Advertisement

Cache-Access Pattern Attack on Disaligned AES T-Tables

  • Raphael Spreitzer
  • Thomas Plos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7864)

Abstract

Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer et al. [20] we gather the cache-memory access patterns of AES T-table implementations and perform a pattern-matching attack in order to recover the used secret key. These T-tables usually do not start at memory addresses which are mapped to the beginning of a specific cache line. Thus, focusing on disaligned AES T-tables allows us to recover the whole secret key by considering only the first round of the AES. We apply the presented cache attack on a Google Nexus S smartphone, which employs a Cortex-A8 processor and runs a fully-functioning operating system. The attack is purely implemented in software and the only requirement is a rooted mobile device. To the best of our knowledge, we are the first to launch an access-driven attack on an ARM Cortex-A processor. Based on our observations of the gathered access patterns we also present an enhancement, which in some cases allows us to recover the secret key without a subsequent brute-force key search.

Keywords

AES ARM Cortex-A8 disaligned AES T-tables memory-access pattern attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Acıiçmez, O., Koç, Ç.K.: Trace-Driven Cache Attacks on AES. IACR Cryptology ePrint Archive, 2006:138 (2006)Google Scholar
  2. 2.
    ARM Ltd. ARM Architecture Reference Manual, ARMv7-A and ARMv7-R ed., ARM DDI 0406 A (April 2007)Google Scholar
  3. 3.
    ARM Ltd. ARM Technical Reference Manual, Cortex-A8, Revision: r3p2, ARM DDI 0344K (May 2010)Google Scholar
  4. 4.
    ARM Ltd. Cortex-A Series Programmer’s Guide, Version: 2.0 (August 2011)Google Scholar
  5. 5.
  6. 6.
    Bernstein, D.J.: Cache-timing attacks on AES (April 2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
  7. 7.
    Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES Power Attack Based on Induced Cache Miss and Countermeasure. In: Information Technology: Coding and Computing, ITCC 2005, vol. 1, pp. 586–591. IEEE Computer Society (2005)Google Scholar
  8. 8.
    Bogdanov, A., Eisenbarth, T., Paar, C., Wienecke, M.: Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 235–251. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Bonneau, J., Mironov, I.: Cache-Collision Timing Attacks Against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Gallais, J.-F., Kizhvatov, I.: Error-Tolerance in Trace-Driven Cache Collision Attacks. In: International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2011, pp. 222–232 (2011)Google Scholar
  11. 11.
    Gullasch, D., Bangerter, E., Krenn, S.: Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. In: IEEE Symposium on Security and Privacy, SP 2011, pp. 490–505. IEEE Computer Society (2011)Google Scholar
  12. 12.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security 8(2-3), 141–158 (2000)Google Scholar
  13. 13.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  14. 14.
    Lauradoux, C.: Collision attacks on processors with cache and countermeasures. In: Western European Workshop on Research in Cryptology, WEWoRC 2005, pp. 76–85 (2005)Google Scholar
  15. 15.
    National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), http://www.itl.nist.gov/fipspubs/
  16. 16.
    Neve, M., Seifert, J.-P.: Advances on Access-Driven Cache Attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147–162. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  17. 17.
    OpenSSL Software Foundation. OpenSSL Project (2012), http://www.openssl.org/
  18. 18.
    Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. Technical Report CSTR-02-003, University of Bristol, Department of Computer Science (June 2002), http://www.cs.bris.ac.uk/Publications/Papers/1000625.pdf
  19. 19.
    Rebeiro, C., Poddar, R., Datta, A., Mukhopadhyay, D.: An Enhanced Differential Cache Attack on CLEFIA for Large Cache Lines. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 58–75. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Tromer, E., Osvik, D.A., Shamir, A.: Efficient Cache Attacks on AES, and Countermeasures. Journal of Cryptology 23(1), 37–71 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES Implemented on Computers with Cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Tsunoo, Y., Tsujihara, E., Minematsu, K., Miyauchi, H.: Cryptanalysis of Block Ciphers Implemented on Computers with Cache. In: International Symposium on Information Theory and Its Applications, ISITA (October 2002)Google Scholar
  23. 23.
    Weiß, M., Heinz, B., Stumpf, F.: A Cache Timing Attack on AES in Virtualization Environments. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  24. 24.
    Zhao, X., Wang, T.: Improved Cache Trace Attack on AES and CLEFIA by Considering Cache Miss and S-box Misalignment. IACR Cryptology ePrint Archive 2010, 56 (2010)Google Scholar
  25. 25.
    Zhao, X., Wang, T., Mi, D., Zheng, Y., Lun, Z.: Robust First Two Rounds Access Driven Cache Timing Attack on AES. In: International Conference on Computer Science and Software Engineering, CSSE 2008, pp. 785–788. IEEE Computer Society (2008)Google Scholar
  26. 26.
    Zhao, X., Wang, T., Zheng, Y.: Cache Timing Attacks on Camellia Block Cipher. IACR Cryptology ePrint Archive 2009, 354 (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Raphael Spreitzer
    • 1
  • Thomas Plos
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations