Detecting time-fragmented cache attacks against AES using Performance Monitoring Counters
This addresses security vulnerabilities in cloud infrastructures by enabling targeted countermeasures without constant performance loss, though it is incremental as it builds on existing PMC-based detection methods.
The paper tackled the problem of detecting time-fragmented cache timing attacks against AES encryption in cloud environments by using Performance Monitoring Counters (PMCs) in a monitoring process, and found that sampling PMCs at lower frequencies improves detection capabilities compared to higher frequencies.
Cache timing attacks use shared caches in multi-core processors as side channels to extract information from victim processes. These attacks are particularly dangerous in cloud infrastructures, in which the deployed countermeasures cause collateral effects in terms of performance loss and increase in energy consumption. We propose to monitor the victim process using an independent monitoring (detector) process, that continuously measures selected Performance Monitoring Counters (PMC) to detect the presence of an attack. Ad-hoc countermeasures can be applied only when such a risky situation arises. In our case, the victim process is the AES encryption algorithm and the attack is performed by means of random encryption requests. We demonstrate that PMCs are a feasible tool to detect the attack and that sampling PMCs at high frequencies is worse than sampling at lower frequencies in terms of detection capabilities, particularly when the attack is fragmented in time to try to be hidden from detection.