An Analytical Model for Time-Driven Cache Attacks

Cache attacks exploit side-channel information that is leaked by a microprocessor's cache. There has been a significant amount of research effort on the subject to analyze and identify cache side-channel vulnerabilities since early 2002. Experimental results support the fact that the effectiveness of a cache attack depends on the particular implementation of the cryptosystem under attack and on the cache architecture of the device this implementation is running on. Yet, the precise effect of the mutual impact between the software implementation and the cache architecture is still an unknown. In this manuscript, we explain the effect and present an analytical model for time-driven cache attacks that accurately forecasts the strength of a symmetric key cryptosystem based on 3 simple parameters: (1) the number of lookup tables; (2) the size of the lookup tables; (3) and the length of the microprocessor's cache line. The accuracy of the model has been experimentally verified on 3 different platforms with different implementations of the AES algorithm attacked by adversaries with different capabilities.

[1]  Onur Aciiçmez,et al.  Cache Based Remote Timing Attack on the AES , 2007, CT-RSA.

[2]  Jean-Pierre Seifert,et al.  Software mitigations to hedge AES against cache-based software side channel vulnerabilities , 2006, IACR Cryptol. ePrint Arch..

[3]  Joseph Bonneau,et al.  Cache-Collision Timing Attacks Against AES , 2006, CHES.

[4]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5]  Jean-Pierre Seifert,et al.  Advances on Access-Driven Cache Attacks on AES , 2006, Selected Areas in Cryptography.

[6]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[7]  Mitsuru Matsui,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[8]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[9]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[10]  Stefan Mangard,et al.  Hardware Countermeasures against DPA ? A Statistical Analysis of Their Effectiveness , 2004, CT-RSA.

[11]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[12]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[13]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[14]  Vittorio Zaccaria,et al.  AES power attack based on induced cache miss and countermeasure , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[15]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .

[16]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES , 2006, IACR Cryptol. ePrint Arch..

[17]  Cédric Lauradoux,et al.  Collision attacks on processors with cache and countermeasures , 2005, WEWoRC.

[18]  David Pointcheval Topics in Cryptology - CT-RSA 2006, The Cryptographers' Track at the RSA Conference 2006, San Jose, CA, USA, February 13-17, 2006, Proceedings , 2006, CT-RSA.

[19]  Hiroshi Miyauchi,et al.  Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[20]  Dan Page,et al.  Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel , 2002, IACR Cryptol. ePrint Arch..