There are several key challenges in performing cache-based attacks on ARM-based devices. Lipp et al. introduced various techniques to tackle these challenges and applied successfully different cache-based attacks on ARM-based mobile devices. In the cache-based attacks proposed by Lipp et al. it is assumed that the attacker has access to the mapping of virtual addresses to physical addresses through/proc/self/pagemap which is an important limiting factor in Linux and newer versions of Android operating systems. To access this mapping, the attacker must know the root of the operating system. In this paper, we introduce an Evict+Reload attack on the T-table-based implementation of AES which applies to ARM-based devices in which root access is required to use the mapping of virtual addresses to physical addresses. The attack consists of two phases. The profiling is a preprocessing phase to profile all the timing characteristics when AES is executed with a known key. In this phase, the attacker can identify specific bits of the physical addresses of the AES T-table elements without having root access. In the exploitation phase, full key bytes are retrieved by a conventional Evict+Reload attack. To verify the theoretical model of our technique, we implemented the described attack on AES.

在基于 ARM 的设备上执行基于缓存的攻击有几个关键挑战。利普等人。介绍了各种技术来应对这些挑战，并成功地在基于 ARM 的移动设备上应用了不同的基于缓存的攻击。在 Lipp 等人提出的基于缓存的攻击中。假设攻击者可以通过 /proc/self/pagemap 访问虚拟地址到物理地址的映射，这是 Linux 和更新版本的 Android 操作系统中的一个重要限制因素。要访问此映射，攻击者必须知道操作系统的根目录。在本文中，我们介绍了对基于 T 表的 AES 实现的 Evict+Reload 攻击，该攻击适用于基于 ARM 的设备，其中需要根访问权限才能使用虚拟地址到物理地址的映射。攻击分为两个阶段。分析是一个预处理阶段，用于分析使用已知密钥执行 AES 时的所有时序特征。在这个阶段，攻击者可以在没有 root 访问权限的情况下识别 AES T 表元素的物理地址的特定位。在利用阶段，通过传统的 Evict+Reload 攻击检索完整的密钥字节。为了验证我们技术的理论模型，我们对 AES 实施了所描述的攻击。