Are AES x86 cache timing attacks still feasible?

We argue that five recent software and hardware developments - the AES-NI instructions, multicore processors with per-core caches, complex modern software, sophisticated prefetchers, and physically tagged caches - combine to make it substantially more difficult to mount data-cache side-channel attacks on AES than previously realized. We propose ways in which some of the challenges posed by these developments might be overcome. We also consider scenarios where side-channel attacks are attractive, and whether our proposed workarounds might be applicable to these scenarios.

[1]  Jean-Loup Baer,et al.  An effective on-chip preloading scheme to reduce data access penalty , 1991, Proceedings of the 1991 ACM/IEEE Conference on Supercomputing (Supercomputing '91).

[2]  Onur Aciiçmez,et al.  New Results on Instruction Cache Attacks , 2010, CHES.

[3]  Jean-Pierre Seifert,et al.  Software mitigations to hedge AES against cache-based software side channel vulnerabilities , 2006, IACR Cryptol. ePrint Arch..

[4]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[5]  Billy Bob Brumley,et al.  Remote Timing Attacks Are Still Practical , 2011, ESORICS.

[6]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[7]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[8]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[9]  Jack Bilmes,et al.  Following instructions , 1988 .

[10]  Andreas Dewald,et al.  TRESOR Runs Encryption Securely Outside RAM , 2011, USENIX Security Symposium.

[11]  Onur Aciiçmez,et al.  Yet another MicroArchitectural Attack:: exploiting I-Cache , 2007, CSAW '07.

[12]  Hovav Shacham,et al.  Eliminating fine grained timers in Xen , 2011, CCSW '11.

[13]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[14]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[15]  Stephan Krenn,et al.  Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice , 2011, 2011 IEEE Symposium on Security and Privacy.

[16]  Anne Canteaut,et al.  Understanding cache attacks , 2006 .

[17]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[18]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.

[19]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[20]  Onur Aciiçmez,et al.  Predicting Secret Keys Via Branch Prediction , 2007, CT-RSA.