Cache Attacks and Rowhammer on ARM

Research output: ThesisMaster's ThesisResearch

Abstract

In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.
Original languageEnglish
Supervisors/Advisors
  • Gruß, Daniel, Supervisor
Publication statusPublished - 2016

Fingerprint

Mobile devices
Personal computing

Keywords

  • side-channel attacks
  • cache attacks
  • rowhammer
  • mobile platforms
  • arm
  • prime+probe
  • flush+reload
  • evict+reload
  • flush+flush
  • Cross-CPU attack

Cite this

Cache Attacks and Rowhammer on ARM. / Lipp, Moritz.

2016. 105 p.

Research output: ThesisMaster's ThesisResearch

@phdthesis{210e95ddcf0043acb1fa9c00d8525848,
title = "Cache Attacks and Rowhammer on ARM",
abstract = "In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.",
keywords = "side-channel attacks, cache attacks, rowhammer, mobile platforms, arm, prime+probe, flush+reload, evict+reload, flush+flush, Cross-CPU attack",
author = "Moritz Lipp",
year = "2016",
language = "English",

}

TY - THES

T1 - Cache Attacks and Rowhammer on ARM

AU - Lipp, Moritz

PY - 2016

Y1 - 2016

N2 - In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.

AB - In the last years, mobile devices have become the most important personal computing platforms and, thus, it is especially important to protect sensitive information that is stored and processed on these devices. In this thesis, we discuss the applicability of cache attacks and the rowhammer bug on mobile devices. As these attacks have been considered infeasible on ARM-based devices, we demonstrate how to solve key challenges to mount the most powerful cache attacks Prime+Probe, Flush+Reload, Evict+Reload and Flush+Flush and how to induce bit flips. We show the power of these attacks by implementing a high-performance covert-channel, spying on user input and attacking cryptographic algorithms. Finally, we discuss possible countermeasures.

KW - side-channel attacks

KW - cache attacks

KW - rowhammer

KW - mobile platforms

KW - arm

KW - prime+probe

KW - flush+reload

KW - evict+reload

KW - flush+flush

KW - Cross-CPU attack

M3 - Master's Thesis

ER -