Cache timing attacks on recent microarchitectures

Alexandres Andreou, Andrey Bogdanov, Elmar Wolfgang Tischhauser

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review


Cache timing attacks have been known for a long time, however since the rise of cloud computing and shared hardware resources, such attacks found new potentially devastating applications. One prominent example is S$A (presented by Irazoqui et al at S&P 2015) which is a cache timing attack against AES or similar algorithms in virtualized environments. This paper applies variants of this cache timing attack to Intel's latest generation of microprocessors. It enables a spy-process to recover cryptographic keys, interacting with the victim processes only over TCP. The threat model is a logically separated but CPU co-located attacker with root privileges. We report successful and practically verified applications of this attack against a wide range of microarchitectures, from a two-core Nehalem processor (i5-650) to two-core Haswell (i7-4600M) and four-core Skylake processors (i7-6700). The attack results in full key recovery. Compared to earlier processor generations, the attacks are more involved, but still of practical complexity, requiring between 219 and 221 encryptions. For the last two processors, the cache slice selection algorithm (CSSA) was not known before and had to be reverse engineered as part of this work. This is the first time CSSAs for the Skylake architecture are reported. Our attacks demonstrate that cryptographic applications in cloud computing environments using key-dependent tables for acceleration are still vulnerable even on recent architectures, including Skylake. Our reverse engineering of the CSSAs of these processors will also be beneficial for developers in many other contexts, for instance for implementing page colouring in modern operating systems.
Original languageEnglish
Title of host publicationProceedings of 2017 IEEE International Symposium on Hardware Oriented Security and Trust
Publication date2017
ISBN (Print)9781538639290
Publication statusPublished - 2017
Event2017 IEEE International Symposium on Hardware Oriented Security and Trust - The Ritz-Carlton, McLean, United States
Duration: 1 May 20175 May 2017


Conference2017 IEEE International Symposium on Hardware Oriented Security and Trust
LocationThe Ritz-Carlton
CountryUnited States
Series2017 Ieee International Symposium on Hardware Oriented Security and Trust (host)


  • Timing
  • Cryptography
  • Microarchitecture
  • Cloud computing
  • Computer architecture
  • Hardware
  • Microprocessors

Fingerprint Dive into the research topics of 'Cache timing attacks on recent microarchitectures'. Together they form a unique fingerprint.

Cite this