Journal of Cryptology

, Volume 23, Issue 1, pp 37–71

Efficient Cache Attacks on AES, and Countermeasures

Authors

    • Computer Science and Artificial Intelligence LaboratoryMassachusetts Institute of Technology
    • Department of Computer Science and Applied MathematicsWeizmann Institute of Science
  • Dag Arne Osvik
    • Laboratory for Cryptologic Algorithms, Station 14École Polytechnique Fédérale de Lausanne
  • Adi Shamir
    • Department of Computer Science and Applied MathematicsWeizmann Institute of Science
Article

DOI: 10.1007/s00145-009-9049-y

Cite this article as:
Tromer, E., Osvik, D.A. & Shamir, A. J Cryptol (2010) 23: 37. doi:10.1007/s00145-009-9049-y

Abstract

We describe several software side-channel attacks based on inter-process leakage through the state of the CPU’s memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing, and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several attacks on AES and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux’s dm-crypt encrypted partitions (in the latter case, the full key was recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we discuss a variety of countermeasures which can be used to mitigate such attacks.

Keywords

Side-channel attackCryptanalysisMemory cacheAES

Copyright information

© International Association for Cryptologic Research 2009