What are the possible consequences of a cache miss? In other word, is it possible that a cache miss could cause a security threat?
Thank you.
Asked
Active
Viewed 115 times
-3
-
Are you thinking about a specific threat? How about a specific cache? – Neil Smithline Sep 29 '15 at 20:02
-
Don't cross-post please – Neil McGuigan Sep 29 '15 at 20:16
-
2In what context? "Cache miss" may occur in several situations (I would see more threat in a cache *hit*, actually - more of a privacy issue than a security threat, perhaps). – LSerni Sep 29 '15 at 21:29
1 Answers
1
Yes, cache misses can be used in timing attacks.
Place an octet string on a page boundary, validate from left to right. If a cache miss occurs than everything up to the cache miss is correct, because otherwise the verification would have stopped (hence: always test all characters of a password / PIN etc.). A cache miss is more likely to be detected than simply counting the bytes that are validated as a cache miss will take many more CPU cycles (hundreds) instead of just a few.
Maarten Bodewes
- 4,562
- 15
- 29