Efficient and Generic Microarchitectural Hash-Function Recovery

(2024) Efficient and Generic Microarchitectural Hash-Function Recovery.

Text hash_recovery_sp24.pdf - Published Version Download (346kB)

Abstract

Modern CPUs use a variety of undocumented microarchitectural hash functions to efficiently distribute data within microarchitectural structures such as caches. A well-known function is the cache slice function that distributes cache lines to the slices of the last-level cache. Knowing these functions improves microarchitectural attacks, such as Prime+Probe or Rowhammer, drastically. However, while several such linear functions have been reverse-engineered, there is no generic or automated approach for reverse-engineering non-linear functions, which have become common with modern CPUs. In this paper, we introduce a novel generic approach for automatically reverse-engineering a wide range of microarchitectural hash functions. Our approach combines techniques initially used for logic-gate minimization and from computer algebra to infer the hash functions based on input-output pairs observed via side channels. With our framework, we infer 3 previously-unknown non-linear hash functions on both AMD and Intel CPUs, including the new Alder Lake hybrid-CPU architecture. We verify our approach by reproducing known hash functions and evaluating side-channel attacks that rely on these functions, resulting in success rates above 97.65%. We stress the need to design such functions with both performance and security in mind and discuss alternative designs that can be used in future CPUs.

Item Type:	Conference or Workshop Item (A Paper) (Paper)
Divisions:	Michael Schwarz (MS)
Conference:	SP IEEE Symposium on Security and Privacy
Depositing User:	Michael Schwarz
Date Deposited:	14 Jul 2023 10:02
Last Modified:	21 Aug 2023 07:18
Primary Research Area:	NRA3: Threat Detection and Defenses
URI:	https://publications.cispa.saarland/id/eprint/3983

Actions

Actions (login required)

View Item