Cache-based vulnerabilities and spam analysis

Neve de Mevergnies, Michael

14 July 2006

Two problems of computer security are investigated. On one hand, we are facing a practical problematic of actual processors: the cache, an element of the architecture that brings flexibility and allows efficient utilization of the resources, is demonstrated to open security breaches from which secret information can be extracted. This issue required a delicate study to understand the problem and the role of the incriminated elements, to discover the potential of the attacks and find effective countermeasures. Because of the intricate behavior of a processor and limited resources of the cache, it is extremely hard to write constant-time software. This is particularly true with cryptographic applications that often rely on large precomputed data and pseudo-random accesses. The principle of time-driven attacks is to analyze the overall execution time of a cryptographic process and extract timing profiles. We show that in the case of AES those profiles are dependent on the memory lookups, i.e. the addition of the plaintext and the secret key. Correlations between some profiles with known inputs and some with partially unknown ones (known plaintext but unknown secret key) lead to the recovery of the secret key. We then detail access-driven attacks: another kind of cache-based side channel. This case relies on stronger assumptions regarding the attacker's capacities: he must be able to run another process, concurrent to the security process. Even if the security policies prevent the so-called "spy" process from accessing directly the data of the "crypto" process, the cache is shared between them and its behavior can lead the spy process to deduce the secrets of the crypto process. Several ways are explored for mitigations, depending on the security level to reach and on the attacker's capabilities. The respective performances of the mitigations are given. The scope is however oriented toward software mitigations as they can be directly applied to patch programs and reduce the cache leakage. On the other hand, we tackle a situation of computer science that also concerns many people and where important economical aspects are at stake: although spam is often considered as the other side of the Internet coin, we believe that it can be defeated and avoided. A increasing number of researches for example explores the ways cryptographic techniques can prevent spams from being spread. We concentrated on studying the behavior of the spammers to understand how e-mail addresses can be prevented from being gathered. The motivation for this work was to produce and make available quantitative results to efficiently prevent spam, as well as to provide a better understanding of the behavior of spammers. Even if orthogonal, both parts tackle practical problems and their results can be directly applied.

Cache

Side channel

Hardware

Microprocessor

Spam analysis and prevention