Just recently pure software-based side-channel attacks against PC platforms raised lots of interests. This is due to the fact that these pure software-based side-channels could potentially undermine the ongoing trust and security efforts around the PC platform, cf. [25]. Fortunately, several follow-up works showed that these novel side-channel attacks --to a certain degree-- were relying on some very tricky Operating System or crypto software subtleties, but not on very unique CPU properties, cf. [13]. And indeed, some software countermeasures were sufficient to close those new and unforeseen information leakages in most incident cases. However, the present paper presents a new aspect within that PC oriented side-channel attack arena. Specifically, we present a novel square vs. multiplication oriented side-channel attack which is very unique to certain Simultaneous Multi Threading CPU architectures and it seems that it cannot be carried out on CPU architectures without SMT hardware assistance. The simple reason for this uniqueness of our novel attack is the fact that it doesn''t rest -- as all other previous MicroArchitectural side-channel attacks -- upon a shared resource with the persistent state property between context/process switches, for e.g., caches, BTBs, etc. Instead, it is based upon the fact that Intel''s Hyper- Threading technology shares the ALU''s large parallel integer (floating-point) multiplier between its two hardware threads, where it is noteworthy that the multiplier obviously doesn''t preserve its state during context switches. As the latest OpenSSL changes, i.e., protections against side-channels attacks are already in place, cf. [7, 8, 4], our paper doesn''t introduce a new vulnerability into the OpenSSL library at all. Nevertheless, our attack has the following unintuitive property. Longer key sizes just make our attack scenario easier and not more difficult as one could assume at first sight. Thus, the present paper teaches that the sole pr-esence of particular Multi Threading implementations requires a very deep understanding of the interplay between the underlying hardware and software, in order to appropriately judge the implied security consequences.
展开▼
