Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security, Privacy, and Applied Cryptography Engineering

SPACE 2017: Security, Privacy, and Applied Cryptography Engineering pp 30–52Cite as

Tackling the Time-Defence: An Instruction Count Based Micro-architectural Side-Channel Attack on Block Ciphers

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10662))

Abstract

Hardware Performance Counters (HPCs) are present in most modern processors and provide an interface to user-level processes to monitor their processor performance in terms of the number of micro architectural events, executed during a process execution. In this paper, we analyze the leakage from these HPC events and present a new micro-architectural side-channel attack which observes number of instruction counts during the execution of an encryption algorithm as side-channel information to recover the secret key. This paper first demonstrates the fact that the instruction counts can act as a side-channel and then describes the Instruction Profiling Attack (IPA) methodology with the help of two block ciphers, namely AES and Clefia, on Intel and AMD processors. We follow the principles of profiled instruction attacks and show that the proposed attack is more potent than the well-known cache timing attacks in literature. We also perform experiments on ciphers implemented with popular time fuzzing schemes to subvert timing attacks. Our results show that while the countermeasure successfully stops leakages through the timing channels, it is vulnerable to the Instruction Profiling Attack. We validate our claims by detailed experiments on contemporary Intel and AMD platforms to demonstrate that seemingly benign instruction counts can serve as side-channels even for block cipher implementations which are hardened against timing attacks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Aciiçmez, O.: Yet another microarchitectural attack: : exploiting I-cache. In: Proceedings of the 2007 ACM Workshop on Computer Security Architecture, CSAW 2007, Fairfax, VA, USA, 2 November 2007, pp. 11–18 (2007)

    Google Scholar 

  2. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006). https://doi.org/10.1007/11967668_18

    Chapter  Google Scholar 

  3. Barreto, P.S.L.M.: The AES block cipher in C++

    Google Scholar 

  4. Bernstein, D.J.: Cache-timing attacks on AES. Techical report (2005)

    Google Scholar 

  5. Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 159–176. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33481-8_9

    Chapter  Google Scholar 

  6. Bhattacharya, S., Rebeiro, C., Mukhopadhyay, D.: Unraveling timewarp: what all the fuzz is about? In: HASP 2013, The Second Workshop on Hardware and Architectural Support for Security and Privacy, Tel-Aviv, Israel, 23–24 June 2013, p. 8 (2013)

    Google Scholar 

  7. Federal Information Processing Standards Publication 197. Announcing the Advanced Encryption Standard (AES)

    Google Scholar 

  8. Granger, R., Page, D., Stam, M.: Hardware and software normal basis arithmetic for pairing-based cryptography in characteristic three. IEEE Trans. Comput. 54(7), 852–860 (2005)

    Article  Google Scholar 

  9. Intel 64 and IA-32 Architectures Software Developer’s Manual Volume 3 (3A, 3B, 3C & 3D): System Programming Guide (2010)

    Google Scholar 

  10. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, 17–21 May 2015, pp. 605–622 (2015)

    Google Scholar 

  11. Martin, R., Demme, J., Sethumadhavan, S.: Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In: 39th International Symposium on Computer Architecture (ISCA 2012), Portland, OR, USA, 9–13 June 2012, pp. 118–129 (2012)

    Google Scholar 

  12. Mukhopadhyay, D., Chakraborty, R.S.: Hardware Security: Design, Threats, and Safeguards, 1st edn. Chapman & Hall/CRC, Boca Raton (2014)

    Google Scholar 

  13. Neve, M., Seifert, J., Wang, Z.: A refined look at Bernstein’s AES side-channel analysis. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2006, Taipei, Taiwan, 21–24 March 2006, p. 369 (2006)

    Google Scholar 

  14. Nyberg, K.: Generalized Feistel networks. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 91–104. Springer, Heidelberg (1996). https://doi.org/10.1007/BFb0034838

    Google Scholar 

  15. OProfile (2015). http://oprofile.sourceforge.net/news/

  16. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1

    Chapter  Google Scholar 

  17. perf: Linux profiling with performance counters (2015)

    Google Scholar 

  18. Performance Application Programming Interface (2016)

    Google Scholar 

  19. Rebeiro, C., Mondal, M., Mukhopadhyay, D.: Pinpointing cache timing attacks on AES. In: VLSI Design 2010: 23rd International Conference on VLSI Design, 9th International Conference on Embedded Systems, Bangalore, India, 3–7 January 2010, pp. 306–311 (2010)

    Google Scholar 

  20. Rebeiro, C., Mukhopadhyay, D., Bhattacharya, S.: Timing Channels in Cryptography: A Micro-Architectural Perspective. Springer Publishing Company, Incorporated, Cham (2014). https://doi.org/10.1007/978-3-319-12370-7

    Google Scholar 

  21. Rebeiro, C., Mukhopadhyay, D., Takahashi, J., Fukunaga, T.: Cache timing attacks on clefia. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 104–118. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10628-6_7

    Chapter  Google Scholar 

  22. Sony Corporation: The 128-bit blockcipher Clefia: Algorithm specification (2007)

    Google Scholar 

  23. The OpenSSL Project. http://www.openssl.org

  24. Unix Stack Exchange. https://unix.stackexchange.com/questions/2126/why-is-there-a-big-delay-after-entering-a-wrong-password

  25. Wang, X., Karri, R.: Numchecker: detecting kernel control-flow modifying rootkits by using hardware performance counters. In: The 50th Annual Design Automation Conference 2013, DAC 2013, Austin, TX, USA, 29 May–07 June 2013, pp. 79:1–79:7 (2013)

    Google Scholar 

  26. Wang, X., Karri, R.: Reusing hardware performance counters to detect and identify kernel control-flow modifying rootkits. IEEE Trans. CAD Integr. Circuits Syst. 35(3), 485–498 (2016)

    Article  Google Scholar 

  27. Wang, X., Konstantinou, C., Maniatakos, M., Karri, R.: Confirm: detecting firmware modifications in embedded systems using hardware performance counters. In: Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2015, Austin, TX, USA, 2–6 November 2015, pp. 544–551 (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology, Kharagpur, Kharagpur, India

    Manaar Alam, Sarani Bhattacharya & Debdeep Mukhopadhyay

Authors
  1. Manaar Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sarani Bhattacharya
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Debdeep Mukhopadhyay
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manaar Alam .

Editor information

Editors and Affiliations

  1. Indian Institute of Technology, Tirupati, Andhra Pradesh, India

    Sk Subidh Ali

  2. Institut Mines-Télécom, Paris, France

    Jean-Luc Danger

  3. University of Lübeck, Lübeck, Germany

    Thomas Eisenbarth

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alam, M., Bhattacharya, S., Mukhopadhyay, D. (2017). Tackling the Time-Defence: An Instruction Count Based Micro-architectural Side-Channel Attack on Block Ciphers. In: Ali, S., Danger, JL., Eisenbarth, T. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2017. Lecture Notes in Computer Science(), vol 10662. Springer, Cham. https://doi.org/10.1007/978-3-319-71501-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71501-8_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71500-1

  • Online ISBN: 978-3-319-71501-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation