Worcester Polytechnic Institute

Cache Attacks: How They Work and What to do About Them

Thursday, Dec. 12 at 4 pm in AK-219:
Presenter: Prof. Erkay Savas (Sabanci University)

Abstract:
Cache attacks are shown to be effective side-channel attacks that use cache access patterns of a cryptographic algorithm during execution. The cryptographic algorithms using lookup table approach for acceleration are especially vulnerable to cache attacks. Depending on the available information that we can gather about cache activity during cryptographic operations, we can classify cache attacks into three major groups: access-based, trace-based and timing based. All the attack types, which are successfully demonstrated in each category in the literature, rely on a spy process that runs concurrently to the cryptographic process and creates collisions in the cache memory. A fourth type of attack which does not rely on a spy process, exploits naturally occurring collisions in the cache and can be applied remotely. In this talk, we will give an overview of all types of cache attacks and explain how they work and to what extent they will be a threat. We also discuss several countermeasures that can be deployed against the cache attacks. We will discuss a lightweight technique to locate a spy process on which many attacks seem to be relying for generating cache collisions with cryptographic process. We also discuss a technique to find the cause(s) of naturally occurring cache collisions which are exploited in certain types of attacks.

Bio:
Erkay Savaş received the BS (1990) and MS (1994) degrees in electrical engineering from the Electronics and Communications Engineering Department at Istanbul Technical University. He completed the Ph.D. degree in the Department of Electrical and Computer Engineering (ECE) at Oregon State University in June 2000. He had worked for various companies and research institutions before he joined Sabanci University as an assistant professor in 2002. He is the director of the Cryptography and Information Security Group (CISec) of Sabanci University. His research interests include cryptography, data and communication security, privacy in biometrics, trusted computing, security and privacy in data mining applications, embedded systems security, and distributed systems. He is a member of IEEE, ACM, the IEEE Computer Society, and the International Association of Cryptologic Research (IACR).

Applied Cryptology Seminar
The seminar features presentations of hot topics within the
interdisciplinary field of cyber-security.
All are welcome!
For current information on the seminar, please visit:
http://v.wpi.edu/seminars/