IACR News item: 16 September 2022
Federico Canale, Tim Güneysu, Gregor Leander, Jan Thoma, Yosuke Todo, Rei Ueno
ePrint Report
Randomized cache architectures have proven to significantly
increase the complexity of contention-based cache side channel attacks
and therefore pre\-sent an important building block for side channel secure
microarchitectures. By
randomizing the address-to-cache-index mapping, attackers can
no longer trivially construct minimal eviction sets which are
fundamental for contention-based cache attacks. At the same time,
randomized caches maintain the flexibility of traditional caches,
making them broadly applicable across various CPU-types. This is
a major advantage over cache partitioning approaches.
A large variety of randomized cache architectures has been proposed. However, the actual randomization function received little attention and is often neglected in these proposals. Since the randomization operates directly on the critical path of the cache lookup, the function needs to have extremely low latency. At the same time, attackers must not be able to bypass the randomization which would nullify the security benefit of the randomized mapping. In this paper we propose \cipher (\underline{S}ecure \underline{CA}che \underline{R}andomization \underline{F}unction), the first dedicated cache randomization cipher which achieves low latency and is cryptographically secure in the cache attacker model. The design methodology for this dedicated cache cipher enters new territory in the field of block ciphers with a small 10-bit block length and heavy key-dependency in few rounds.
A large variety of randomized cache architectures has been proposed. However, the actual randomization function received little attention and is often neglected in these proposals. Since the randomization operates directly on the critical path of the cache lookup, the function needs to have extremely low latency. At the same time, attackers must not be able to bypass the randomization which would nullify the security benefit of the randomized mapping. In this paper we propose \cipher (\underline{S}ecure \underline{CA}che \underline{R}andomization \underline{F}unction), the first dedicated cache randomization cipher which achieves low latency and is cryptographically secure in the cache attacker model. The design methodology for this dedicated cache cipher enters new territory in the field of block ciphers with a small 10-bit block length and heavy key-dependency in few rounds.
Additional news items may be found on the IACR news page.