PhantomFetch: Obfuscating Loads against Prefetcher Side-Channel Attacks
Xingzhi Zhang, Buyi Lv, Yimin Lu, Kai Bu
TL;DR
PhantomFetch is a hardware-agnostic defense mechanism that obfuscates sensitive loads to prevent IP-stride prefetcher side-channel attacks, maintaining prefetching benefits with minimal performance overhead.
Contribution
It introduces PhantomFetch, the first hardware-agnostic method to secure prefetchers against side-channel attacks by obfuscating victim load effects without hardware modifications.
Findings
Secures IP-stride prefetcher with negligible overhead
Obfuscates victim's load effects to prevent attack
Applicable to off-the-shelf devices
Abstract
The IP-stride prefetcher has recently been exploited to leak secrets through side-channel attacks. It, however, cannot be simply disabled for security with prefetching speedup as a sacrifice. The state-of-the-art defense tries to retain the prefetching effect by hardware modification. In this paper, we present PhantomFetch as the first prefetching-retentive and hardware-agnostic defense. It avoids potential remanufacturing cost and enriches applicability to off-the-shelf devices. The key idea is to directly break the exploitable coupling between trained prefetcher entries and the victim's secret-dependent loads by obfuscating the sensitive load effects of the victim. The experiment results show that PhantomFetch can secure the IP-stride prefetcher with only negligible overhead.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsCryptographic Implementations and Security · Security and Verification in Computing · Physical Unclonable Functions (PUFs) and Hardware Security