Cache-Timing Attack Detection and Prevention

Application to Crypto Libs and PQC
  • Sébastien Carré
  • Adrien Facon
  • Sylvain GuilleyEmail author
  • Sofiane Takarabt
  • Alexander Schaub
  • Youssef Souissi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11421)


With the publication of Spectre & Meltdown attacks, cache-timing exploitation techniques have received a wealth of attention recently. On the one hand, it is now well understood which patterns in the source code create observable unbalances in terms of timing. On the other hand, some practical attacks have also been reported. But the exact relation between vulnerabilities and exploitations is not enough studied as of today. In this article, we put forward a methodology to characterize the leakage induced by a “non-constant-time” construct in the source code. This methodology allows us to recover known attacks and to warn about possible new ones, possibly devastating.


Cache-timing attacks Leakage detection Leakage attribution Discovery of new attacks 



This work has benefited from a funding via the French PIA (Projet d’Investissment d’Avenir) RISQ (Regroupement de l’Industrie pour la Sécurité post-Quantique). Besides, this work has been partly financed via TeamPlay (, a project from European Union’s Horizon20202 research and innovation programme, under grant agreement N\(^\circ \) 779882.

Supplementary material


  1. 1.
    Bernstein, D.J., et al.: Sliding right into disaster: left-to-right sliding windows leak. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 555–576. Springer, Cham (2017). Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997). Scholar
  3. 3.
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). Scholar
  4. 4.
    Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011). Scholar
  5. 5.
    Dall, F., et al.: CacheQuote: efficiently recovering long-term secrets of SGX EPID via cache attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(2), 171–191 (2018)Google Scholar
  6. 6.
    Danger, J.-L., Debande, N., Guilley, S., Souissi, Y.: High-order timing attacks. In: Proceedings of the First Workshop on Cryptography and Security in Computing Systems, CS2 2014, pp. 7–12. ACM, New York (2014)Google Scholar
  7. 7.
    Dugardin, M., Guilley, S., Danger, J.-L., Najm, Z., Rioul, O.: Correlated extra-reductions defeat blinded regular exponentiation. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 3–22. Springer, Heidelberg (2016). Scholar
  8. 8.
    Facon, A., Guilley, S., Lec’hvien, M., Marion, D., Perianin, T.: Binary data analysis for source code leakage assessment. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 391–409. Springer, Cham (2019). Scholar
  9. 9.
    Facon, A., Guilley, S., Lec’hvien, M., Schaub, A., Souissi, Y.: Detecting cache-timing vulnerabilities in post-quantum cryptography algorithms. In: 3rd IEEE International Verification and Security Workshop, IVSW 2018, Costa Brava, Spain, 2–4 July 2018, pp. 7–12. IEEE (2018)Google Scholar
  10. 10.
    García, C.P., Brumley, B.B., Yarom, Y.: Make sure DSA signing exponentiations really are constant-time. In: Weippl, E.R., et al. [22], pp. 1639–1650Google Scholar
  11. 11.
    Ge, Q., Yarom, Y., Cock, D., Heiser, G.: A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J. Cryptographic Eng. 8(1), 1–27 (2018)CrossRefGoogle Scholar
  12. 12.
    Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In: Weippl, E.R., et al. [22], pp. 368–379Google Scholar
  13. 13.
    Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 279–299. Springer, Cham (2016). Scholar
  14. 14.
    iOS 7.0.6. CVE-ID CVE-2014-1266. Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS, February 2014.
  15. 15.
    Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Heidelberg (2012). ISBN: 978-3-642-29655-0CrossRefGoogle Scholar
  16. 16.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  17. 17.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Scholar
  18. 18.
    Clémentine Maurice and Moritz Lipp. What could possibly go wrong with \(<\)insert x86 instruction here\(>\)?, December 2016. 33rd Chaos Communication Congress (33c3), Hamburg, Germany.
  19. 19.
    Maurice, C., et al.: Hello from the other side: SSH over robust cache covert channels in the cloud. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February–1 March 2017. The Internet Society (2017)Google Scholar
  20. 20.
    Takarabt, S., et al.: Cache-timing attacks still threaten IoT devices. In: Codes, Cryptology and Information Security - Third International Conference, C2SI 2019, Rabat, Morocco, 22–14 April 2019, Proceedings. Springer (2019, to appear)Google Scholar
  21. 21.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Walter, C.D.: Sliding windows succumbs to big Mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001). Scholar
  23. 23.
    Weippl, E.R., Katzenbeisser, S., Kruegel, C., Myers, A.C., Halevi, S., (eds.): Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016. ACM (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Sébastien Carré
    • 1
    • 2
  • Adrien Facon
    • 1
    • 3
  • Sylvain Guilley
    • 1
    • 2
    • 3
    Email author
  • Sofiane Takarabt
    • 1
    • 2
  • Alexander Schaub
    • 2
  • Youssef Souissi
    • 1
  1. 1.Secure-IC S.A.S.Cesson-SévignéFrance
  2. 2.LTCI, Télécom ParisTech, Institut Polytechnique de ParisParisFrance
  3. 3.École Normale Supérieure, département d’informatiqueParisFrance

Personalised recommendations