



## Cache side-channel Attack on RISC-V processor

Tokyo, 15 Jan., 2022



Pham Laboratory Integrated circuit design laboratory

- 1. Introduction
- 2. Cache side-channel attack replication
- 3. Cache side-channel attack mitigation
- 4. Conclusion



Pham Laboratory Integrated circuit design laboratory

#### 1. Introduction

- 2. Cache side-channel attack replication
- 3. Cache side-channel attack mitigation
- 4. Conclusion

## Introduction

- Spectre Cache side-channel attack
- Target: RISC-V Out-of-order BOOM
- First variants:
  - Spectre v1: Bound Check Bypass
  - Spectre v2: Branch Target Injection



- Branch Predictor UnitSpeculative Execution
- Caching

**BOOM** suitable for Spectre



Cache memory

[1] BOOM (2015) [2] <u>Spectre</u> (2019)



Phan Laboratory Integrated circuit design laboratory

#### 1. Introduction

#### 2. Cache side-channel attack replication

- 3. Cache side-channel attack mitigation
- 4. Conclusion

## **Spectre attack (1)**

| User  | Process                    | Pattern history table                   |  |
|-------|----------------------------|-----------------------------------------|--|
| a = 1 | TRUE => Run B              | Branch history $\rightarrow$ Prediction |  |
| a = 2 | TRUE => Run B              | → n → i<br>bits                         |  |
| a = 3 | TRUE => Run B              |                                         |  |
|       | TRUE => Run B              |                                         |  |
| a = X | <i>Maybe</i> TRUE => Run B | IF (a< 10)<br>Run B                     |  |

## **Spectre attack (2)**

Typical attack strategy:

- Setup processor cache, for example, fill or flush all the cache lines, as in Flush+Reload, Prime+Probe timing attacks approaches.
- Force mis-speculation in victim code to leak secret into a side-channel
- Attacker recovers secret from side-channel effect in the cache (usually the access load time).



### **Spectre attack (3)**

- Observe cache accessing time of a value.
- Each attack attempt is to collect 1 byte in

secret string.



#### **Spectre attack on RISC-V Processor**

#### Implement RISC-V processor

- BOOM core: exploited
- Rocket core: not exploited

| char(S) | guess_char(hits,score,value)            | 1.(3,  | 83, S)  |
|---------|-----------------------------------------|--------|---------|
| char(e) | guess_char(hits,score,value)            | 1.(9,  | 101, e) |
| char(c) | guess_char(hits,score,value)            | 1.(7,  | 99, c)  |
| char(r) | guess_char(hits,score,value)            | 1.(8,  | 114, r) |
| char(e) | <pre>guess_char(hits,score,value)</pre> | 1.(8,  | 101, e) |
| char(t) | guess_char(hits,score,value)            | 1.(9,  | 116, t) |
| char( ) | guess_char(hits,score,value)            | 1.(10) | , 32, ) |
| char(K) | <pre>guess_char(hits,score,value)</pre> | 1.(8,  | 75, K)  |
| char(e) | <pre>guess_char(hits,score,value)</pre> | 1.(8,  | 101, e) |
| char(y) | guess_char(hits,score,value)            | 1.(8,  | 121, у) |

Attack log (success case)





[3] TEE-Hardware (2020) [4] Replicated Spectre (2020)



Phan Laboratory Integrated circuit design laboratory

#### 1. Introduction

- 2. Cache side-channel attack replication
- 3. Cache side-channel attack mitigation
- 4. Conclusion

# **Software prevention (1)**

- Software method
  - Fence
  - Speculation Load Hardening
- Modify to strengthen victim program

if

else

- Require to re-compile source code
- Affect on performance



Original spectre v1 gadget

## **Software prevention (2)**



## **Software prevention (2)**



No mitigation

• Normal execution cycle: 210

#### Mitigation using fence

- Normal execution cycle: 242 290
- Performance loss: 15 43%

## **Real-Time Spectre Attack Detection System (1)**

- Target: RISC-V BOOM processor
- Using hardware performance counter (HPM) and machine learning
- Create a real-time background services
  - Gather hardware performance counter
  - Analyse to detect cache side-channel attack events
- System procedure:



# **Real-Time Spectre Attack Detection System (2)**

- Dataset: 20.000 sample of HPMs
- Detection accuracy: 99.6 % (cross-validation)
- Performance overhead: 2.25%





Mean accuracy for cross-validation k-values.

## **Spectre mitigation researches on RISC-V Processor**

| Mitigation          | Detection                                                                                                       | Prevention                                                                                               |                                                                                               |  |
|---------------------|-----------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------|--|
| strategy            |                                                                                                                 | Software approach                                                                                        | Hardware approach(*)                                                                          |  |
| Idea or<br>Research | <ul> <li>Analyse hardware<br/>performance counter</li> <li>Use machine learning</li> </ul>                      | <ul> <li>Fence instruction</li> <li>Speculation Load<br/>Hardening (Index masking)</li> </ul>            | <ul> <li>Customized<br/>cache/processor</li> </ul>                                            |  |
| Benefits            | <ul> <li>High accuracy and simple</li> <li>Low performance overhead</li> </ul>                                  | <ul><li>Strengthen victim program</li><li>Simple to implement</li></ul>                                  | <ul> <li>Low performance<br/>overhead</li> <li>Apply for wide range of<br/>threats</li> </ul> |  |
| Drawbacks           | <ul> <li>Need to find action<br/>after detection</li> <li>Need to re-create<br/>model for new threat</li> </ul> | <ul> <li>Require to re-compile<br/>victim code</li> <li>High performance<br/>overhead: 15-43%</li> </ul> | <ul> <li>Complicated.</li> <li>Time consuming to develop</li> </ul>                           |  |

(\*) Currently on research stage



Pham Laboratory Integrated circuit design laboratory

#### 1. Introduction

- 2. Cache side-channel attack replication
- 3. Cache side-channel attack mitigation

#### 4. Conclusion

## Conclusion

- 1. Replicated Spectre attack on FPGA: Spectre (v1-v2), BOOM Core.
- 2. Software mitigation methods: Fence & Speculative Load Hardening, high performance overhead
- 3. Real-Time Spectre Attack Detection System: ~99.6% accuracy

## References

- 1. C. Celio et al., "The berkeley out-of-order machine (boom): An industry-competitive, synthesizable, parameterized risc-v processor," 2015.
- 2. P. Kocher *et al.*, "Spectre attacks: Exploiting speculative execution," in 2019 IEEE Symposium on Security and Privacy (SP), 2019, pp. 1–19.
- 3. T. Hoang et al., "Quick Boot of Trusted Execution Environment With Hardware Accelerators," in IEEE Access, vol. 8, pp. 74015-74023, 2020.
- 4. A. Le et al, "Experiment on replication of side channel attack via cache of RISC-V Berkeley out-oforder machine (BOOM) implemented on FPGA", CARRV 2020.
- 5. A. Le et al, "A Real-Time Cache Side-Channel Attack Detection System on RISC-V Out-of-Order Processor" in IEEE Access, vol. 9, pp. 164597-164612, 2021.





#### Thank You

Tokyo, 15 Jan., 2022