Advertisement

Advances on Access-Driven Cache Attacks on AES

  • Michael Neve
  • Jean-Pierre Seifert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4356)

Abstract

An access-driven attack is a class of cache-based side channel analysis. Like the time-driven attack, the cache’s timings are under inspection as a source of information leakage. Access-driven attacks scrutinize the cache behavior with a finer granularity, rather than evaluating the overall execution time. Access-driven attacks leverage the ability to detect whether a cache line has been evicted, or not, as the primary mechanism for mounting an attack. In this paper we focus on the case of AES and we show that the vast majority of processors suffer from this cache-based vulnerability. Our best results are indeed performed on a processor without the multi-threading capabilities — in contrast to previous works in this area that had suggested that multi-threading actually improved, or even made possible, this class of attack.

Despite some technical difficulties required to mount such attacks, our work shows that access-driven cache-based attacks are becoming easier to understand and analyze. Also, when such attacks are mounted against systems performing AES, only a very limited number of encryptions are required to recover the whole key with a high probability of success, due to our last round analysis from the ciphertext.

Keywords

Block Cipher Side Channel Cache Line Covert Channel Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Openssl: the open-source toolkit for ssl / tls. Available online at http://www.openssl.org/
  2. 2.
    Bernstein, D.J.: Cache-timing attacks on AES (2004), Available onlineat http://cr.yp.to/papers.html#cachetiming
  3. 3.
    Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge aes against cache-based software side channel vulnerabilities. Cryptology ePrint Archive, Report, 2006/052 (2006), Available online at http://eprint.iacr.org/
  4. 4.
    Daemen, J., Rijmen, V.: The design of Rijndael, AES - The Advanced Encryption Standard. In: Information Security and Cryptology, Springer, Heidelberg (2001)Google Scholar
  5. 5.
    Handy, J.: The cache memory book (2nd ed.): the authoritative reference on cache design. Academic Press, Inc., Orlando, FL, USA (1998)Google Scholar
  6. 6.
    Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy, vol. 25, pp. 52–61 (1992)Google Scholar
  7. 7.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. Journal of Computer Security 8(2/3) (2000)Google Scholar
  8. 8.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  9. 9.
    Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  10. 10.
    Neve, M., Seifert, J.-P., Wang, Z.: A refined look at Bernstein’s AES side-channel analysis. In: Proceedings of AsiaCCS 2006 (2006)Google Scholar
  11. 11.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache atacks and countermeasures: the case of AES (extended version) (2005), Available online at http://www.wisdom.weizmann.ac.il/~tromer/
  12. 12.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of aes. Cryptology ePrint Archive, Report, 2005/271 (2005) Available online at http://eprint.iacr.org/2005/271.pdf
  13. 13.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of aes. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Percival, C.: Cache missing for fun and profit (2005), Available online at http://www.daemonology.net/hyperthreading-considered-harmful/
  15. 15.
    Shen, J., Lipasti, M.: Modern Processor Design: Fundamentals of Superscalar Processors. McGraw-Hill, New York (2005)Google Scholar
  16. 16.
    Silberschatz, A., Gagne, G., Galvin, P.B.: Operating system concepts, 7th edn. John Wiley and Sons, Inc., USA (2005)Google Scholar
  17. 17.
    Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of des implemented on computers with cache. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)Google Scholar
  18. 18.
    Tsunoo, Y., Tsujihara, E., Minematsu, K., Miyauchi, H.: Cryptanalysis of block ciphers implemented on computers with cache. In: Proceedings of International Symposium on Information Theory and Its Applications, pp. 803–806 (2002)Google Scholar
  19. 19.
    Wray, J.C.: An analysis of covert timing channels. Journal of Computer Security 1(3-4), 219–232 (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Michael Neve
    • 1
  • Jean-Pierre Seifert
    • 2
    • 3
  1. 1.Intel Corporation, CTG STL Trusted Platform Laboratory, 2111 NE 25th Avenue, Hillsboro Oregon 97124USA
  2. 2.Applied Security Research Group, The Center for Computational Mathematics and Scientific Computation, Faculty of Science and Science Education, University of Haifa, Haifa 31905Israel
  3. 3.Institute for Computer Science, University of Innsbruck, 6020 InnsbruckAustria

Personalised recommendations