Cipherfix: Mitigating Ciphertext Side-Channel Attacks in Software. (arXiv:2210.13124v2 [cs.CR] UPDATED)

Trusted execution environments (TEEs) provide an environment for running
workloads in the cloud without having to trust cloud service providers, by
offering additional hardware-assisted security guarantees. However, main memory
encryption as a key mechanism to protect against system-level attackers trying
to read the TEE's content and physical, off-chip attackers, is insufficient.
The recent Cipherleaks attacks infer secret data from TEE-protected
implementations by analyzing ciphertext patterns exhibited due to deterministic
memory encryption. The underlying vulnerability, dubbed the ciphertext
side-channel, is neither …

attackers attacks channel chip ciphertext cloud cloud service cloud service providers data encryption environment environments hardware key main memory memory encryption patterns physical protect secret security service service providers side-channel side-channel attacks software system trust workloads