Error-Tolerance in Trace-Driven Cache Collision Attacks

We present enhancements of the trace-driven cache collisio na ttack against embed- ded AES implementations presented at WISA 2010. First, we improve the attack to reduce the remaining exhaustive search complexity from 2 32 to at most 10 AES encryptions. Second, we extend the tolerance to errors in cache event detection to thefull attack and show that the attack is e!cient even for the significant error probabilities. Finally, we show that previous univariate models for estimating attack complexity are not good, and present the multivariate model which is easy to simulate. Our attack is comparable to DPA in terms of complexity, while being of a di"erent nature. We also show by further explorations on an ARM platform that cache events are distinguishable in practice.

[1]  Joseph Bonneau,et al.  Robust Final-Round Cache-Trace Attacks Against AES , 2006, IACR Cryptol. ePrint Arch..

[2]  Cédric Lauradoux,et al.  Collision attacks on processors with cache and countermeasures , 2005, WEWoRC.

[3]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[4]  Michael Tunstall,et al.  Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations , 2010, WISA.

[5]  Andrey Bogdanov,et al.  Improved Side-Channel Collision Attacks on AES , 2007, Selected Areas in Cryptography.

[6]  Michael Tunstall,et al.  Cache Based Power Analysis Attacks on AES , 2006, ACISP.

[7]  Christof Paar,et al.  A Collision-Attack on AES: Combining Side Channel- and Differential-Attack , 2004, CHES.

[8]  Dan Page,et al.  Defending against cache-based side-channel attacks , 2003, Inf. Secur. Tech. Rep..

[9]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[10]  Vittorio Zaccaria,et al.  AES power attack based on induced cache miss and countermeasure , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[11]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[12]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..

[13]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES (Short Paper) , 2006, ICICS.

[14]  Tao Wang,et al.  Improved Cache Trace Attack on AES and CLEFIA by Considering Cache Miss and S-box Misalignment , 2010, IACR Cryptol. ePrint Arch..

[15]  François-Xavier Standaert,et al.  Algebraic Side-Channel Attacks on the AES: Why Time also Matters in DPA , 2009, CHES.

[16]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[17]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .