Prime+Probe Attack: Cache Side Channel Defence

TL;DR

The Prime+Probe attack exploits CPU caches to reveal secret data. This guide explains how it works and provides practical steps to mitigate the risk, focusing on code changes and system configurations.

What is a Prime+Probe Attack?

A Prime+Probe attack is a type of cache side-channel attack. It relies on the fact that accessing data in the CPU cache is faster than accessing it from main memory. An attacker can measure these timing differences to infer information about what data is being used by a victim process, even if they don’t have direct access to it.

How Does Prime+Probe Work?

1. Prime the Cache: The attacker fills the cache with known data.
2. Probe the Cache: The attacker then tries to access specific memory locations (potential secret data).
3. Measure Access Time: By measuring how long it takes to access these locations, the attacker can determine if they were already in the cache or had to be fetched from slower memory. This timing difference reveals information about which secrets are being used.

Mitigation Steps

Here’s a breakdown of how to defend against Prime+Probe attacks, categorised by approach.

1. Code Changes

1. Constant-Time Programming: The most effective defence is to write code that takes the same amount of time to execute regardless of the input data. This eliminates timing variations exploitable by cache side channels.
   • Avoid conditional branches based on secret data.
   • Use bitwise operations instead of comparisons where possible.
   • Ensure array indexing is independent of secrets.
2. Data Masking: Randomly mask sensitive data before using it in calculations or memory accesses. This makes it harder for the attacker to correlate cache timings with actual secret values.

   // Example (simplified) - masking a value
   int masked_value = secret_value ^ random_mask;
   

3. Cache-Oblivious Algorithms: Design algorithms that are less sensitive to cache behaviour. These algorithms focus on data locality and minimize unnecessary cache misses.

2. System Configuration

1. Disable Hyper-Threading (SMT): Simultaneous Multi-Threading (SMT) can make attacks easier by allowing the attacker to share a physical core with the victim process, increasing the likelihood of cache contention.
   • On Linux: sudo systemctl set-property processor.max_cstate=1 and reboot
   • In BIOS/UEFI settings: Disable SMT or Hyper-Threading.
2. Cache Partitioning (if available): Some processors support cache partitioning, which allows you to isolate caches for different processes.
3. Address Space Layout Randomization (ASLR): ASLR randomizes the memory addresses of key data structures, making it harder for attackers to predict where secrets are located. Ensure ASLR is enabled in your operating system.
   • Linux: Check /proc/sys/kernel/randomize_va_space (value should be 2)

3. Software Protections

1. Use Cryptographic Libraries with Side-Channel Protection: Many modern cryptographic libraries include built-in protections against cache side-channel attacks.
2. Regular Security Audits and Code Reviews: Identify potential vulnerabilities in your code that could be exploited by cache side channels.

Important Considerations

• Mitigating cache side channels can impact performance. Carefully evaluate the trade-offs between security and speed.
• The effectiveness of these mitigations depends on the specific processor architecture, operating system, and attack scenario.
• Stay up-to-date with the latest research on cache side-channel attacks and defenses.