Real time detection of cache-based side-channel attacks using hardware performance counters

Warning The system is temporarily closed to updates for reporting purpose.

Chiappetta, Marco (2016) Real time detection of cache-based side-channel attacks using hardware performance counters. [Thesis]

[thumbnail of MarcoChiapetta_10124219.pdf] PDF
MarcoChiapetta_10124219.pdf

Download (2MB)

Abstract

Cache-based side-channel attacks are increasingly exposing the weaknesses of many cryptographic libraries and tools by showing that, even though the algorithms might be considered strong, their implementations often lead to unexpected behaviors that can be exploited to obtain sensitive data, usually encryption keys. In this study we analyze three methods to detect cache-based side-channel attacks in real time, preventing or limiting the amount of leaked information. We focus our efforts on detecting three attacks on the well-known OpenSSL library: one that targets AES, one that targets RSA and one that targets ECDSA. The first method is based on monitoring the involved processes and assumes the victim process is known. By collecting and correlating the monitored data we find out whether there exists an attacker and pinpoint it. The second method uses anomaly detection techniques and assumes the benign processes and their behavior are known. By treating the attacker as a potential anomaly we understand whether an attack is in progress and which process is performing it. The last method is based on employing a neural network, a machine learning technique, to profile the attacker and to be able to recognize when a process that behaves suspiciously like the attacker is running. All the three of them can successfully detect an attack in about one fifth of the time required to complete it. We could not experience the presence of false positives in our test environment and the overhead caused by the detection systems is negligible. We also analyze how the detection systems behave with a modified version of one ofthe spy processes. With some optimization we are confident these systems can be used in real world scenarios.
Item Type: Thesis
Additional Information: Yükseköğretim Kurulu Tez Merkezi Tez No: 444562.
Uncontrolled Keywords: Real time detection. -- OpenSSL library. -- AES. -- RSA. -- ECDSA.
Subjects: Q Science > QA Mathematics > QA076 Computer software
Divisions: Faculty of Engineering and Natural Sciences > Academic programs > Computer Science & Eng.
Faculty of Engineering and Natural Sciences
Depositing User: IC-Cataloging
Date Deposited: 27 Apr 2018 16:51
Last Modified: 26 Apr 2022 10:19
URI: https://research.sabanciuniv.edu/id/eprint/34598

Actions (login required)

View Item
View Item