On the Applicability of Time-Driven Cache Attacks on Mobile Devices

Cache attacks are known to be sophisticated attacks against crypto- graphic implementations on desktop computers. Recently, also investigations of such attacks on testbeds with processors that are employed in mobile devices have been done. In this work we investigate the applicability of Bernstein's (4) timing attack and the cache-collision attack by Bogdanov et al. (6) in real environments on three state-of-the-art mobile devices. These devices are: an Acer Iconia A510, a Google Nexus S, and a Samsung Galaxy SIII. We show that T-table based im- plementations of the Advanced Encryption Standard (AES) leak enough timing information on these devices in order to recover parts of the used secret key using Bernstein's timing attack. We also show that systems with a cache-line size larger than 32 bytes exacerbate the cache-collision attack by Bogdanov et al. (6).

[1]  Andrey Bogdanov,et al.  Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs , 2010, CT-RSA.

[2]  Patrick Fay,et al.  Breakthrough AES Performance with Intel ® AES New Instructions , 2010 .

[3]  Ilya Kizhvatov Error-Tolerance in Trace-Driven Cache Collision Attacks , 2011 .

[4]  Josef Pieprzyk Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings , 2010, CT-RSA.

[5]  Michael Neve de Mevergnies,et al.  Cache-based vulnerabilities and spam analysis , 2006 .

[6]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[7]  Benedikt Heinz,et al.  A Cache Timing Attack on AES in Virtualization Environments , 2012, Financial Cryptography.

[8]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[9]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[10]  Vittorio Zaccaria,et al.  AES power attack based on induced cache miss and countermeasure , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[11]  Joseph Bonneau,et al.  What's in a Name? , 2020, Financial Cryptography.

[12]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[13]  Thomas Plos,et al.  Cache-Access Pattern Attack on Disaligned AES T-Tables , 2013, COSADE.