Flush+Reload is a powerful access-driven cache attack in which the attacker leverages a security weakness in the X86 processor architecture to extract the private data of the victim. This attack can be mounted in a cross-core setting, where the memory deduplication is enabled and several users are sharing the same physical machine. In this paper, for the first time, we demonstrate that SEED implementation of OpenSSL 1.1.0 running inside the victim VM is vulnerable against the Flush+Reload attacks and the attacker can recover the keys of this encryption. SEED is a standard encryption algorithm that was developed by the Korea Information Security Agency (KISA) and has been used for confidential services in the Republic of Korea. Our work demonstrates that the attacker can retrieve the secret keys of SEED in 3 min in the native setup and 4 min in the cross-VM setup by performing the Flush+Reload technique. Our experimental results show that common implementation of this standard cipher is vulnerable to Flush+Reload attack in both native and cross-VM settings. To the best of our knowledge, this paper presents the first cache-based attack on a SEED block cipher.

中文翻译：

---

对 SEED 的刷新+重新加载攻击

Flush+Reload 是一种强大的访问驱动缓存攻击，攻击者利用 X86 处理器架构中的安全漏洞来提取受害者的私有数据。这种攻击可以安装在跨核设置中，其中启用了内存重复数据删除并且多个用户共享同一台物理机器。在本文中，我们首次证明了在受害虚拟机内运行的 OpenSSL 1.1.0 的 SEED 实现容易受到 Flush+Reload 攻击，并且攻击者可以恢复这种加密的密钥。SEED 是由韩国信息安全局 (KISA) 开发的标准加密算法，已在大韩民国用于机密服务。我们的工作表明，攻击者可以通过执行 Flush+Reload 技术在本地设置中 3 分钟和跨 VM 设置中 4 分钟检索 SEED 的密钥。我们的实验结果表明，这种标准密码的常见实现在本机和跨 VM 设置中都容易受到 Flush+Reload 攻击。据我们所知，本文提出了对 SEED 块密码的第一个基于缓存的攻击。