TY - GEN
T1 - NIGHTs-WATCH
T2 - 7th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2018
AU - Mushtaq, Maria
AU - Akram, Ayaz
AU - Chaudhry, Maham
AU - Lapotre, Vianney
AU - Bhatti, Muhammad Khurram
AU - Gogniat, Guy
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/6/2
Y1 - 2018/6/2
N2 - This paper presents a novel run-time detection mechanism, called NIGHTs-WATCH, for access-driven cache-based Side-Channel Attacks (SCAs). It comprises of multiple machine learning models, which use real-time data from hardware performance counters for detection. We perform experiments with two state-of-the-art SCAs (Flush+Reload and Flush+Flush) to demonstrate the detection capability and effectiveness of NIGHTs-WATCH. we provide experimental evaluation using realistic system load conditions and analyze results on detection accuracy, speed, system-wide performance overhead and confusion matrix for used models. Our results show detection accuracy of 99.51%, 99.50% and 99.44% for F+R attack in case of no, average and full load conditions, respectively, with performance overhead of < 2% at the highest detection speed, i.e., within 1% completion of a single RSA encryption round. In case of Flush+Flush, our results show 99.97%, 98.74% and 95.20% detection accuracy for no load, average load and full load conditions, respectively, with performance overhead of < 2% at the highest detection speed, i.e., within 12.5% completion of 400 AES encryption rounds needed to complete the attack. NIGHTs-WATCH shows considerably high detection efficiency under variable system load conditions.
AB - This paper presents a novel run-time detection mechanism, called NIGHTs-WATCH, for access-driven cache-based Side-Channel Attacks (SCAs). It comprises of multiple machine learning models, which use real-time data from hardware performance counters for detection. We perform experiments with two state-of-the-art SCAs (Flush+Reload and Flush+Flush) to demonstrate the detection capability and effectiveness of NIGHTs-WATCH. we provide experimental evaluation using realistic system load conditions and analyze results on detection accuracy, speed, system-wide performance overhead and confusion matrix for used models. Our results show detection accuracy of 99.51%, 99.50% and 99.44% for F+R attack in case of no, average and full load conditions, respectively, with performance overhead of < 2% at the highest detection speed, i.e., within 1% completion of a single RSA encryption round. In case of Flush+Flush, our results show 99.97%, 98.74% and 95.20% detection accuracy for no load, average load and full load conditions, respectively, with performance overhead of < 2% at the highest detection speed, i.e., within 12.5% completion of 400 AES encryption rounds needed to complete the attack. NIGHTs-WATCH shows considerably high detection efficiency under variable system load conditions.
KW - Machine learning
KW - Performance counters
KW - Side channel attacks
U2 - 10.1145/3214292.3214293
DO - 10.1145/3214292.3214293
M3 - Conference contribution
AN - SCOPUS:85048750527
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 7th International Workshop on Hardware and Architectural Support for Security and Privacy, HASP 2018
PB - Association for Computing Machinery
Y2 - 2 June 2018 through 2 June 2018
ER -