publication . Conference object . Preprint . Other literature type . 2016

ARMageddon: Cache Attacks on Mobile Devices

Daniel Gruss;
  • Published: 19 Jun 2016
Abstract
In the last 10 years, cache attacks on Intel x86 CPUs have gained increasing attention among the scientific community and powerful techniques to exploit cache side channels have been developed. However, modern smartphones use one or more multi-core ARM CPUs that have a different cache organization and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks have been demonstrated on non-rooted Android smartphones. In this work, we demonstrate how to solve key challenges to perform the most powerful cross-core cache attacks Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush on non-rooted ARM-based devices without any privileges. Based on our...
Subjects
ACM Computing Classification System: Hardware_MEMORYSTRUCTURES
free text keywords: Computer Science - Cryptography and Security
Related Organizations
Funded by
EC| HECTOR
Project
HECTOR
HARDWARE ENABLED CRYPTO AND RANDOMNESS
  • Funder: European Commission (EC)
  • Project Code: 644052
  • Funding stream: H2020 | RIA
,
EC| MATTHEW
Project
MATTHEW
Multi-entity-security using active Transmission Technology for improved Handling of Exportable security credentials Without privacy restrictions
  • Funder: European Commission (EC)
  • Project Code: 610436
  • Funding stream: FP7 | SP1 | ICT
Download fromView all 5 versions
ZENODO
Conference object . 2016
Provider: ZENODO
Zenodo
Other literature type . 2016
Provider: Datacite
62 references, page 1 of 5

[1] Armageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, Aug. 2016), USENIX Association.

[2] ANDROID OPEN SOURCE PROJECT. Configuring ART. https://source.android.com/devices/tech/dalvik/ configure.html, Nov. 2015. Retrieved on November 10, 2015.

[3] APPTORNADO. AppBrain - Android library statistics - Spongy Castle - Bouncy Castle for Android. http://www.appbrain. com/stats/libraries/details/spongycastle/spongycastle-bouncy-castle-for-android, June 2016. Retrieved on June 6, 2016.

[4] ARM LIMITED. ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition. ARM Limited, 2012.

[5] ARM LIMITED. ARM Architecture Reference Manual ARMv8. ARM Limited, 2013.

[6] ARM LIMITED. ARM Cortex-A57 MPCore Processor Technical Reference Manual r1p0. ARM Limited, 2013.

[7] ARM LIMITED. ARM Cortex-A53 MPCore Processor Technical Reference Manual r0p3. ARM Limited, 2014.

[8] AVIV, A. J., SAPP, B., BLAZE, M., AND SMITH, J. M. Practicality of Accelerometer Side Channels on Smartphones. In Annual Computer Security Applications Conference - ACSAC (2012), ACM, pp. 41-50.

[9] BENGER, N., VAN DE POL, J., SMART, N. P., AND YAROM, Y. ”Ooh Aah... Just a Little Bit” : A Small Amount of Side Channel Can Go a Long Way. In Cryptographic Hardware and Embedded Systems - CHES (2014), vol. 8731 of LNCS, Springer, pp. 75-92.

[10] BERNSTEIN, D. J. Cache-Timing Attacks on AES, 2004. URL: http://cr.yp.to/papers.html#cachetiming.

[11] BOGDANOV, A., EISENBARTH, T., PAAR, C., AND WIENECKE, M. Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs. In Topics in Cryptology - CTRSA (2010), vol. 5985 of LNCS, Springer, pp. 235-251.

[12] CAI, L., AND CHEN, H. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In USENIX Workshop on Hot Topics in Security - HotSec (2011), USENIX Association.

[13] CAI, L., AND CHEN, H. On the Practicality of Motion Based Keystroke Inference Attack. In Trust and Trustworthy Computing - TRUST (2012), vol. 7344 of LNCS, Springer, pp. 273-290.

[14] GALLAIS, J., KIZHVATOV, I., AND TUNSTALL, M. Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations. In Workshop on Information Security Applications - WISA (2010), vol. 6513 of LNCS, Springer, pp. 243-257.

[15] GALLAIS, J.-F., AND KIZHVATOV, I. Error-Tolerance in TraceDriven Cache Collision Attacks. In COSADE (2011), pp. 222- 232.

62 references, page 1 of 5
Abstract
In the last 10 years, cache attacks on Intel x86 CPUs have gained increasing attention among the scientific community and powerful techniques to exploit cache side channels have been developed. However, modern smartphones use one or more multi-core ARM CPUs that have a different cache organization and instruction set than Intel x86 CPUs. So far, no cross-core cache attacks have been demonstrated on non-rooted Android smartphones. In this work, we demonstrate how to solve key challenges to perform the most powerful cross-core cache attacks Prime+Probe, Flush+Reload, Evict+Reload, and Flush+Flush on non-rooted ARM-based devices without any privileges. Based on our...
Subjects
ACM Computing Classification System: Hardware_MEMORYSTRUCTURES
free text keywords: Computer Science - Cryptography and Security
Related Organizations
Funded by
EC| HECTOR
Project
HECTOR
HARDWARE ENABLED CRYPTO AND RANDOMNESS
  • Funder: European Commission (EC)
  • Project Code: 644052
  • Funding stream: H2020 | RIA
,
EC| MATTHEW
Project
MATTHEW
Multi-entity-security using active Transmission Technology for improved Handling of Exportable security credentials Without privacy restrictions
  • Funder: European Commission (EC)
  • Project Code: 610436
  • Funding stream: FP7 | SP1 | ICT
Download fromView all 5 versions
ZENODO
Conference object . 2016
Provider: ZENODO
Zenodo
Other literature type . 2016
Provider: Datacite
62 references, page 1 of 5

[1] Armageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, Aug. 2016), USENIX Association.

[2] ANDROID OPEN SOURCE PROJECT. Configuring ART. https://source.android.com/devices/tech/dalvik/ configure.html, Nov. 2015. Retrieved on November 10, 2015.

[3] APPTORNADO. AppBrain - Android library statistics - Spongy Castle - Bouncy Castle for Android. http://www.appbrain. com/stats/libraries/details/spongycastle/spongycastle-bouncy-castle-for-android, June 2016. Retrieved on June 6, 2016.

[4] ARM LIMITED. ARM Architecture Reference Manual. ARMv7-A and ARMv7-R edition. ARM Limited, 2012.

[5] ARM LIMITED. ARM Architecture Reference Manual ARMv8. ARM Limited, 2013.

[6] ARM LIMITED. ARM Cortex-A57 MPCore Processor Technical Reference Manual r1p0. ARM Limited, 2013.

[7] ARM LIMITED. ARM Cortex-A53 MPCore Processor Technical Reference Manual r0p3. ARM Limited, 2014.

[8] AVIV, A. J., SAPP, B., BLAZE, M., AND SMITH, J. M. Practicality of Accelerometer Side Channels on Smartphones. In Annual Computer Security Applications Conference - ACSAC (2012), ACM, pp. 41-50.

[9] BENGER, N., VAN DE POL, J., SMART, N. P., AND YAROM, Y. ”Ooh Aah... Just a Little Bit” : A Small Amount of Side Channel Can Go a Long Way. In Cryptographic Hardware and Embedded Systems - CHES (2014), vol. 8731 of LNCS, Springer, pp. 75-92.

[10] BERNSTEIN, D. J. Cache-Timing Attacks on AES, 2004. URL: http://cr.yp.to/papers.html#cachetiming.

[11] BOGDANOV, A., EISENBARTH, T., PAAR, C., AND WIENECKE, M. Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs. In Topics in Cryptology - CTRSA (2010), vol. 5985 of LNCS, Springer, pp. 235-251.

[12] CAI, L., AND CHEN, H. TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion. In USENIX Workshop on Hot Topics in Security - HotSec (2011), USENIX Association.

[13] CAI, L., AND CHEN, H. On the Practicality of Motion Based Keystroke Inference Attack. In Trust and Trustworthy Computing - TRUST (2012), vol. 7344 of LNCS, Springer, pp. 273-290.

[14] GALLAIS, J., KIZHVATOV, I., AND TUNSTALL, M. Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations. In Workshop on Information Security Applications - WISA (2010), vol. 6513 of LNCS, Springer, pp. 243-257.

[15] GALLAIS, J.-F., AND KIZHVATOV, I. Error-Tolerance in TraceDriven Cache Collision Attacks. In COSADE (2011), pp. 222- 232.

62 references, page 1 of 5
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue
publication . Conference object . Preprint . Other literature type . 2016

ARMageddon: Cache Attacks on Mobile Devices

Daniel Gruss;