Investigação do Ataque Flush+Reload via Web para Extração de Chaves RSA em Alvos Nativos
Resumo
O WebAssembly viabiliza a execução de aplicações complexas no navegador, levantando a questão sobre a potencial adaptação de ataques nativos sofisticados, como o Flush+Reload — um ataque de canal lateral de cache com alta resolução temporal. Este trabalho investiga experimentalmente a viabilidade de executar o Flush+Reload a partir do navegador contra um processo GPG nativo externo para extrair chaves RSA, comparando esta abordagem com implementações nativas. Os resultados indicam um contraste claro: enquanto as versões nativas alcançaram sucesso parcial (quase 50% de acerto), a versão web se mostrou ineficaz (com taxa de acerto inferior a 4%), limitada por questões inerentes de resolução temporal e ruído no ambiente do navegador. Desta forma, os resultados indicam uma diferença fundamental na capacidade atual de exploração deste vetor de ataque entre os ambientes web e nativo.Referências
(2023). FIPS PUB 186-5: Digital Signature Standard (DSS). FIPS Standard FIPS PUB 186-5, U.S. Department of Commerce, Gaithersburg, MD.
da Silva Simões, F., de Souza Bento, L. M., and Machado, R. C. S. (2021). Uma implementação do ataque flush+reload para recuperação de trechos de chave rsa. In ANAIS DO WRAC+2020 & WCIBER 2020, 2020, Rio de Janeiro. Galoá.
Ge, Q., Yarom, Y., Heiser, G., and Armstrong, K. (2015). A survey of microarchitectural timing attacks and countermeasures. Computers and Security, 30:3–29.
Genkin, D., Pachmanov, L., Tromer, E., and Yarom, Y. (2018). Drive-by key-extraction cache attacks from portable code. In Applied Cryptography and Network Security: 16th International Conference, ACNS 2018, Leuven, Belgium, July 2-4, 2018, Proceedings, page 83–102, Berlin, Heidelberg. Springer-Verlag.
Gierlichs, B., Gras, L., Kim, D., and Maurice, C. (2017). Cache side-channel attacks in the JavaScript context. In Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS), pages 809–822. ACM.
Gordon, D. M. (1998). A survey of fast exponentiation methods. Journal of Algorithms, 27(1):129–146.
Heninger, N. and Shacham, H. (2009). Reconstructing rsa private keys from random key bits. In Halevi, S., editor, Advances in Cryptology - CRYPTO 2009, pages 1–17, Berlin, Heidelberg. Springer Berlin Heidelberg.
Mazaheri, A., Sarmadi, S., and Ardakani, A. (2022). Analyzing side-channel attacks in webassembly. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE.
Oren, Y., Kemerlis, V. P., Sethumadhavan, S., and Keromytis, A. D. (2015). The spy in the sandbox: Practical cache attacks in JavaScript and their implications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 1406–1418. ACM.
Shusterman, A., Avraham, Z., Croitoru, E., Haskal, Y., Kang, L., Levi, D., Meltser, Y., Mittal, P., Oren, Y., and Yarom, Y. (2021a). Website fingerprinting through the cache occupancy channel and its real world practicality. IEEE Transactions on Dependable and Secure Computing, 18(5):2042–2060.
Shusterman, A., Finkelstein, C., Gruner, O., Shani, Y., and Oren, Y. (2021b). Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization. Computer Networks, 200:108550.
Tanenbaum, A. S. and Bos, H. (2014). Modern Operating Systems. Prentice Hall Press, USA, 4th edition.
Vila, L., K”opf, M., and Morales, J. (2018). Theory and practice of finding eviction sets. Proceedings on Privacy Enhancing Technologies, 2018(3):263–279.
Yarom, Y. and Falkner, K. (2014). Flush+reload: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium, pages 719–732. USENIX Association.
da Silva Simões, F., de Souza Bento, L. M., and Machado, R. C. S. (2021). Uma implementação do ataque flush+reload para recuperação de trechos de chave rsa. In ANAIS DO WRAC+2020 & WCIBER 2020, 2020, Rio de Janeiro. Galoá.
Ge, Q., Yarom, Y., Heiser, G., and Armstrong, K. (2015). A survey of microarchitectural timing attacks and countermeasures. Computers and Security, 30:3–29.
Genkin, D., Pachmanov, L., Tromer, E., and Yarom, Y. (2018). Drive-by key-extraction cache attacks from portable code. In Applied Cryptography and Network Security: 16th International Conference, ACNS 2018, Leuven, Belgium, July 2-4, 2018, Proceedings, page 83–102, Berlin, Heidelberg. Springer-Verlag.
Gierlichs, B., Gras, L., Kim, D., and Maurice, C. (2017). Cache side-channel attacks in the JavaScript context. In Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS), pages 809–822. ACM.
Gordon, D. M. (1998). A survey of fast exponentiation methods. Journal of Algorithms, 27(1):129–146.
Heninger, N. and Shacham, H. (2009). Reconstructing rsa private keys from random key bits. In Halevi, S., editor, Advances in Cryptology - CRYPTO 2009, pages 1–17, Berlin, Heidelberg. Springer Berlin Heidelberg.
Mazaheri, A., Sarmadi, S., and Ardakani, A. (2022). Analyzing side-channel attacks in webassembly. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE.
Oren, Y., Kemerlis, V. P., Sethumadhavan, S., and Keromytis, A. D. (2015). The spy in the sandbox: Practical cache attacks in JavaScript and their implications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 1406–1418. ACM.
Shusterman, A., Avraham, Z., Croitoru, E., Haskal, Y., Kang, L., Levi, D., Meltser, Y., Mittal, P., Oren, Y., and Yarom, Y. (2021a). Website fingerprinting through the cache occupancy channel and its real world practicality. IEEE Transactions on Dependable and Secure Computing, 18(5):2042–2060.
Shusterman, A., Finkelstein, C., Gruner, O., Shani, Y., and Oren, Y. (2021b). Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization. Computer Networks, 200:108550.
Tanenbaum, A. S. and Bos, H. (2014). Modern Operating Systems. Prentice Hall Press, USA, 4th edition.
Vila, L., K”opf, M., and Morales, J. (2018). Theory and practice of finding eviction sets. Proceedings on Privacy Enhancing Technologies, 2018(3):263–279.
Yarom, Y. and Falkner, K. (2014). Flush+reload: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium, pages 719–732. USENIX Association.
Publicado
01/09/2025
Como Citar
SIMÕES, Felipe S.; BENTO, Lucila M. S.; MACHADO, Raphael C. S..
Investigação do Ataque Flush+Reload via Web para Extração de Chaves RSA em Alvos Nativos. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 562-574.
DOI: https://doi.org/10.5753/sbseg.2025.10400.
