Advances on Access-Driven Cache Attacks on AES

An access-driven attack is a class of cache-based side channel analysis. Like the time-driven attack, the cache's timings are under inspection as a source of information leakage. Access-driven attacks scrutinize the cache behavior with a finer granularity, rather than evaluating the overall execution time. Access-driven attacks leverage the ability to detect whether a cache line has been evicted, or not, as the primary mechanism for mounting an attack. In this paper we focus on the case of AES and we show that the vast majority of processors suffer from this cache-based vulnerability. Our best results are indeed performed on a processor without the multi-threading capabilities -- in contrast to previous works in this area that had suggested that multi-threading actually improved, or even made possible, this class of attack. Despite some technical difficulties required to mount such attacks, our work shows that access-driven cache-based attacks are becoming easier to understand and analyze. Also, when such attacks are mounted against systems performing AES, only a very limited number of encryptions are required to recover the whole key with a high probability of success, due to our last round analysis from the ciphertext.

[1]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[2]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[3]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[4]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[5]  Jean-Pierre Seifert,et al.  Software mitigations to hedge AES against cache-based software side channel vulnerabilities , 2006, IACR Cryptol. ePrint Arch..

[6]  Abraham Silberschatz,et al.  Operating Systems Concepts , 2005 .

[7]  Jean-Pierre Seifert,et al.  A refined look at Bernstein's AES side-channel analysis , 2006, ASIACCS '06.

[8]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[9]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[10]  Hiroshi Miyauchi,et al.  Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[11]  Mikko H. Lipasti,et al.  Modern Processor Design: Fundamentals of Superscalar Processors , 2002 .

[12]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[13]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[14]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[15]  Wei-Ming Hu,et al.  Lattice scheduling and covert channels , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[16]  Jim Handy The cache memory book (2nd ed.): the authoritative reference on cache design , 1998 .

[17]  Y. Tsunoo,et al.  Cryptanalysis of Block Ciphers Implemented on Computers with Cache , 2002 .

[18]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.