MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations in SGX

Ahmad Moghimi, Thomas Eisenbarth, Berk Sunar


Cache attacks exploit memory access patterns of cryptographic implementations. Constant-Time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of cryptographic operations to follow a uniform key independent pattern. However, the constant-time behavior is dependent on the underlying architecture, which can be highly complex and often incorporates unpublished features. CacheBleed attack targets cache bank conflicts and thereby invalidates the assumption that microarchitectural side-channel adversaries can only observe memory with cache line granularity. In this work, we propose MemJam, a side-channel attack that exploits false dependency of memory read-after-write and provides a high quality intra cache level timing channel. As a proof of concept, we demonstrate the first key recovery attacks on a constant-time implementation of AES, and a SM4 implementation with cache protection in the current Intel Integrated Performance Primitives (Intel IPP) cryptographic library. Further, we demonstrate the first intra cache level timing attack on SGX by reproducing the AES key recovery results on an enclave that performs encryption using the aforementioned constant-time implementation of AES. Our results show that we can not only use this side channel to efficiently attack memory dependent cryptographic operations but also to bypass proposed protections. Compared to CacheBleed, which is limited to older processor generations, MemJam is the first intra cache level attack applicable to all major Intel processors including the latest generations that support the SGX extension.
Original languageEnglish
Title of host publicationTopics in Cryptology -- CT-RSA 2018
EditorsNigel P. Smart
Number of pages24
Place of PublicationCham
PublisherSpringer International Publishing
Publication date07.03.2018
ISBN (Print)978-3-319-76952-3
ISBN (Electronic)978-3-319-76953-0
Publication statusPublished - 07.03.2018
EventThe Cryptographers' Track at the RSA Conference 2018 - San Francisco, United States
Duration: 16.04.201820.04.2018


Dive into the research topics of 'MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations in SGX'. Together they form a unique fingerprint.

Cite this