Posts by Collection


Evict+Skip: A High-Bandwidth, Non-Shared-Page Cache Covert Channel Attack

Streamline, a paper published in ASPLOS 2021, introduced an asynchronous framework to construct high-bandwidth covert-channels. However, it required that the sender and the receiver had to share the virtual memory, which made it less general. In order to figure this out, we proposed a brand new high-bandwidth covert-channel, which leveraged the directory conflicts of non-inclusive machine and the universal feature of Prime+Probe Attack.


GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers

Published in USENIX Security 2024, 2024 (Full Paper | bibtex)

GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs). We show that DMPs are present in many Apple CPUs and pose a real threat to multiple cryptographic implementations, allowing us to extract keys from OpenSSL Diffie-Hellman, Go RSA, as well as CRYSTALS Kyber and Dilithium.