Randomization can be used to obscure or mask sensitive information in a dataset, making it difficult for unauthorized individuals to identify individuals or extract meaningful insights. This is especially important when it comes to sharing or releasing data for research or analysis while protecting individual privacy.
Every day, massive amounts of data pass through our computers and smartphones. To process this data, technical devices contain two essential units: a processor, which functions as a control center, and a RAM, which functions similarly to memory. Because memory is much slower than the processor at providing data, modern processors use a cache to act as a bridge between the two. This cache frequently contains private data that could be appealing to attackers.
In collaboration with researchers from Japan, a team of scientists from Bochum, Germany, has developed an innovative cipher that not only provides greater security than previous approaches, but is also more efficient and faster. Their work will be presented at the prestigious Usenix Security Symposium in Anaheim, California (USA).
The team includes Dr. Federico Canale and Professor Gregor Leander from the Chair of Symmetric Cryptography, Jan Philipp Thoma and Professor Tim Güneysu from the Chair of Security Engineering, all from Ruhr University Bochum, as well as Yosuke Todo from NTT Social Informatics Laboratories and Rei Ueno from Tohoku University (Japan).
A novel approach to computer security is the interdisciplinary approach of cryptography and hardware security considerations. While there have been previous ideas for randomized cache architectures, none have been very efficient or capable of withstanding strong attackers.
Tim Güneysu
Cache not well protected against side-channel attacks until now
CASA PI Professor Yuval Yarom, who has been at Ruhr University since April 2023, discovered years ago that the cache is vulnerable to a specific type of attack. Because they affected all popular microprocessors as well as cloud services, the serious Spectre and Meltdown vulnerabilities made headlines at the time. Caches are unobtrusive, but they perform an important function: they store frequently requested data. Its primary purpose is to reduce latency.
If the CPU had to fetch data from slower RAM every time it needed to access it, the system would slow down. This is why the CPU reads data from the cache. However, attackers can take advantage of this communication between the CPU and the cache. Their method: They overwrite the cache’s unsecured data. The system requests the data from main memory because it cannot find it in the cache. This process is measurably slower.
“In so-called timing side-channel attacks, attackers can measure the time differences and use them to observe memory accesses by other programs. Thus, they can steal private keys for encryption algorithms, for example,” explains Jan Philipp Thoma from the Chair of Security Engineering.
Innovative mathematical solution
While patches have been developed to address vulnerabilities for specific attacks, they have failed to provide demonstrable security. However, the team from Bochum and Japan has now devised a novel solution: “Our idea is to use mathematical processes to randomize the data in the cache,” explains Gregor Leander, whose research was recently awarded an ECR Advanced Grant. By preventing attackers from removing data from the CPU’s caches, randomization in the CPU’s caches can help prevent attacks.
“A novel approach to computer security is the interdisciplinary approach of cryptography and hardware security considerations.” While there have been previous ideas for randomized cache architectures, none have been very efficient or capable of withstanding strong attackers,” said Tim Güneysu, Chair of Security Engineering. According to the researchers, the new SCARF-model employs block cipher encryption, which is a completely novel concept in the field.
“Normally, we encrypt data with 128 bits; however, in the cache, we occasionally work with 10-bits. This is a complicated process because it takes much longer to combine this data with a large key,” Gregor Leander explained. Because a shorter encryption of such small amounts of data could be easily broken by attackers, the large key is required.
The aforementioned randomization usually takes a lot of time. This would limit the functionality of the cache. In contrast, SCARF uses block ciphers to operate faster than any previous solution. “SCARF can be used as a modular component in cache architectures and automatically ensures secure – i.e. unpredictable – randomization with simultaneously low latency, i.e. response time,” explains Jan Philipp Thoma: “He concludes: “With SCARF, we offer an efficient and secure solution for randomization.”
Double protection by combining with ClepsydraCache
As a result, the researchers’ work has the potential to have a significant impact on the protection of sensitive data in the digital society. Furthermore, the researchers, in collaboration with other colleagues, will present another work that can be combined with SCARF at this year’s Usenix Security Symposium.
The paper, “ClepsydraCache — Preventing Cache Attacks with Time-Based Evictions,” introduces a new cache security concept as well. The University of Duisburg-Essen’s Jan Philipp Thoma, Gregor Leander, Tim Güneysu, and CASA PI Lucas Davi are also involved. It was also created in collaboration with RUB researchers from the Department of Integrated Systems.
“ClepsydraCache relies on cache decay combined with index randomization. Cache decay means that data that is not used for a longer period of time is automatically removed from the cache,” explains Jan Philipp Thoma.
Data security benefits from such a mechanism, as it reduces the number of cache conflicts. Those conflicts would slow down the process and might also lead to data leakage with the help of the side-channel attacks described above. The researchers were able to prove that their proposal can withstand known attack vectors and can be easily implemented in existing architectures.
