Skip to main content
SpringerLink
Log in

End-to-end automated cache-timing attack driven by machine learning

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Cache-timing attacks are serious security threats that exploit cache memories to steal secret information. We believe that the identification of a sequence of function calls from cache-timing data measurements is not a trivial step when building an attack. We present a recurrent neural network model able to automatically retrieve a sequence of operations from cache timings. Inspired from natural language processing, our model is able to learn on partially labelled data. We use the model to unfold an end-to-end automated attack on OpenSSL ECDSA on the secp256k1 curve. Our attack is able to extract the 256 bits of the secret key by automatic analysis of about 2400 traces without any human processing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. To remain consistent with the notations of [2], we chose to write \(\alpha \) for the private key instead of d, which is the standard notation.

References

  1. Backes, M., Dürmuth, M., Gerling, S., Pinkal, M., Sporleder, C.: Acoustic side-channel attacks on printers. In: USENIX Security symposium, pp. 307–322 (2010)

  2. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah... Just a Little Bit” : a small amount of side channel can go a long way. In: L. Batina, M. Robshaw (eds.) Cryptographic Hardware and Embedded Systems – CHES 2014, pp. 75–92. Springer, Heidelberg (2014)

  3. Bernstein, D.J.: Cache-timing attacks on AES (2005). http://cr.yp.to/antiforgery/cachetiming-20050414.pdf

  4. Bernstein, D.J., Breitner, J., Genkin, D., Bruinderink, L.G., Heninger, N., Lange, T., van Vredendaal, C., Yarom, Y.: Sliding right into disaster: left-to-right sliding windows leak. In: International Conference on Cryptographic Hardware and Embedded Systems, pp. 555–576. Springer (2017)

  5. Brouchier, J., Kean, T., Marsh, C., Naccache, D.: Temperature attacks. IEEE Secur. Priv. 7(2), 79–82 (2009)

    Article  Google Scholar 

  6. Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 667–684. Springer (2009)

  7. Cabrera Aldaya, A., García, C., Alvarez Tapia, L., Brumley, B.: Cache-timing attacks on RSA key generation. pp. 213–242 (2019). https://doi.org/10.13154/tches.v2019.i4.213-242

  8. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 13–28. Springer (2002)

  9. Elman, J.L.: Finding structure in time. Cognit. Sci. 14(2), 179–211 (1990)

    Article  Google Scholar 

  10. Fan, S., Wang, W., Cheng, Q.: Attacking OpenSSL implementation of ECDSA with a few signatures. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1505–1515. ACM (2016)

  11. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: International workshop on cryptographic hardware and embedded systems, pp. 251–261. Springer (2001)

  12. García, C.P., Brumley, B.B.: Constant-Time Callees with Variable-Time Callers. In: E. Kirda, T. Ristenpart (eds.) 26th USENIX Security Symposium, USENIX Security 2017, Vancouver, BC, Canada, August 16-18, 2017., pp. 83–98. USENIX Association (2017). https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/garcia

  13. Graves, A., Fernández, S., Gomez, F.J., Schmidhuber, J.: Connectionist temporal classification: labelling unsegmented sequence data with recurrent neural networks. In: Machine Learning, Proceedings of the 23rd International Conference (ICML 2006), Pittsburgh, Pennsylvania, USA, June 25–29, 2006, pp. 369–376 (2006). https://doi.org/10.1145/1143844.1143891

  14. Gruss, D., Maurice, C., Wagner, K.: Flush+Flush: a stealthier last-level cache attack. CoRR abs/1511.04594 (2015)

  15. Guilley, S., Meynard, O., Nassar, M., Duc, G., Hoogvorst, P., Maghrebi, H., Elaabid, A., Bhasin, S., Souissi, Y., Debande, N., et al.: Vade mecum on side-channels attacks and countermeasures for the designer and the evaluator. In: 2011 6th International Conference on Design & Technology of Integrated Systems in Nanoscale Era (DTIS), pp. 1–6. IEEE (2011)

  16. Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to elliptic curve cryptography. Comput. Rev. 46(1), 13 (2005)

    MATH  Google Scholar 

  17. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    Article  Google Scholar 

  18. Hwang, J., Yoon, J.W.: An automated end-to-end side channel analysis based on probabilistic model. Appl. Sci. 10(7), 2369 (2020). https://doi.org/10.3390/app10072369

    Article  Google Scholar 

  19. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Annual International Cryptology Conference, pp. 388–397. Springer (1999)

  20. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Annual International Cryptology Conference, pp. 104–113. Springer (1996)

  21. LeCun, Y., Boser, B.E., Denker, J.S., Henderson, D., Howard, R.E., Hubbard, W.E., Jackel, L.D.: Handwritten digit recognition with a back-propagation network. In: Advances in neural information processing systems, pp. 396–404 (1990)

  22. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)

    Article  MathSciNet  Google Scholar 

  23. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, pp. 605–622. IEEE (2015)

  24. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards, vol. 31. Springer, Berlin (2008)

    MATH  Google Scholar 

  25. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the digital signature algorithm with partially known nonces. J Cryptol 15(3), 151 (2002)

    Article  MathSciNet  Google Scholar 

  26. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Crypt. 30(2), 201–217 (2003)

    Article  MathSciNet  Google Scholar 

  27. OpenSSL: Cryptography and SSL/TLS Toolkit. http://www.openssl.com

  28. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Proceedings of the 2006 The Cryptographers’ Track at the RSA Conference on Topics in Cryptology, CT-RSA’06, pp. 1–20. Springer, Heidelberg (2006). https://doi.org/10.1007/11605805_1

  29. Van de Pol, J., Smart, N.P., Yarom, Y.: Just a little bit more. In: Cryptographers’ Track at the RSA Conference, pp. 3–21. Springer (2015)

  30. Rabiner, L.R., Juang, B.H.: An introduction to hidden Markov models. IEEE ASSP Mag. 3(1), 4–16 (1986)

    Article  Google Scholar 

  31. Research, C.: Recommended elliptic curve domain parameters. SEC 2, (2000)

  32. Roy, D.K., Pentland, A.P.: Learning words from sights and sounds: a computational model. Cognit. Sci. 26(1), 113–146 (2002)

    Article  Google Scholar 

  33. Rumelhart, D.E., Hinton, G.E., Williams, R.J., et al.: Learning representations by back-propagating errors. Cognit. Model. 5(3), 1 (1988)

    MATH  Google Scholar 

  34. Kerry, C.F., Director, C.R., FIPS PUB 186-4 federal information processing standards publication digital signature standard (DSS) (2013)

  35. Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: International Workshop on Cryptographic Hardware and Embedded Systems, pp. 62–76. Springer (2003)

  36. Ueno, R., Takahashi, J., Hayashi, Y.I., Homma, N.: Constructing sliding windows leak from noisy cache timing information of OSS-RSA. In: 8th International Workshop on Security Proofs for Embedded Systems ( PROOFS). Atlanta, GA, USA (2019)

  37. Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the FLUSH+ RELOAD cache side-channel attack. IACR Cryptol. ePrint Arch. 2014, 140 (2014)

    Google Scholar 

  38. Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX security symposium (USENIX Security 14), pp. 719–732. USENIX Association, San Diego, CA (2014). https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom

  39. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on Computer and communications security, pp. 305–316. ACM (2012)

Download references

Author information

Authors and Affiliations

  1. Secure-IC K.K., Think Ahead Business Line, Tokyo, Japan

    Thomas Perianin, Sebastien Carré, Victor Dyseryn, Adrien Facon & Sylvain Guilley

  2. LTCI, Telecom-Paris, Institut Polytechnique de Paris, 75013, Paris, France

    Sebastien Carré & Sylvain Guilley

  3. Département d’informatique, École normale supérieure, CNRS, PSL Research University, 75005, Paris, France

    Adrien Facon & Sylvain Guilley

Authors
  1. Thomas Perianin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastien Carré
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Victor Dyseryn
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adrien Facon
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Perianin.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Perianin, T., Carré, S., Dyseryn, V. et al. End-to-end automated cache-timing attack driven by machine learning . J Cryptogr Eng 11, 135–146 (2021). https://doi.org/10.1007/s13389-020-00228-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-020-00228-5

Keywords

Search

Navigation