Table of Contents
Fetching ...

When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

Jeonghyun Woo, Joyce Qu, Gururaj Saileshwar, Prashant J. Nair

TL;DR

The paper reveals a timing-channel vulnerability in PRAC-based RowHammer mitigations caused by ABO-triggered RFMs and demonstrates PRACLeak covert and side channels that can leak sensitive data. It introduces Timing-Safe PRAC (TPRAC), which uses Timing-Based RFMs issued at fixed TB-Windows to decouple mitigation from memory activity, thereby eliminating ABO-induced latency cues while preserving RH protection. Empirical evaluation shows PRACLeak can achieve up to tens of kilobits per second in covert channels and AES-side channels, whereas TPRAC reduces or eliminates leakage with a modest average overhead of 3.4% at $N_{ ext{RH}}=1024$, and manageable energy and bandwidth costs. The work further discusses TB-Window design, mitigation queue structure, and potential co-design with Targeted Refreshes to balance security and performance, arguing for a practical, standards-aligned defense against PRAC timing channels.

Abstract

Per Row Activation Counting (PRAC) has emerged as a robust framework for mitigating RowHammer (RH) vulnerabilities in modern DRAM systems. However, we uncover a critical vulnerability: a timing channel introduced by the Alert Back-Off (ABO) protocol and Refresh Management (RFM) commands. We present PRACLeak, a novel attack that exploits these timing differences to leak sensitive information, such as secret keys from vulnerable AES implementations, by monitoring memory access latencies. To counter this, we propose Timing-Safe PRAC (TPRAC), a defense that eliminates PRAC-induced timing channels without compromising RH mitigation efficacy. TPRAC uses Timing-Based RFMs, issued periodically and independent of memory activity. It requires only a single-entry in-DRAM mitigation queue per DRAM bank and is compatible with existing DRAM standards. Our evaluations demonstrate that TPRAC closes timing channels while incurring only 3.4% performance overhead at the RH threshold of 1024.

When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

TL;DR

The paper reveals a timing-channel vulnerability in PRAC-based RowHammer mitigations caused by ABO-triggered RFMs and demonstrates PRACLeak covert and side channels that can leak sensitive data. It introduces Timing-Safe PRAC (TPRAC), which uses Timing-Based RFMs issued at fixed TB-Windows to decouple mitigation from memory activity, thereby eliminating ABO-induced latency cues while preserving RH protection. Empirical evaluation shows PRACLeak can achieve up to tens of kilobits per second in covert channels and AES-side channels, whereas TPRAC reduces or eliminates leakage with a modest average overhead of 3.4% at , and manageable energy and bandwidth costs. The work further discusses TB-Window design, mitigation queue structure, and potential co-design with Targeted Refreshes to balance security and performance, arguing for a practical, standards-aligned defense against PRAC timing channels.

Abstract

Per Row Activation Counting (PRAC) has emerged as a robust framework for mitigating RowHammer (RH) vulnerabilities in modern DRAM systems. However, we uncover a critical vulnerability: a timing channel introduced by the Alert Back-Off (ABO) protocol and Refresh Management (RFM) commands. We present PRACLeak, a novel attack that exploits these timing differences to leak sensitive information, such as secret keys from vulnerable AES implementations, by monitoring memory access latencies. To counter this, we propose Timing-Safe PRAC (TPRAC), a defense that eliminates PRAC-induced timing channels without compromising RH mitigation efficacy. TPRAC uses Timing-Based RFMs, issued periodically and independent of memory activity. It requires only a single-entry in-DRAM mitigation queue per DRAM bank and is compatible with existing DRAM standards. Our evaluations demonstrate that TPRAC closes timing channels while incurring only 3.4% performance overhead at the RH threshold of 1024.
Paper Structure (55 sections, 4 equations, 14 figures, 5 tables)

This paper contains 55 sections, 4 equations, 14 figures, 5 tables.

Figures (14)

  • Figure 1: Timing Channels in PRAC. Alert Back-Off-triggered RFMs (ABO-RFMs) introduce activation-dependent latency, enabling timing channels. An adversary can exploit these to transmit 'Bit-0' or 'Bit-1'. Our goal is to remove this dependency and make RFMs timing independent of activations.
  • Figure 2: The activity-dependent nature of PRAC's RFMs allows attackers to exploit them. (a) Repeated activations of a DRAM row up to the Back-Off threshold ($\text{N}_{\text{BO}}$) trigger an RFM due to ABO (ABO-RFM). (b) Activation-Based RFMs (ACB-RFMs), which mitigate proactively at lower thresholds, can avoid ABO-RFMs but remain exploitable as attackers can still induce ACB-RFMs by activating rows within a bank.
  • Figure 3: Timing variation for memory accesses for an attacker in the presence and absence of a concurrent Alert Back-Off (ABO) due to victim's activity.
  • Figure 4: PRACLeak Side-Channel attack on AES T-tables for plaintext byte-0, $p_0 = 0$ with $k_0=0$. During victim activations, the Row-0 activation counts are approximately double those of the other rows. Thus, the attacker observing the high memory access latency of ABO due to activations on Row-0 learns that it is the most activated row.
  • Figure 5: Side-Channel attack on AES T-tables for varying key byte-0 $k_0$ values, when plaintext byte-0 $p_0 = 0$. (a) Number of victim activations for DRAM rows after running 200 encryptions. (b) Number of attacker activations on row causing first ABO -- index of this row leaks out the key bits.
  • ...and 9 more figures