EECS 588: Computer and Network Security

Syllabus

The security of a system is only as good as its weakest link. Even if a system's software is perfectly secure, the complex interactions between the system's hardware and the physical world have not been properly understood. Side-channel attacks exploit unintentional, abstraction-defying leakage from physical devices (such as the device's power consumption, electromagnetic radiation or execution timing variations) to recover otherwise-unavailable secret information.

In this class, we shall review recent papers in the area of side channel attacks and their mitigations. Specific topics include (but not limited to):

Physical side channel attacks such as power and electromagnetic analysis.
Microarchitectural attacks such as cache attacks and Rowhammer.
peculative execution attacks: Spectre, Meltdown and Foreshadow.
Side channel mitigations and countermeasures.

Class requirements:

45min - 1 hour presentation
Final project (maybe substituted by presenting two papers if enrollment
Active participation in paper discussion

Class prerequisites:

Prior experience in low level programing (C / C++ / assembly) is required. Familiarly with basic signal processing (for physical attacks) as well as basic operating system principles (for microarchitectural attacks) will be helpful. The class might also include some basic cryptographic background which is required for understanding attacks on cryptographic systems.

List of papers

Week Paper1 Speaker Paper2 Speaker

Sep 3, 2019 Introduction to side channels Daniel Genkin Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems Diego Rojas

Sep 10, 2019 Remote Timing Attacks Are Practical Ryan Feng On Subnormal Floating Point and Abnormal Timing Ben Cyr

Sep 17, 2019 On the effectiveness of mitigations against floating-point timing channels Anthony Pan CACHE MISSING FOR FUN AND PROFIT Tarunesh Verma

Sep 24, 2019 No class No class

Oct 1, 2019 Cache attacks and countermeasures: the case of AES Chris Hu FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack Eric Hao

Oct 8, 2019 Last-Level Cache Side-Channel Attacks are Practical Yungang Wang Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds Cristina Noujaim

Oct 15, 2019 The Spy in the Sandbox - Practical Cache Attacks in Javascript and their Implications Renuka Kumar Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches Peter Paquet

Oct 22 2019 ARMageddon: Cache Attacks on Mobile Devices Joseph Buiteweg Drive-By Key-Extraction Cache Attacks from Portable Code Jacob Hage

Oct 29, 2019 Practical Keystroke Timing Attacks in Sandboxed JavaScript Apurva Virkud Meltdown + Spectre Daniel Genkin

Nov 5, 2019 Foreshadow+Foreshadow-NG Daniel Genkin RIDL and Fallout: MDS attacks Marina Minkin

Nov 12, 2019 No Class No Class

Nov 19, 2019 Electromagnetic Eavesdropping Risks of Flat-Panel Displays Yan Long Keyboard Acoustic Emanations Katelyn Wolfenberger

Nov 26, 2019 Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels Youssef Tobah Thanksgiving

Dec 3, 2019 Introduction to differential power analysis John Wu Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs Can Carlak

Dec 10, 2019 Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation Jiachen Sun

Week	Paper1	Speaker	Paper2	Speaker
Sep 3, 2019	Introduction to side channels	Daniel Genkin	Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems	Diego Rojas
Sep 10, 2019	Remote Timing Attacks Are Practical	Ryan Feng	On Subnormal Floating Point and Abnormal Timing	Ben Cyr
Sep 17, 2019	On the effectiveness of mitigations against floating-point timing channels	Anthony Pan	CACHE MISSING FOR FUN AND PROFIT	Tarunesh Verma
Sep 24, 2019	No class		No class
Oct 1, 2019	Cache attacks and countermeasures: the case of AES	Chris Hu	FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack	Eric Hao
Oct 8, 2019	Last-Level Cache Side-Channel Attacks are Practical	Yungang Wang	Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds	Cristina Noujaim
Oct 15, 2019	The Spy in the Sandbox - Practical Cache Attacks in Javascript and their Implications	Renuka Kumar	Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches	Peter Paquet
Oct 22 2019	ARMageddon: Cache Attacks on Mobile Devices	Joseph Buiteweg	Drive-By Key-Extraction Cache Attacks from Portable Code	Jacob Hage
Oct 29, 2019	Practical Keystroke Timing Attacks in Sandboxed JavaScript	Apurva Virkud	Meltdown + Spectre	Daniel Genkin
Nov 5, 2019	Foreshadow+Foreshadow-NG	Daniel Genkin	RIDL and Fallout: MDS attacks	Marina Minkin
Nov 12, 2019	No Class		No Class
Nov 19, 2019	Electromagnetic Eavesdropping Risks of Flat-Panel Displays	Yan Long	Keyboard Acoustic Emanations	Katelyn Wolfenberger
Nov 26, 2019	Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels	Youssef Tobah	Thanksgiving
Dec 3, 2019	Introduction to differential power analysis	John Wu	Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks on PCs	Can Carlak
Dec 10, 2019	Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation	Jiachen Sun