ISeCure The ISC Int'l Journal of Information Security January 2021, Volume 13, Number 1 (pp. 19–27) http://www.isecure-journal.org Evict+Time Attack on Intel CPUs without Explicit Knowledge of Address Offsets Vahid Meraji 1 , and Hadi Soleimany 2,∗ 1 Cyberspace Research Institute, Shahid Beheshti University, Iran 2 Cyberspace Research Institute, Shahid Beheshti University, Iran ARTICLE I N F O. Article history: Received: November 30, 2019 Revised: June 30, 2020 Accepted: September 1, 2020 Published Online: September 5, 2020 Keywords: Evict+Time Attack, Access-Driven Attacks, LRU Replacement Policy, Inclusive Memory Type: Research Article doi: 10.22042/isecure.2020. 209945.500 Abstract Access-driven attacks are a series of cache-based attacks using fewer measurement samples to extract sensitive key values due to the ability of the attacker to evict or access cache lines compared to the other attacks based on this feature. Knowledge of address offset for the corresponding data blocks in cryptographic libraries is a prerequisite for an adversary to reload or evict cache lines in Intel processors. Preventing the access of attackers to the address offsets can potentially be a countermeasure to mitigate access-driven attacks. In this paper, we demonstrate how to perform the Evict+Time attack on Intel x86 CPUs without any privilege of knowing address offsets. c  2020 ISC. All rights reserved. 1 Introduction N umerous studies have been conducted to present new attacks using the time difference between the processor access to main memory and cache mem- ory. Such attacks are mostly divided into three cate- gories of time-driven, trace-driven, and access-driven attacks. In time-driven attacks, the attacker knows the capacity of the cache memory lines and measures the cryptosystem runtime. After that, he performs statistical analyses on the measured samples to dis- tinguish between cache miss and cache hit events. The amount of information extracted in these attacks depends on the capacity of the cache memory lines [1–5]. In trace-driven attacks, the attacker is able to create a profile in order to distinguish between the cache hit and cache miss [6]. Access-driven attacks can be divided into synchronous and asynchronous categories. The Evict+Time, Prime+Probe[7] and Flush+Reload attacks [8] are among the most impor- ∗ Corresponding author. Email addresses: vahmeraji@gmail.com, h_soleimany@sbu.ac.ir ISSN: 2008-2045 c  2020 ISC. All rights reserved. tant access-driven attacks. In the access-driven at- tacks, the attacker frequently needs to evict or reload data from the cache memory before or after perform- ing the targeted cryptosystem which requires the knowledge about the virtual or physical addresses. In other words, it is assumed that the attacker is able to detect the address offsets of the targeted data in the libraries used by the cryptosystem. One possible solution for preventing the success of access-driven attacks is to prevent page sharing which was mentioned for the first time in [8]. How- ever, as it is discussed in the literature this would increase the execution time by increasing the cache- miss rate. In this paper, we study this approach from another angle. Independent of performance issues, we aim to investigate whether or not such a naive ap- proach can be secure at all. In this paper, we propose an Evict+Time attack on AES which is applicable based on the fewer assumptions in comparison to the previous attacks. Unlike the proposed access-driven attacks in the literature, our method can retrieve all bits of the secret key without requiring any knowledge about the virtual address of the data. The attack is applicable on a processor in which the cache memory ISeCure