Rijndael was standardized in 2001 by National Institute of Standard and Technology as the Advanced Encryption Standard (AES). AES is still being used to encrypt financial, military and even government confidential data. In 2005, Bernstein illustrated a remote cache timing attack on AES using the client-server architecture and therefore proved a side channel in its software implementation. Over the years, a number of countermeasures have been proposed against cache timing attacks both using hardware and software. Although the software based countermeasures are flexible and easy to deploy, most of such countermeasures are vulnerable to statistical analysis. In this paper, we propose a novel software based countermeasure against cache timing attacks, known as constant time encryption, which we believe is secure against statistical analysis. The countermeasure we proposed performs rescheduling of instructions such that the encryption rounds will consume constant time independent of the cache hits and misses. Through experiments, we prove that our countermeasure is secure against Bernstein's cache timing attack.
[1]
Alex Biryukov,et al.
Related-Key Cryptanalysis of the Full AES-192 and AES-256
,
2009,
ASIACRYPT.
[2]
Adi Shamir,et al.
Cache Attacks and Countermeasures: The Case of AES
,
2006,
CT-RSA.
[3]
Vincent Rijmen.
Practical-Titled Attack on AES-128 Using Chosen-Text Relations
,
2010,
IACR Cryptol. ePrint Arch..
[4]
Paul C. Kocher,et al.
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
,
1996,
CRYPTO.
[5]
Darshana Jayasinghe,et al.
Remote Cache Timing Attack on Advanced Encryption Standard and countermeasures
,
2010,
2010 Fifth International Conference on Information and Automation for Sustainability.
[6]
G. Prichett,et al.
Cryptology: From Caesar Ciphers to Public-key Cryptosystems.
,
1987
.