Abstract
Abstract Flush+Reload is a powerful access-driven cache attack in which the attacker leverages a security weakness in the X86 processor architecture to extract the private data of the victim. This attack can be mounted in a cross-core setting, where the memory deduplication is enabled and several users are sharing the same physical machine. In this paper, for the first time, we demonstrate that SEED implementation of OpenSSL 1.1.0 running inside the victim VM is vulnerable against the Flush+Reload attacks and the attacker can recover the keys of this encryption. SEED is a standard encryption algorithm that was developed by the Korea Information Security Agency (KISA) and has been used for confidential services in the Republic of Korea. Our work demonstrates that the attacker can retrieve the secret keys of SEED in 3 min in the native setup and 4 min in the cross-VM setup by performing the Flush+Reload technique. Our experimental results show that common implementation of this standard cipher is vulnerable to Flush+Reload attack in both native and cross-VM settings. To the best of our knowledge, this paper presents the first cache-based attack on a SEED block cipher.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
