Covert Channels through Random Number Generator
- 24 October 2016
- conference paper
- conference paper
- Published by Association for Computing Machinery (ACM)
- p. 843-857
- https://doi.org/10.1145/2976749.2978374
Abstract
Covert channels present serious security threat because they allow secret communication between two malicious processes even if the system inhibits direct communication. We describe, implement and quantify a new covert channel through shared hardware random number generation (RNG) module that is available on modern processors. We demonstrate that a reliable, high-capacity and low-error covert channel can be created through the RNG module that works across CPU cores and across virtual machines. We quantify the capacity of the RNG channel under different settings and show that transmission rates in the range of 7-200 kbit/s can be achieved depending on a particular system used for transmission, assumptions, and the load level. Finally, we describe challenges in mitigating the RNG channel, and propose several mitigation approaches both in software and hardware.Keywords
Funding Information
- National Science Foundation (1422401)
This publication has 33 references indexed in Scilit:
- C5: Cross-Cores Cache Covert ChannelPublished by Springer Science and Business Media LLC ,2015
- Covert channels through branch predictorsPublished by Association for Computing Machinery (ACM) ,2015
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- TimeWarpACM SIGARCH Computer Architecture News, 2012
- Pseudo-random number generators for Monte Carlo simulations on ATI Graphics Processing UnitsComputer Physics Communications, 2011
- Cryptanalysis of the random number generator of the Windows operating systemACM Transactions on Information and System Security, 2009
- TVDcACM SIGOPS Operating Systems Review, 2008
- Least Privilege and MorePublished by Springer Science and Business Media LLC ,2006
- A high-speed oscillator-based truly random number source for cryptographic applications on a smartcard ICInternational Conference on Acoustics, Speech, and Signal Processing (ICASSP), 2003
- Integrating security and real-time requirements using covert channel capacityIEEE Transactions on Knowledge and Data Engineering, 2000