Cache timing attack

Last updated November 21, 2023

Cache timing attacks also known as Cache attacks are a type of side-channel attack that allows attackers to gain information about a system purely by tracking cache access made by the victim system in a shared environment.^[1]^[2]^[3]^[4]^[5]

Related Research Articles

The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronics engineering, electrical engineering, and other related disciplines with its corporate office in New York City and its operations center in Piscataway, New Jersey. The IEEE was formed from the amalgamation of the American Institute of Electrical Engineers and the Institute of Radio Engineers in 1963.

In computer security, a side-channel attack is any attack based on extra information that can be gathered because of the fundamental way a computer protocol or algorithm is implemented, rather than flaws in the design of the protocol or algorithm itself or minor, but potentially devastating, mistakes or oversights in the implementation. Timing information, power consumption, electromagnetic leaks, and sound are examples of extra information which could be exploited to facilitate side-channel attacks.

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

ISO/IEC/IEEE 42010Systems and software engineering — Architecture description is an international standard for architecture descriptions of systems and software.

IEEE Xplore digital library is a research database for discovery and access to journal articles, conference proceedings, technical standards, and related materials on computer science, electrical engineering and electronics, and allied fields. It contains material published mainly by the Institute of Electrical and Electronics Engineers (IEEE) and other partner publishers. IEEE Xplore provides web access to more than 5 million documents from publications in computer science, electrical engineering, electronics and allied fields. Its documents and other materials comprise more than 300 peer-reviewed journals, more than 1,900 global conferences, more than 11,000 technical standards, almost 5,000 ebooks, and over 500 online courses. Approximately 20,000 new documents are added each month. Anyone can search IEEE Xplore and find bibliographic records and abstracts for its contents, while access to full-text documents may require an individual or institutional subscription.

An algorithmic complexity attack (ACA) is a form of attack in which an attacker sends a pattern of requests to a computer system that triggers the worst-case performance of the algorithms it uses. In turn, this may exhaust the resources the system uses. Examples of such attacks include ReDOS, zip bombs and exponential entity expansion attacks.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

ArpON is a computer software project to improve network security. It has attracted interest among network managers and academic researchers and is frequently cited as a means of protecting against ARP-based attacks.

Financial signal processing is a branch of signal processing technologies which applies to signals within financial markets. They are often used by quantitative analysts to make best estimation of the movement of financial markets, such as stock prices, options prices, or other types of derivatives.

Ellen Witte Zegura is an American computer scientist who works as a professor in the School of Computer Science at the Georgia Institute of Technology College of Computing, and was the founding chair of the school from 2007 to 2012. Her research concerns a combination of computer network research and computing for social good.

The IEEE Journal of Solid-State Circuits is a monthly peer-reviewed scientific journal on new developments and research in solid-state circuits, published by the Institute of Electrical and Electronics Engineers (IEEE) in New York City. The journal serves as a companion venue for expanding on work presented at the International Solid-State Circuits Conference, the Symposia on VLSI Technology and Circuits, and the Custom Integrated Circuits Conference. The journal has an impact factor of 6.12 and is edited by Dennis Sylvester.

<span class="mw-page-title-main">Hussein Zedan</span>

Hussein S. M. Zedan was a computer scientist of Egyptian descent, mainly based in the United Kingdom.

Lawrence Pileggi is the Coraluppi Head and Tanoto Professor of Electrical and Computer Engineering at Carnegie Mellon University. He is a specialist in the automation of integrated circuits, and developing software tools for the optimization of power grids. Pileggi's research has been cited thousands of times in engineering papers.

Trevor Mudge is a computer scientist, academic and researcher. He is the Bredt Family Chair of Computer Science and Engineering, and Professor of Electrical Engineering and Computer Science at the University of Michigan.

Anat Bremler-Barr, is an Israeli computer scientist. She is a professor at Tel Aviv University who is known for her contributions in network security, specifically in Denial of Service attacks and scalable protection of Internet of Things (IoT) devices.

Luca P. Carloni is a professor and chair of the Department of Computer Science at Columbia University in the City of New York.. He has been on the faculty at Columbia since 2004. He is an international expert on electronic computer-aided design.

George N. Rouskas is a computer scientist, academic, and author. He is an Alumni Distinguished Graduate Professor and Director of Graduate Programs in the Department of Computer Science at North Carolina State University.

Cross-site leaks, also known as XS-Leaks, are a class of web security vulnerabilities. This class of vulnerabilities allow an attacker to gain access to sensitive information about a user's interactions with other websites. This is done by leveraging long-standing information leakage issues inherent to the design of the web platform, such as the use of CSS attributes or timing information related to the HTTP Cache to reveal a user's previous browsing habits.

History sniffing is a class of web vulnerabilities and attacks that allow a website to track a user's web browsing history activities by recording which websites a user has visited and which the user has not. This is done by leveraging long-standing information leakage issues inherent to the design of the web platform, one of the most well known of which includes detecting CSS attributes changes in links that have already been visited by the user.

References

↑ "DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors | IEEE Conference Publication | IEEE Xplore". ieeexplore.ieee.org. Retrieved 2023-11-17.
↑ Van Goethem, Tom; Joosen, Wouter; Nikiforakis, Nick (2015-10-12). "The Clock is Still Ticking: Timing Attacks in the Modern Web". Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15. New York, NY, USA: Association for Computing Machinery: 1382–1393. doi:10.1145/2810103.2813632. ISBN 978-1-4503-3832-5.
↑ "Scriptless Timing Attacks on Web Browser Privacy | IEEE Conference Publication | IEEE Xplore". ieeexplore.ieee.org. Retrieved 2023-11-17.
↑ Bonneau, Joseph; Mironov, Ilya (2006). Goubin, Louis; Matsui, Mitsuru (eds.). "Cache-Collision Timing Attacks Against AES". Cryptographic Hardware and Embedded Systems - CHES 2006. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer: 201–215. doi: 10.1007/11894063_16 . ISBN 978-3-540-46561-4.
↑ "NetCAT: Practical Cache Attacks from the Network | IEEE Conference Publication | IEEE Xplore". ieeexplore.ieee.org. Retrieved 2023-11-17.

This computer security article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors | IEEE Conference Publication | IEEE Xplore". ieeexplore.ieee.org. Retrieved 2023-11-17.

[2] Van Goethem, Tom; Joosen, Wouter; Nikiforakis, Nick (2015-10-12). "The Clock is Still Ticking: Timing Attacks in the Modern Web". Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15. New York, NY, USA: Association for Computing Machinery: 1382–1393. doi:10.1145/2810103.2813632. ISBN 978-1-4503-3832-5.

[3] "Scriptless Timing Attacks on Web Browser Privacy | IEEE Conference Publication | IEEE Xplore". ieeexplore.ieee.org. Retrieved 2023-11-17.

[4] Bonneau, Joseph; Mironov, Ilya (2006). Goubin, Louis; Matsui, Mitsuru (eds.). "Cache-Collision Timing Attacks Against AES". Cryptographic Hardware and Embedded Systems - CHES 2006. Lecture Notes in Computer Science. Berlin, Heidelberg: Springer: 201–215. doi: 10.1007/11894063_16 . ISBN 978-3-540-46561-4.

[5] "NetCAT: Practical Cache Attacks from the Network | IEEE Conference Publication | IEEE Xplore". ieeexplore.ieee.org. Retrieved 2023-11-17.

[1]

[2]

[3]

[4]

[5]