Exploring Speculative Execution and Cache Timing Attacks: A Case Study Using Intel MOVSB and Password Inference Deepesh Menon P M

Abstract

This paper explores the exploitation of speculative execution and cache timing side-channel attacks to infer sensitive data such as passwords. Using Intel's MOVSB instruction as an example, we demonstrate how speculative execution can load sensitive data into the cache, even when discarded by the CPU. We provide a detailed case study in which an attacker successfully infers a password by leveraging cache timing discrepancies to analyze speculative execution traces. The practical implementation of such attacks is analyzed in the context of Intel processors, demonstrating the vulnerability in modern CPU architectures.

Keywords

Speculative execution, cache timing attacks, Intel MOVSB, side-channel attacks, password inference, cache memory.

1. Introduction

With the increasing complexity of modern CPU architectures, performance-boosting techniques such as speculative execution have become common. In speculative execution, the processor predicts the next instructions and executes them in advance, often accessing sensitive data in the process. While this technique significantly improves performance, it also creates a vulnerability: data accessed during speculative execution may be left in the cache, even if the execution path is later discarded.

Cache timing attacks exploit the differences in the time it takes to access cached versus non-cached data, allowing an attacker to infer sensitive information. In this paper, we use Intel's MOVSB instruction, which moves a string byte-by-byte, to demonstrate how speculative execution combined with cache timing can be used to infer sensitive information, such as passwords.

2. Background

2.1 Speculative Execution

Speculative execution is a technique used in modern CPUs to guess and execute the next set of instructions before determining whether they are needed. If the guess is correct, execution continues without delay. If the guess is incorrect, the CPU rolls back to the correct path, but any changes made to the cache during speculation remain.

2.2 Cache Timing Attacks

Cache timing attacks exploit the time difference between cache hits (when data is retrieved from the cache) and cache misses (when data must be fetched from main memory). An attacker can measure these timing differences to infer what data has been loaded into the cache during speculative execution, including potentially sensitive data like passwords or encryption keys.

3. Intel MOVSB and Speculative Execution

The MOVSB (Move String Byte) instruction in the Intel architecture moves bytes from a source string to a destination in memory. It is frequently used for operations involving blocks of memory, such as copying data between buffers.

In our example, speculative execution can preload parts of a string into the cache before the CPU has confirmed that the entire string needs to be accessed. This creates an opportunity for an attacker to exploit cache timing side channels to infer the contents of the string.

4. Case Study: Password Inference Using Speculative Execution

4.1 Setup

Consider a simple password-checking function:

In this scenario, the correct password is stored in memory, and speculative execution can be triggered to load parts of the password into the cache.

4.2 Exploiting Speculative Execution with MOVSB

Speculative execution could predict that the password characters match and speculatively execute the next character comparison, thereby loading the correct password bytes into the L1 cache.

For example, when the CPU speculates that the first character in input matches the first character of the correct password (S), it may speculatively load the next character (E) into the cache. Although the CPU later discards this speculative execution if the first character does not match, the memory region where the second character (E) is stored remains in the cache.

4.3 Cache Timing Attack on Password

The attacker can now infer the password character by character, as follows:

1. Flush the cache: The attacker ensures that the memory containing the correct password is not in the cache.
2. Trigger speculative execution: By providing an input character, the attacker forces the CPU to speculate on the password check.
3. Measure cache access times: After speculative execution, the attacker measures the access time for the memory locations where the password is stored. If access is fast (a cache hit), the correct character was loaded into the cache during speculative execution.
4. Infer the password: By repeating the process for each character, the attacker can infer the password.

4.4 Detailed Example

Let’s break down the attack in detail:

Attempt 1: Guess A for the first character

• The attacker guesses A for the first character.
• The password check fails, and speculative execution does not load subsequent characters into the cache.
• The attacker accesses the memory location for the second character (E) and measures the access time. If it is slow (cache miss), the guess is incorrect.

Attempt 2: Guess S for the first character

• The attacker guesses S for the first character.
• Speculative execution proceeds to check the next character (E), and it is loaded into the cache.
• The attacker measures access time for the second character. If it is fast (cache hit), the guess is correct.
• The attacker now moves on to guessing the second character.

Attempt 3: Guess E for the second character

• The attacker guesses E for the second character.
• Speculative execution loads the third character (C) into the cache.
• By measuring access time, the attacker can infer that the second guess is correct and continue to deduce the password character by character.

4.5 MOVSB in Action

The MOVSB instruction is commonly used in memory manipulation, making it a suitable candidate for speculative execution loading sensitive strings into the cache. In this case study, speculative execution of MOVSB moves bytes from the correct_password memory location into the cache before the password has been fully verified.

5. Mitigations and Challenges

Several mitigations have been introduced to reduce the effectiveness of speculative execution attacks, including:

• Speculative Store Bypass Protection (SSBP): Disabling speculative execution on certain instructions.
• Cache Flushing: Techniques to flush the cache after speculative execution to prevent timing side-channel leakage.
• Software Changes: Preventing passwords or sensitive data from being accessed speculatively, using constant-time algorithms that do not depend on speculative execution.

However, mitigating these attacks is challenging due to the fundamental reliance on speculative execution for performance in modern processors.

6. Conclusion

Speculative execution combined with cache timing attacks creates a serious security vulnerability in modern CPU architectures. In this paper, we demonstrated how speculative execution of the Intel MOVSB instruction can be exploited to infer sensitive data like passwords through cache timing discrepancies. As speculative execution continues to be a critical performance feature, addressing these vulnerabilities will require both hardware and software-based solutions.

References

1. Kocher, P., Horn, J., Fogh, A., et al. (2019). Spectre Attacks: Exploiting Speculative Execution. In IEEE Symposium on Security and Privacy.
2. Intel Corporation. (2020). Intel 64 and IA-32 Architectures Optimization Reference Manual.
3. Yarom, Y., Falkner, K. (2014). Flush+Reload: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security Symposium.