skip to main content


Title: Packet Chasing: Spying on Network Packets over a Cache Side-Channel
This paper presents Packet Chasing, an attack on the network that does not require access to the network, and works regardless of the privilege level of the process receiving the packets. A spy process can easily probe and discover the exact cache location of each buffer used by the network driver. Even more useful, it can discover the exact sequence in which those buffers are used to receive packets. This then enables packet frequency and packet sizes to be monitored through cache side channels. This allows both covert channels between a sender and a remote spy with no access to the network, as well as direct attacks that can identify, among other things, the web page access patterns of a victim on the network. In addition to identifying the potential attack, this work proposes a software-based short-term mitigation as well as a light-weight, adaptive, cache partitioning mitigation that blocks the interference of I/O and CPU requests in the last-level cache.  more » « less
Award ID(s):
1823444
NSF-PAR ID:
10207938
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
International Symposium on Computer Architecture
Page Range / eLocation ID:
721 to 734
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. P4 (Programming Protocol-Independent Packet Processors) represents a paradigm shift in network programmability by providing a high-level language to define packet processing behavior in network switches/devices. The importance of P4 lies in its ability to overcome the limitations of OpenFlow, the previous de facto standard for software-defined networking (SDN). Unlike OpenFlow, which operates on fixed match-action tables, P4 offers an approach where network operators can define packet processing behaviors at various protocol layers. P4 provides a programmable platform to create and implement custom network switches/devices protocols. However, this opens a new attack surface for threat actors who can access P4-enabled switches/devices and manipulate custom protocols for malicious purposes. Attackers can craft malicious packets to exploit protocol-specific vulnerabilities in these network devices. This ongoing research work proposes a blockchain-based model to secure P4 custom protocols. The model leverages the blockchain’s immutability, tamperproof ability, distributed consensus for protocol governance, and auditing to guarantee the transparency, security, and integrity of custom protocols defined in P4 programmable switches. The protocols are recorded as transactions and stored on the blockchain network. The model's performance will be evaluated using execution time in overhead computation, false positive rate, and network scalability. 
    more » « less
  2. Despite advances in network security, attacks targeting mission critical systems and applications remain a significant problem for network and datacenter providers. Existing telemetry platforms detect volumetric attacks at terabit scales using approximation techniques and coarse grain analysis. However, the prevalence of low and slow attacks that require very little bandwidth, makes flow-state tracking critical to overall attack mitigation. Traffic queries deployed on network switches are often limited by hardware constraints, preventing them from carrying out flow tracking features required to detect stealthy attacks. Such attacks can go undetected in the midst of high traffic volumes. We design SmartWatch, a novel flow state tracking and flow logging system at line rate, using SmartNICs to optimize performance and simultaneously detect a number of stealthy attacks. SmartWatch leverages advances in switch based network telemetry platforms to process the bulk of the traffic and only forward suspicious traffic subsets to the SmartNIC. The programmable network switches perform coarse-grained traffic analysis while the SmartNIC conducts the finer-grained analysis which involves additional processing of the packet as a 'bump-in-the-wire'. A control loop between the SmartNIC and programmable switch tunes the queries performed in the switch to direct the most appropriate traffic subset to the SmartNIC. SmartWatch's cooperative monitoring approach yields 2.39 times better detection rate compared to existing platforms deployed on programmable switches. SmartWatch can detect covert timing channels and perform website fingerprinting more efficiently compared to standalone programmable switch solutions, relieving switch memory and control-plane processor resources. Compared to host-based approaches, SmartWatch can reduce the packet processing latency by 72.32%. 
    more » « less
  3. Over the past decades, the major objectives of computer design have been to improve performance and to reduce cost, energy consumption, and size, while security has remained a secondary concern. Meanwhile, malicious attacks have rapidly grown as the number of Internet-connected devices, ranging from personal smart embedded systems to large cloud servers, have been increasing. Traditional antivirus software cannot keep up with the increasing incidence of these attacks, especially for exploits targeting hardware design vulnerabilities. For example, as DRAM process technology scales down, it becomes easier for DRAM cells to electrically interact with each other. For instance, in Rowhammer attacks, it is possible to corrupt data in nearby rows by reading the same row in DRAM. As Rowhammer exploits a computer hardware weakness, no software patch can completely fix the problem. Similarly, there is no efficient software mitigation to the recently reported attack Spectre. The attack exploits microarchitectural design vulnerabilities to leak protected data through side channels. In general, completely fixing hardware-level vulnerabilities would require a redesign of the hardware which cannot be backported. In this paper, we demonstrate that by monitoring deviations in microarchitectural events such as cache misses, branch mispredictions from existing CPU performance counters, hardware-level attacks such as Rowhammer and Spectre can be efficiently detected during runtime with promising accuracy and reasonable performance overhead using various machine learning classifiers. 
    more » « less
  4. Network densification through the deployment of WiFi access points (APs) is a promising solution towards achieving high connectivity rates required for emerging applications. A critical first step is to discover an AP before an active association between the client and the AP can be established. Legacy AP discovery procedures initiated by the client result in high latency in the order of a few 100 ms and waste spectrum, especially when clients need to frequently switch between multiple APs. We propose CSIscan that exploits the broadcast nature of WiFi channels by embedding discovery related information within an AP’s ongoing regular transmissions. The AP does this by intelligently distorting the transmitted OFDM frame by inducing perturbations in the preamble, and these injected ‘bits’ of information are detected via changes in the perceived channel state information (CSI). A deep learning framework allocates the optimal level of distortion on a per-subcarrier basis that keeps the resulting packet error rate to less than 1%. Existing clients perceive no changes in their ongoing communication, while potential new clients quickly obtain discovery information at the same time. We experimentally demonstrate that CSIscan reduces the overall WiFi latency from 150 ms to 10 ms and improves spectrum utilization with ∼ 72% reduction in the probe traffic. We show that CSIscan delivers up to 40 discovery information bits in the outgoing WiFi packet in an indoor environment. 
    more » « less
  5. Coherent optical excitations in two-dimensional (2D) materials, 2D polaritons, can generate a plethora of optical phenomena that arise from the extraordinary dispersion relations that do not exist in regular materials. Probing of the dynamical phenomena of 2D polaritons requires simultaneous spatial and temporal imaging capabilities and could reveal unknown coherent optical phenomena in 2D materials. Here, we present a spatiotemporal measurement of 2D wave packet dynamics, from its formation to its decay, using an ultrafast transmission electron microscope driven by femtosecond midinfrared pulses. The ability to coherently excite phonon-polariton wave packets and probe their evolution in a nondestructive manner reveals intriguing dispersion-dependent dynamics that includes splitting of multibranch wave packets and, unexpectedly, wave packet deceleration and acceleration. Having access to the full spatiotemporal dynamics of 2D wave packets can be used to illuminate puzzles in topological polaritons and discover exotic nonlinear optical phenomena in 2D materials.

     
    more » « less