International Journal of Information Security https://doi.org/10.1007/s10207-018-0411-7 REGULAR CONTRIBUTION SpyDetector: An approach for detecting side-channel attacks at runtime Yusuf Kulah 1 · Berkay Dincer 1 · Cemal Yilmaz 1 · Erkay Savas 1 © Springer-Verlag GmbH Germany, part of Springer Nature 2018 Abstract In this work, we first present a low-cost, anomaly-based semi-supervised approach, which is instrumental in detecting the presence of ongoing side-channel attacks at runtime. We are, in particular, concerned with attacks that are carried out by creating intentional contentions in shared resources with cryptographic applications using a “spy” process. At a very high level, the approach quantifies contentions in shared resources, associates these contentions with processes, such as with a victim process, and issues a warning at runtime whenever the contentions reach a “suspicious” level. We then adapt this approach to detect the presence of four different types of cache-based side-channel attacks, namely prime-and-probe attacks on advanced encryption standard (AES), flush-and-reload attacks on AES and elliptic curve digital signature algorithm with Montgomery ladder algorithm, and Flush + Flush attacks on AES. To this end, we vary the shared resources monitored, the level of granularity at which the contentions in these resources are quantified, and the way the suspicious levels of contentions are detected. We evaluate the proposed approach also in cross-virtual machine setups (when applicable). The results of our experiments support our basic hypothesis that spy processes, which leverage information leaked by cryptographic applications through some shared resources, ironically leak information by themselves through the same or related channels, which can be analyzed to detect the presence of ongoing attacks at runtime. Keywords Cache-based side-channel attacks · Prime-and-probe attacks · Flush-and-reload attacks · ECDSA attacks · Runtime detection · Hardware performance counters 1 Introduction Cryptographic algorithms that withstand known theoretical attacks may succumb to side-channel attacks due to flaws in their implementations [42]. Side-channels are unintended manifestations about the key-dependent aspects of cryp- tographic application executions, e.g., the execution time, power consumption, electromagnetic emanation, micro- architectural artifacts, etc [5,9,10,41]. Since the secret key B Cemal Yilmaz cyilmaz@sabanciuniv.edu Yusuf Kulah yusufkulah@sabanciuniv.edu Berkay Dincer berkayd@sabanciuniv.edu Erkay Savas erkays@sabanciuniv.edu 1 Faculty of Engineering and Natural Sciences, Sabanci University, Istanbul, Turkey effectively influences the execution of cryptographic appli- cations, observations made on a side-channel may eventually leak information about the secret key if its effects in the com- putation are not cloaked. An important category of side-channel attacks is due to shared micro-architectural resources such as cache memory and branch prediction unit [7,45,52]. Cache-based side- channel attacks, which is also a focus of this paper, exploit the key-dependent cache access patterns of cryptographic applications [3,4,6,8,11,12,15–19,40,46,52,55,59,69–71,78, 79]. Many of these attacks use a spy process to intentionally create cache contentions with the cryptographic applica- tion [12,15,40,52,55,70,71,78,79]. The contentions are then analyzed to infer cache access patterns, which are in turn associated with likely key values to extract the secret key processed by the cryptographic application or to reduce the possible key space. The results of many empirical studies strongly suggest that cache-based side-channel attacks can extract secret keys [40,52,55,71,78,79]. 123