U Can Touch This! Microarchitectural Timing Attacks via Machine Clears

TL;DR

This paper introduces MCHammer, a new microarchitectural timing attack that exploits machine clears caused by self-modifying code detection, offering a more efficient and precise side-channel method for extracting cryptographic keys.

Contribution

MCHammer is a novel timing attack technique that does not require memory access or waiting, outperforming traditional methods like Flush+Reload in efficiency and granularity.

Findings

Successfully recovered cryptographic keys using MCHammer

Demonstrated MCHammer's higher trace granularity and efficiency

Highlighted practical security risks in real-world systems

Abstract

Microarchitectural timing attacks exploit subtle timing variations caused by hardware behaviors to leak sensitive information. In this paper, we introduce MCHammer, a novel side-channel technique that leverages machine clears induced by self-modifying code detection mechanisms. Unlike most traditional techniques, MCHammer does not require memory access or waiting periods, making it highly efficient. We compare MCHammer to the classical Flush+Reload technique, improving in terms of trace granularity, providing a powerful side-channel attack vector. Using MCHammer, we successfully recover keys from a deployed implementation of a cryptographic tool. Our findings highlight the practical implications of MCHammer and its potential impact on real-world systems.