Abstract
An access-driven attack is a class of cache-based side channel analysis. Like the time-driven attack, the cache’s timings are under inspection as a source of information leakage. Access-driven attacks scrutinize the cache behavior with a finer granularity, rather than evaluating the overall execution time. Access-driven attacks leverage the ability to detect whether a cache line has been evicted, or not, as the primary mechanism for mounting an attack. In this paper we focus on the case of AES and we show that the vast majority of processors suffer from this cache-based vulnerability. Our best results are indeed performed on a processor without the multi-threading capabilities — in contrast to previous works in this area that had suggested that multi-threading actually improved, or even made possible, this class of attack.
Despite some technical difficulties required to mount such attacks, our work shows that access-driven cache-based attacks are becoming easier to understand and analyze. Also, when such attacks are mounted against systems performing AES, only a very limited number of encryptions are required to recover the whole key with a high probability of success, due to our last round analysis from the ciphertext.
This work has first been presented during the rump session of Crypto 05 by E. Brickell.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Openssl: the open-source toolkit for ssl / tls. Available online at http://www.openssl.org/
Bernstein, D.J.: Cache-timing attacks on AES (2004), Available onlineat http://cr.yp.to/papers.html#cachetiming
Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge aes against cache-based software side channel vulnerabilities. Cryptology ePrint Archive, Report, 2006/052 (2006), Available online at http://eprint.iacr.org/
Daemen, J., Rijmen, V.: The design of Rijndael, AES - The Advanced Encryption Standard. In: Information Security and Cryptology, Springer, Heidelberg (2001)
Handy, J.: The cache memory book (2nd ed.): the authoritative reference on cache design. Academic Press, Inc., Orlando, FL, USA (1998)
Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy, vol. 25, pp. 52–61 (1992)
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. Journal of Computer Security 8(2/3) (2000)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)
Neve, M., Seifert, J.-P., Wang, Z.: A refined look at Bernstein’s AES side-channel analysis. In: Proceedings of AsiaCCS 2006 (2006)
Osvik, D.A., Shamir, A., Tromer, E.: Cache atacks and countermeasures: the case of AES (extended version) (2005), Available online at http://www.wisdom.weizmann.ac.il/~tromer/
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of aes. Cryptology ePrint Archive, Report, 2005/271 (2005) Available online at http://eprint.iacr.org/2005/271.pdf
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of aes. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Percival, C.: Cache missing for fun and profit (2005), Available online at http://www.daemonology.net/hyperthreading-considered-harmful/
Shen, J., Lipasti, M.: Modern Processor Design: Fundamentals of Superscalar Processors. McGraw-Hill, New York (2005)
Silberschatz, A., Gagne, G., Galvin, P.B.: Operating system concepts, 7th edn. John Wiley and Sons, Inc., USA (2005)
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of des implemented on computers with cache. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)
Tsunoo, Y., Tsujihara, E., Minematsu, K., Miyauchi, H.: Cryptanalysis of block ciphers implemented on computers with cache. In: Proceedings of International Symposium on Information Theory and Its Applications, pp. 803–806 (2002)
Wray, J.C.: An analysis of covert timing channels. Journal of Computer Security 1(3-4), 219–232 (1992)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Neve, M., Seifert, JP. (2007). Advances on Access-Driven Cache Attacks on AES. In: Biham, E., Youssef, A.M. (eds) Selected Areas in Cryptography. SAC 2006. Lecture Notes in Computer Science, vol 4356. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74462-7_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-74462-7_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74461-0
Online ISBN: 978-3-540-74462-7
eBook Packages: Computer ScienceComputer Science (R0)