Abstract
Side-channel attacks are usually performed by employing the “divide-and-conquer” approach, meaning that leaking information is collected in a divide step, and later on exploited in the conquer step. The idea is to extract as much information as possible during the divide step, and to exploit the gathered information as efficiently as possible within the conquer step. Focusing on both of these steps, we discuss potential enhancements of Bernstein’s cache-timing attack against the Advanced Encryption Standard (AES). Concerning the divide part, we analyze the impact of attacking different key-chunk sizes, aiming at the extraction of more information from the overall encryption time. Furthermore, we analyze the most recent improvement of time-driven cache attacks, presented by Aly and ElGayyar, according to its applicability on ARM Cortex-A platforms. For the conquer part, we employ the optimal key-enumeration algorithm as proposed by Veyrat-Charvillon et al. to significantly reduce the complexity of the exhaustive key-search phase compared to the currently employed threshold-based approach. This in turn leads to more practical attacks. Additionally, we provide extensive experimental results of the proposed enhancements on two Android-based smartphones, namely a Google Nexus S and a Samsung Galaxy SII.
Chapter PDF
Similar content being viewed by others
References
Acıiçmez, O., Koç, Ç.K.: Trace-Driven Cache Attacks on AES (Short Paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006)
Aly, H., ElGayyar, M.: Attacking AES Using Bernstein’s Attack on Modern Processors. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 127–139. Springer, Heidelberg (2013)
ARM Ltd. ARM Technical Reference Manual, Cortex-A8, Revision: r3p2 (May 2010)
Bernstein, D.J.: Cache-timing attacks on AES (2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)
Gallais, J.-F., Kizhvatov, I.: Error-Tolerance in Trace-Driven Cache Collision Attacks. In: COSADE, Darmstadt, pp. 222–232 (2011)
Gallais, J.-F., Kizhvatov, I., Tunstall, M.: Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations. In: Chung, Y., Yung, M. (eds.) WISA 2010. LNCS, vol. 6513, pp. 243–257. Springer, Heidelberg (2011)
Gérard, B., Standaert, F.-X.: Unified and Optimized Linear Collision Attacks and their Application in a Non-Profiled Setting: Extended Version. J. Cryptographic Engineering 3(1), 45–58 (2013)
Gullasch, D., Bangerter, E., Krenn, S.: Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. In: IEEE Symposium on Security and Privacy, pp. 490–505. IEEE Computer Society (2011)
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side Channel Cryptanalysis of Product Ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97–110. Springer, Heidelberg (1998)
Meier, W., Staffelbach, O.: Analysis of Pseudo Random Sequence Generated by Cellular Automata. In: Davies, D.W. (ed.) Advances in Cryptology - EUROCRYPT 1991. LNCS, vol. 547, pp. 186–199. Springer, Heidelberg (1991)
National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001)
Neve, M.: Cache-based Vulnerabilities and SPAM Analysis. PhD thesis, UCL (2006)
Neve, M., Seifert, J.-P.: Advances on Access-Driven Cache Attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147–162. Springer, Heidelberg (2007)
Neve, M., Seifert, J.-P., Wang, Z.: A refined look at Bernstein’s AES side-channel analysis. In: Lin, F.-C., Lee, D.-T., Lin, B.-S.P., Shieh, S., Jajodia, S. (eds.) ASIACCS, p. 369. ACM (2006)
Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. IACR Cryptology ePrint Archive, 2002:169 (2002)
Saraswat, V., Feldman, D., Kune, D.F., Das, S.: Remote Cache-timing Attacks Against AES. In: Proceedings of the First Workshop on Cryptography and Security in Computing Systems, CS2 2014, pp. 45–48. ACM, New York (2014)
Spreitzer, R., Plos, T.: On the Applicability of Time-Driven Cache Attacks on Mobile Devices. In: Lopez, J., Huang, X., Sandhu, R. (eds.) NSS 2013. LNCS, vol. 7873, pp. 656–662. Springer, Heidelberg (2013)
Spreitzer, R., Plos, T.: On the Applicability of Time-Driven Cache Attacks on Mobile Devices (Extended Version). IACR Cryptology ePrint Archive, 2013:172 (2013)
Takahashi, J., Fukunaga, T., Aoki, K., Fuji, H.: Highly Accurate Key Extraction Method for Access-Driven Cache Attacks Using Correlation Coefficient. In: Boyd, C., Simpson, L. (eds.) ACISP. LNCS, vol. 7959, pp. 286–301. Springer, Heidelberg (2013)
Tromer, E., Osvik, D.A., Shamir, A.: Efficient Cache Attacks on AES, and Countermeasures. J. Cryptology 23(1), 37–71 (2010)
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES Implemented on Computers with Cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)
Veyrat-Charvillon, N., Gérard, B., Renauld, M., Standaert, F.-X.: An Optimal Key Enumeration Algorithm and Its Application to Side-Channel Attacks. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 390–406. Springer, Heidelberg (2013)
Veyrat-Charvillon, N., Gérard, B., Standaert, F.-X.: Security Evaluations beyond Computing Power. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 126–141. Springer, Heidelberg (2013)
Weiß, M., Heinz, B., Stumpf, F.: A Cache Timing Attack on AES in Virtualization Environments. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 314–328. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
Spreitzer, R., Gérard, B. (2014). Towards More Practical Time-Driven Cache Attacks. In: Naccache, D., Sauveron, D. (eds) Information Security Theory and Practice. Securing the Internet of Things. WISTP 2014. Lecture Notes in Computer Science, vol 8501. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43826-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-662-43826-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-43825-1
Online ISBN: 978-3-662-43826-8
eBook Packages: Computer ScienceComputer Science (R0)