Efficient and Generic Microarchitectural Hash-Function Recovery
Modern CPUs use a variety of undocumented microarchitectural hash functions to efficiently distribute data within microarchitectural structures such as caches. A wellknown function is the cache slice function that distributes cache lines to the slices of the last-level cache. Knowing these functions considerally improves microarchitectural attacks, such as Prime+Probe or Rowhammer. However, while several such linear functions have been reverse-engineered, there is no generic and automated approach for reverse-engineering nonlinear functions, which are common with modern CPUs.
In this presentation, we introduce a generic approach for automatically reverse-engineering a wide range of microarchitectural hash functions. Our approach combines techniques initially used for logic-gate minimization and from computer algebra to infer the hash functions based on input-output pairs observed via side channels.
With our framework, we infer 3 previously unknown non-linear hash functions on both AMD and Intel CPUs, including the new Alder Lake hybrid-CPU architecture. We verify our approach by reproducing known hash functions and evaluating side-channel attacks that rely on these functions, resulting in success rates above 97.65 %. We stress the need to design such functions with both performance and security in mind and discuss alternative designs that can be used in future CPUs.
Lukas Gerlach is a PhD student at CISPA Helmholtz Center for Information Security microarchitecture and systems security at the rearch group of Michael Schwarz. He recieved his Bachelor's degree in Computer Science from Saarland University. Lukas work focuses on various topics ranging from novel architectures such as RISC-V over automated reverse engineering of CPUs to Rowhammer attacks. He is a passionate CTF player focussing on exploitation and cryptography for the saarsec team.