TY - GEN
T1 - Sherlock Holmes of Cache Side-Channel Attacks in Intel's x86 Architecture
AU - Mushtaq, Maria
AU - Akram, Ayaz
AU - Bhatti, Muhammad Khurram
AU - Ali, Usman
AU - Lapotre, Vianney
AU - Gogniat, Guy
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/6/1
Y1 - 2019/6/1
N2 - Intel's x86 architecture has been exposed to high resolution and stealthy cache side channel attacks (CSCAs) over past few years. In this paper, we present a novel technique to detect CSCAs on Intel's x86 architecture. The proposed technique comprises of multiple machine learning models that use real-Time behavioral data of concurrent processes collected through Hardware Performance Counters (HPCs). In this work, we demonstrate that machine learning models, when coupled with intelligent performance monitoring of concurrent processes at hardware-level, can be used in security for early-stage detection of high precision and stealthier CSCAs. We provide extensive experiments with four variants of the state-of-The-Art CSCAs. We demonstrate that our proposed technique is resilient to noise generated by the system under various loads. To do so, we provide results under realistic system load conditions with an evaluation metric comprising of detection accuracy, speed, system-wide performance overhead and confusion matrix for machine learning models. In experiments, our technique achieves detection accuracy of up to 99.51% for Flush-Reload attack on RSA, incurring a performance overhead of 1.63% and 99.99% accuracy on AES while incurring a maximum performance overhead of 8.28%. Our experimental results show consistency for Flush-Flush attack on different implementations of AES as well.
AB - Intel's x86 architecture has been exposed to high resolution and stealthy cache side channel attacks (CSCAs) over past few years. In this paper, we present a novel technique to detect CSCAs on Intel's x86 architecture. The proposed technique comprises of multiple machine learning models that use real-Time behavioral data of concurrent processes collected through Hardware Performance Counters (HPCs). In this work, we demonstrate that machine learning models, when coupled with intelligent performance monitoring of concurrent processes at hardware-level, can be used in security for early-stage detection of high precision and stealthier CSCAs. We provide extensive experiments with four variants of the state-of-The-Art CSCAs. We demonstrate that our proposed technique is resilient to noise generated by the system under various loads. To do so, we provide results under realistic system load conditions with an evaluation metric comprising of detection accuracy, speed, system-wide performance overhead and confusion matrix for machine learning models. In experiments, our technique achieves detection accuracy of up to 99.51% for Flush-Reload attack on RSA, incurring a performance overhead of 1.63% and 99.99% accuracy on AES while incurring a maximum performance overhead of 8.28%. Our experimental results show consistency for Flush-Flush attack on different implementations of AES as well.
KW - AES
KW - Cryptography
KW - Detection
KW - Flush+Flush
KW - Flush+Reload
KW - Machine Learning
KW - RSA
KW - Side-Channel Attacks
U2 - 10.1109/CNS.2019.8802805
DO - 10.1109/CNS.2019.8802805
M3 - Conference contribution
AN - SCOPUS:85071717248
T3 - 2019 IEEE Conference on Communications and Network Security, CNS 2019
SP - 64
EP - 72
BT - 2019 IEEE Conference on Communications and Network Security, CNS 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 IEEE Conference on Communications and Network Security, CNS 2019
Y2 - 10 June 2019 through 12 June 2019
ER -