logo
allArticlesConferencesPresentations

TLBleed: When Protecting Your CPU Caches is Not Enough

Conference:  BlackHat USA 2018

2018-08-09

Summary

The presentation discusses the concept of side-channel attacks in computing systems and how shared resources can lead to the leakage of secret information. The speaker provides an example of a cache attack called flush and reload.
  • Shared resources in computing systems can lead to side-channel attacks and the leakage of secret information
  • Examples of shared resources include RAM chips and CPU caches
  • Cache attacks like flush and reload can be used to observe the access patterns of other processes and potentially leak secret information
The speaker provides an example of a cache attack called flush and reload, which takes advantage of the fact that multiple processes may be sharing the same physical memory. By flushing a piece of memory out of the cache and then accessing it again, an attacker can observe whether another process has used that memory in the meantime, potentially revealing secret information.

Abstract

We present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). TLBleed shows a reliable side channel without relying on the CPU data or instruction caches. This therefore bypasses several proposed CPU cache side-channel protections, such as page coloring, CAT, and TSX. Our TLBleed exploit successfully leaks a 256-bit EdDSA key from cryptographic signing code, which would be safe from cache attacks with cache isolation turned on, but would no longer be safe with TLBleed. We achieve a 98% success rate after just a single observation of signing operation on a co-resident hyperthread and just 17 seconds of analysis time. Further, we show how another exploit based on TLBleed can leak bits from a side-channel resistant RSA implementation. We use novel machine learning techniques to achieve this level of performance. These techniques will likely improve the quality of future side-channel attacks. This talk contains details about the architecture and complex behavior of modern, multilevel TLB's on several modern Intel microarchitectures that is undocumented, and will be publically presented for the first time.
Materials:
Slides
Paper
Tags:

Post a comment

Related work

LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage

Conference:  BlackHat EU 2020
Authors:
2020-12-09

AEPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

Conference:  Black Hat USA 2022
Authors:
2022-08-10

Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers

Conference:  BlackHat USA 2018
Authors:
2018-08-08

Trouble in the tubes: How internet routing security breaks down and how you can do it at home

Conference:  Defcon 26
Authors:
2018-08-01

Dragonblood: Attacking the Dragonfly Handshake of WPA3

Conference:  BlackHat USA 2019
Authors:
2019-08-07

Thermanator and the Thermal Residue Attack

Conference:  BlackHat EU 2018
Authors:
2018-12-06