Cache timing attacks are a serious threat to the security of computing systems. It permits sensitive information, such as cryptographic keys, to leak across virtual machines and even to remote servers. Encrypted Address Cache, proposed by CEASER – a best paper candidate at MICRO 2018 – is a promising countermeasure that stymies the timing channel by employing cryptography to randomize the cache address space. The author claims strong security guarantees by providing randomization both spatially (randomizing every address) and temporally (changing the encryption key periodically). In this letter, we point out a serious flaw in their encryption approach that undermines the proposed security guarantees. Specifically, we show that the proposed Low-Latency Block Cipher, used for encryption in CEASER, is composed of only linear functions which neutralizes the spatial and temporal randomization. Thus, we show that the complexity of a cache timing attack remains unaltered even with the presence of CEASER. Further, we compare the encryption overheads if CEASER is implemented with a stronger encryption algorithm.

中文翻译：

---

BRUTUS：驳斥 CEASER 中提出的缓存时序随机化对策的安全主张

缓存定时攻击是对计算系统安全的严重威胁。它允许敏感信息（例如加密密钥）在虚拟机之间甚至远程服务器之间泄漏。由 CEASER 提出的加密地址缓存——MICRO 2018 的最佳论文候选人——是一种很有前途的对策，它通过使用密码学来随机化缓存地址空间来阻碍时序通道。作者通过提供空间随机化（随机化每个地址）和时间随机化（定期更改加密密钥）来声称强大的安全保证。在这封信中，我们指出了他们的加密方法中的一个严重缺陷，它破坏了提议的安全保证。具体来说，我们展示了在 CEASER 中用于加密的提议的低延迟块密码，仅由中和空间和时间随机化的线性函数组成。因此，我们表明即使存在 CEASER，缓存时序攻击的复杂性也保持不变。此外，如果使用更强的加密算法实现 CEASER，我们将比较加密开销。