Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack

An early result from our work with DSTO on security and virtualisation is now available from the Cryptology ePrint Archive. Our work with DSTO focusses on understanding the benefits and limitations, in terms of security, in using virtualisation in real-time and defence systems. As part of this work, we have been able to identify a new form of cache side-channel attack, which targets the Level 3 cache, and have been able to demonstrate how to use this attack against the GnuPG implementation of RSA.

Flush+Reload is a cache side-channel attack that monitors access to data in shared pages. In this paper, we demonstrate how to use the attack to extract private encryption keys from GnuPG. The high resolution and low noise of the Flush+Reload attack enables a spy program to recover over 98% of the bits of the private key in a single decryption or signing round. Unlike previous attacks, the attack targets the last level L3 cache. Consequently, the spy program and the victim do not need to share the execution core of the CPU. The attack is not limited to a traditional OS and can be used in a virtualised environment, where it can attack programs executing in a different VM.

SecureY. Yarom and K. Falkner, FLUSH+RELOAD: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Cryptology ePrint Archive, 2013/448.

This entry was posted in Publications, Research, Security and tagged , , . Bookmark the permalink.

Comments are closed.