.00066

APA

Cabrera Aldaya, A., Brumley, B. B., ul Hassan, S., Pereida García, C., & Tuveri, N. (2019). Port Contention for Fun and Profit. In 2019 IEEE Symposium on Security and Privacy (SP) (2019) (pp. 1037-1054). San Francisco, CA, US: IEEE. https://doi.org/10.1109/SP.2019.00066

Vancouver

Cabrera Aldaya A, Brumley BB, ul Hassan S, Pereida García C, Tuveri N. Port Contention for Fun and Profit. In 2019 IEEE Symposium on Security and Privacy (SP) (2019). San Francisco, CA, US: IEEE. 2019. p. 1037-1054 https://doi.org/10.1109/SP.2019.00066

Author

Cabrera Aldaya, Alejandro ; Brumley, Billy B. ; ul Hassan, Sohaib ; Pereida García, Cesar ; Tuveri, Nicola. / Port Contention for Fun and Profit. 2019 IEEE Symposium on Security and Privacy (SP) (2019). San Francisco, CA, US : IEEE, 2019. pp. 1037-1054

Bibtex - Download

@inproceedings{81b95aeb89324e66b344893618db7110,
title = "Port Contention for Fun and Profit",
abstract = "Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing our channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount an end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application.",
keywords = "public-key-cryptography, applied-cryptography, ECDSA, side-channel-analysis, timing-attacks, microarchitecture-attacks, OpenSSL, CVE-2018-5407",
author = "{Cabrera Aldaya}, Alejandro and Brumley, {Billy B.} and {ul Hassan}, Sohaib and {Pereida Garc{\'i}a}, Cesar and Nicola Tuveri",
note = "jufoid=57507",
year = "2019",
month = "5",
day = "20",
doi = "10.1109/SP.2019.00066",
language = "English",
publisher = "IEEE",
pages = "1037--1054",
booktitle = "2019 IEEE Symposium on Security and Privacy (SP) (2019)",

}

RIS (suitable for import to EndNote) - Download

TY - GEN

T1 - Port Contention for Fun and Profit

AU - Cabrera Aldaya, Alejandro

AU - Brumley, Billy B.

AU - ul Hassan, Sohaib

AU - Pereida García, Cesar

AU - Tuveri, Nicola

N1 - jufoid=57507

PY - 2019/5/20

Y1 - 2019/5/20

N2 - Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing our channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount an end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application.

AB - Simultaneous Multithreading (SMT) architectures are attractive targets for side-channel enabled attackers, with their inherently broader attack surface that exposes more per physical core microarchitecture components than cross-core attacks. In this work, we explore SMT execution engine sharing as a side-channel leakage source. We target ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks. Implementing our channel on Intel Skylake and Kaby Lake architectures featuring Hyper-Threading, we mount an end-to-end attack that recovers a P-384 private key from an OpenSSL-powered TLS server using a small number of repeated TLS handshake attempts. Furthermore, we show that traces targeting shared libraries, static builds, and SGX enclaves are essentially identical, hence our channel has wide target application.

KW - public-key-cryptography

KW - applied-cryptography

KW - ECDSA

KW - side-channel-analysis

KW - timing-attacks

KW - microarchitecture-attacks

KW - OpenSSL

KW - CVE-2018-5407

UR - https://www.computer.org/csdl/proceedings/sp/2019/6660/00/666000b037-abs.html

U2 - 10.1109/SP.2019.00066

DO - 10.1109/SP.2019.00066

M3 - Conference contribution

SP - 1037

EP - 1054

BT - 2019 IEEE Symposium on Security and Privacy (SP) (2019)

PB - IEEE

CY - San Francisco, CA, US

ER -