Earthquake ‐ A NoC‐based Optimized Differential Cache‐Collision Attack for MPSoCs

Cezar Reinbrecht1,a, Bruno Forlin1, Andreas Zankl2 and Johanna Sepúlveda3
1Instituto de Informática ‐ PPGC ‐ UFRGS Porto Alegre, Brazil
acezar.reinbrecht@inf.ufrgs.br
2Fraunhofer AISEC Munich, Germany
andreas.zankl@aisec.fraunhofer.de
3Technical University of Munich, Munich, Germany
johanna.sepulveda@tum.de

ABSTRACT


Multi‐Processor Systems‐on‐Chips (MPSoCs) are a platform for a wide variety of applications and use‐cases. The high on‐chip connectivity, the programming flexibility, and the reuse of IPs, however, also introduce security concerns. Problems arise when applications with different trust and protection levels share resources of the MPSoC, such as processing units, cache memories and the Network‐on‐Chip (NoC) communication structure. If a program gets compromised, an adversary can observe the use of these resources and infer (potentially secret) information from other applications. In this work, we explore the cache‐based attack by Bogdanov et al., which infers the cache activity of a target program through timing measurements and exploits collisions that occur when the same cache location is accessed for different program inputs. We implement this differential cache‐collision attack on the MPSoC Glass and introduce an optimized variant of it, the Earthquake Attack, which leverages the NoC‐based communication to increase attack efficiency. Our results show that Earthquake performs well under different cache line and MPSoC configurations, illustrating that cache-collision attacks are considerable threats on MPSoCs.

Keywords: Network‐on‐Chip, Security NoC, Timing Attack, Timing Side‐channel Attack.



Full Text (PDF)