![]() Now, humans have distinct typing patterns. As a result, every time a victim you type a character inside an encrypted SSH session on your console, NetCAT can leak the timing of the event by leaking the arrival time of the corresponding network packet. Why is this useful? In an interactive SSH session, every time you press a key, network packets are being directly transmitted. More precisely, with NetCAT, we can leak the arrival time of the individual network packets from a SSH session using a remote cache side channel. The attacker machine does this by solely sending network packets to the remote server. We show that NetCAT can break confidentiality of a SSH session from a third machine without any malicious software running on the remote server or client. Based on our analysis, we present NetCAT, the first network-based cache attack on the processor’s last-level cache of a remote machine. In this project, we present the first security analysis of DDIO. Additionally, the available write allocation cache lines for direct cache access in orange versus the others in green. The figure below illustrates the difference between direct cache access (orange) and direct memory access (blue). ![]() The DDIO cache region is not dedicated or reserved in the cache, but allocating writes are statically limited to a portion of the cache to avoid thrashing caused by I/O bursts or unconsumed data streams. To alleviate the bottleneck, Intel introduced DDIO, an architecture where peripherals can operate direct cache access on the CPU’s (last-level) cache. In traditional architectures, where the network card uses direct memory access (DMA) to talk to the operating system, the memory latency alone quickly becomes the bottleneck on fast (e.g., 10Gb/s) networks. DDIO was specifically introduced to improve the performance of server applications in fast networks. Instead of reading/writing from/to slow memory, DDIO allows peripherals to read/write from/to the fast (last-level) cache. ![]() What is DDIO?ĭata-Direct I/O (DDIO) is a performance-enhancing technology on recent Intel server-grade processors. To the best of our knowledge, this is the first time a major hardware vendor like Intel cautions against using a CPU feature in untrusted local networks. This essentially means that in untrusted network environments DDIO and/or RDMA should be disabled to provide security. Intel agrees this is a significant vulnerability, having awarded NetCAT a bounty and recommending users to “ limit direct access from untrusted networks when DDIO & RDMA are enabled“. Originally, intended as a performance optimization in fast networks, we show DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks. The root cause of the vulnerability is a recent Intel feature called DDIO, which grants network devices and other peripherals access to the CPU cache. ![]() ![]() With NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). NetCAT shows that network-based cache side-channel attacks are a realistic threat. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |