Timed Speculative Attacks exploiting Store to Load Forwarding bypassing Cache-based Countermeasures
TimeWednesday, July 13th11:15am - 11:37am PDT
Location3006, Level 3
Event Type
Research Manuscript
Hardware Security: Attack and Defense
DescriptionWe propose Timed Speculative Attacks, a novel cacheless attack strategy, agnostic to the transient state changes in the cache, using only timing information. We utilize the speculative forwarding mechanism from store to load buffers and propose two attack strategies. First, Fill and Forward, utilizing correctly-speculated loads to create a contention-based covert-channel; second, Fill and Misdirect using mis-speculated loads by exposing the control flow of victim applications. As practical case studies, we demonstrate successful key-recovery attacks on OpenSSL AES and Romulus-N AEAD schemes using Fill and Misdirect approach. Finally, we show that our attack can subvert cache-oriented countermeasures for speculative attacks.