Investigation of Web-based Flush+Reload Attack for RSA Key Extraction on Native Targets
Abstract
WebAssembly enables the execution of complex applications in the browser, raising the question about the potential adaptation of sophisticated native attacks, such as Flush+Reload—a high-resolution cache side-channel attack. This work experimentally investigates the feasibility of executing Flush+Reload from the browser against an external native GPG process to extract RSA keys, comparing this approach with native implementations. Results indicate a clear contrast: while native versions achieved partial success (nearly 50% accuracy), the web-based approach proved ineffective (accuracy below 4%), limited by inherent challenges in timing resolution and noise within the browser environment. These findings indicate a fundamental difference in the current exploitability of this attack vector against external targets when comparing web and native environments.References
(2023). FIPS PUB 186-5: Digital Signature Standard (DSS). FIPS Standard FIPS PUB 186-5, U.S. Department of Commerce, Gaithersburg, MD.
da Silva Simões, F., de Souza Bento, L. M., and Machado, R. C. S. (2021). Uma implementação do ataque flush+reload para recuperação de trechos de chave rsa. In ANAIS DO WRAC+2020 & WCIBER 2020, 2020, Rio de Janeiro. Galoá.
Ge, Q., Yarom, Y., Heiser, G., and Armstrong, K. (2015). A survey of microarchitectural timing attacks and countermeasures. Computers and Security, 30:3–29.
Genkin, D., Pachmanov, L., Tromer, E., and Yarom, Y. (2018). Drive-by key-extraction cache attacks from portable code. In Applied Cryptography and Network Security: 16th International Conference, ACNS 2018, Leuven, Belgium, July 2-4, 2018, Proceedings, page 83–102, Berlin, Heidelberg. Springer-Verlag.
Gierlichs, B., Gras, L., Kim, D., and Maurice, C. (2017). Cache side-channel attacks in the JavaScript context. In Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS), pages 809–822. ACM.
Gordon, D. M. (1998). A survey of fast exponentiation methods. Journal of Algorithms, 27(1):129–146.
Heninger, N. and Shacham, H. (2009). Reconstructing rsa private keys from random key bits. In Halevi, S., editor, Advances in Cryptology - CRYPTO 2009, pages 1–17, Berlin, Heidelberg. Springer Berlin Heidelberg.
Mazaheri, A., Sarmadi, S., and Ardakani, A. (2022). Analyzing side-channel attacks in webassembly. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE.
Oren, Y., Kemerlis, V. P., Sethumadhavan, S., and Keromytis, A. D. (2015). The spy in the sandbox: Practical cache attacks in JavaScript and their implications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 1406–1418. ACM.
Shusterman, A., Avraham, Z., Croitoru, E., Haskal, Y., Kang, L., Levi, D., Meltser, Y., Mittal, P., Oren, Y., and Yarom, Y. (2021a). Website fingerprinting through the cache occupancy channel and its real world practicality. IEEE Transactions on Dependable and Secure Computing, 18(5):2042–2060.
Shusterman, A., Finkelstein, C., Gruner, O., Shani, Y., and Oren, Y. (2021b). Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization. Computer Networks, 200:108550.
Tanenbaum, A. S. and Bos, H. (2014). Modern Operating Systems. Prentice Hall Press, USA, 4th edition.
Vila, L., K”opf, M., and Morales, J. (2018). Theory and practice of finding eviction sets. Proceedings on Privacy Enhancing Technologies, 2018(3):263–279.
Yarom, Y. and Falkner, K. (2014). Flush+reload: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium, pages 719–732. USENIX Association.
da Silva Simões, F., de Souza Bento, L. M., and Machado, R. C. S. (2021). Uma implementação do ataque flush+reload para recuperação de trechos de chave rsa. In ANAIS DO WRAC+2020 & WCIBER 2020, 2020, Rio de Janeiro. Galoá.
Ge, Q., Yarom, Y., Heiser, G., and Armstrong, K. (2015). A survey of microarchitectural timing attacks and countermeasures. Computers and Security, 30:3–29.
Genkin, D., Pachmanov, L., Tromer, E., and Yarom, Y. (2018). Drive-by key-extraction cache attacks from portable code. In Applied Cryptography and Network Security: 16th International Conference, ACNS 2018, Leuven, Belgium, July 2-4, 2018, Proceedings, page 83–102, Berlin, Heidelberg. Springer-Verlag.
Gierlichs, B., Gras, L., Kim, D., and Maurice, C. (2017). Cache side-channel attacks in the JavaScript context. In Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS), pages 809–822. ACM.
Gordon, D. M. (1998). A survey of fast exponentiation methods. Journal of Algorithms, 27(1):129–146.
Heninger, N. and Shacham, H. (2009). Reconstructing rsa private keys from random key bits. In Halevi, S., editor, Advances in Cryptology - CRYPTO 2009, pages 1–17, Berlin, Heidelberg. Springer Berlin Heidelberg.
Mazaheri, A., Sarmadi, S., and Ardakani, A. (2022). Analyzing side-channel attacks in webassembly. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE.
Oren, Y., Kemerlis, V. P., Sethumadhavan, S., and Keromytis, A. D. (2015). The spy in the sandbox: Practical cache attacks in JavaScript and their implications. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), pages 1406–1418. ACM.
Shusterman, A., Avraham, Z., Croitoru, E., Haskal, Y., Kang, L., Levi, D., Meltser, Y., Mittal, P., Oren, Y., and Yarom, Y. (2021a). Website fingerprinting through the cache occupancy channel and its real world practicality. IEEE Transactions on Dependable and Secure Computing, 18(5):2042–2060.
Shusterman, A., Finkelstein, C., Gruner, O., Shani, Y., and Oren, Y. (2021b). Cache-based characterization: A low-infrastructure, distributed alternative to network-based traffic and application characterization. Computer Networks, 200:108550.
Tanenbaum, A. S. and Bos, H. (2014). Modern Operating Systems. Prentice Hall Press, USA, 4th edition.
Vila, L., K”opf, M., and Morales, J. (2018). Theory and practice of finding eviction sets. Proceedings on Privacy Enhancing Technologies, 2018(3):263–279.
Yarom, Y. and Falkner, K. (2014). Flush+reload: A high resolution, low noise, L3 cache side-channel attack. In Proceedings of the 23rd USENIX Security Symposium, pages 719–732. USENIX Association.
Published
2025-09-01
How to Cite
SIMÕES, Felipe S.; BENTO, Lucila M. S.; MACHADO, Raphael C. S..
Investigation of Web-based Flush+Reload Attack for RSA Key Extraction on Native Targets. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 562-574.
DOI: https://doi.org/10.5753/sbseg.2025.10400.
