At the USENIX Security Symposium in August 2024, researchers from the University of Illinois at Urbana-Champaign, University of Texas at Austin, Georgia Institute of Technology, University of California, Berkeley, University of Washington, and Carnegie Mellon University presented a technical paper titled “GoFetch: Breaking Constant-Time Cryptographic Implementations Using a Data Memory-Dependent Prefetcher.”
Abstract:
“Microarchitectural side-channel attacks have shaken the foundations of modern processor design. A fundamental defense against these attacks is to ensure that security-critical programs do not use secret-dependent data as addresses – simply put, by not passing a secret as an address to a data memory instruction, for example. However, the discovery of Data Memory Dependent Prefetchers (DMPs), which translate program data into addresses directly from within the memory system, has called into question whether this approach will remain secure in the future.
In this paper, we show that the security threat posed by DMPs is significantly more severe than previously thought, and demonstrate the first end-to-end attack against security-critical software using an Apple m-series DMP. Underlying our attack is a new understanding of how DMPs work, which shows that the Apple DMP will activate on behalf of any victim program and attempt to “leak” pointer-like cache data. From this understanding, we design a new type of chosen-input attack that uses DMPs to perform end-to-end key extraction on popular traditional constant-time implementations (OpenSSL Diffie-Hellman key exchange, Go RSA decryption) and post-quantum cryptography (CRYSTALS-Kyber and CRYSTALS-Dilithium).
The technical paper can be found here and will be published in August 2024.
Chen, Boru, Yingchen Wang, Pradyumna Shome, Christopher W. Fletcher, David Kohlbrenner, Riccardo Paccagnella, and Daniel Genkin. “GoFetch: Breaking Constant-Time Encryption Implementations with a Data Memory-Dependent Prefetcher.” Proc. USENIX Secur. Symp, pp. 1-21, 2024.
Show more
Chip security depends on an expanded supply chain
How greater hardware/software integration and increasing government involvement are changing the security landscape for chips and systems.
