{rfName}
Ai

Indexed in

License and use

Citations

15

Altmetrics

Grant support

This research was supported by DFG (Projects 427774779 and 439797619) and by the Spanish MINECO under grant PID2019110866RB-I00.

Analysis of institutional authors

Briongos, SCorresponding AuthorMalagon, PAuthorMoya, JmAuthor

Share

Publications
>
Proceedings Paper

Aim, Wait, Shoot: How the CACHESNIPER Technique Improves Unprivileged Cache Attacks

Publicated to:2021 Ieee European Symposium On Security And Privacy (Euros&p 2021). 683-700 - 2021-01-01 (), DOI: 10.1109/EuroSP51992.2021.00051

Authors: Briongos, Samira; Bruhns, Ida; Malagon, Pedro; Eisenbarth, Thomas; Moya, Jose M

Affiliations

Abstract

Microarchitectural side channel attacks have been very prominent in security research over the last few years. Caches proved to be an outstanding side channel, as they provide high resolution and generic cross-core leakage. All major cryptographic libraries provide countermeasures to hinder key extraction via cross-core cache attacks by now. In this paper, we analyze implementations protected by prefetch-based countermeasures aimed at preventing well-known cache attacks, and highlight the circumstances causing them to remain vulnerable. Further, we craft a novel attack technique that precisely synchronizes the attacking and the victim processes, enabling the attacking process to evict the target data from the cache at the desired instants. One key improvement of our approach is that it provides unprivileged attackers with a method to remove specific data from the cache with a single memory access and in absence of shared memory by leveraging the transient capabilities of TSX and relying on the L3 replacement policy. We show the feasibility of our approach by extracting an RSA key from the latest wolfSSL library and an AES key from the T-Table and S-Box implementations included in OpenSSL with CACHESNIPER. Both libraries implement prefetch-based methods as a protection against cache attacks.

Keywords

Cache attackCache memoryCryptographicsCryptographyHardware transactional memoryHigh resolutionLibrariesMemory accessMemory architectureMicro architecturesMicroarchitecturePrefetchesSecurity researchSide channel attackSide channel attacksSide-channelSide-channel attacksTiming-attack

Quality index

Bibliometric impact. Analysis of the contribution and dissemination channel

Independientemente del impacto esperado determinado por el canal de difusión, es importante destacar el impacto real observado de la propia aportación.

Según las diferentes agencias de indexación, el número de citas acumuladas por esta publicación hasta la fecha 2025-06-03:

  • Google Scholar: 7
  • WoS: 2
  • Scopus: 6
  • OpenCitations: 2

Impact and social visibility

From the perspective of influence or social adoption, and based on metrics associated with mentions and interactions provided by agencies specializing in calculating the so-called "Alternative or Social Metrics," we can highlight as of 2025-06-03:

  • The use of this contribution in bookmarks, code forks, additions to favorite lists for recurrent reading, as well as general views, indicates that someone is using the publication as a basis for their current work. This may be a notable indicator of future more formal and academic citations. This claim is supported by the result of the "Capture" indicator, which yields a total of: 1 (PlumX).

Leadership analysis of institutional authors

This work has been carried out with international collaboration, specifically with researchers from: Germany; United States of America.

There is a significant leadership presence as some of the institution’s authors appear as the first or last signer, detailed as follows: First Author (BRIONGOS HERRERO, SAMIRA) and Last Author (MOYA FERNANDEZ, JOSE MANUEL).

the author responsible for correspondence tasks has been BRIONGOS HERRERO, SAMIRA.