A New Software Approach to Defend against Cache-Based Timing Attacks

Cache-based timing attacks recover cipher keys by exploiting side channel information leaks which are caused by the implementations of cryptographic algorithms and the data-dependent behavior of cache memory. This kind of attacks has been proved to be effective in experiments and even feasible in practice. A number of software-based mechanisms have been proposed to protect against such attacks, however, most of them only aims at a specific sort of cache-based attacks by altering the implementation of the algorithm. In this paper, we put forward a novel idea with the goal of providing general protection. With the help of dynamic binary translation technique, we create a sandbox where the cryptographic implementations are executed. During the runtime, redundancy instructions can be inserted into the binary code of the cipher routine, and thus the leaked information is skewed and becomes useless to the attackers. The preliminary experimental results indicate that this defending mechanism can provide strong protection against the cache-based timing attacks. Moreover, in the part of conclusion, we discuss that this mechanism can also be effective against other types of cache-based side channel attacks.