Abstract
This paper proposes a new type of cache-collision timing attacks on software implementations of AES. Our major technique is of differential nature and is based on the internal cryptographic properties of AES, namely, on the MDS property of the linear code providing the diffusion matrix used in the MixColumns transform. It is a chosen-plaintext attack where pairs of AES executions are treated differentially. The method can be easily converted into a chosen-ciphertext attack. We also thoroughly study the physical behavior of cache memory enabling this attack.
On the practical side, we demonstrate that our theoretical findings lead to efficient real-world attacks on embedded systems implementing AES at the example of ARM9. As this is one of the most wide-spread embedded platforms today [7], our experimental results might make a revision of the practical security of many embedded applications with security functionality necessary. To our best knowledge, this is the first paper to study cache timing attacks on embedded systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aciiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006)
Advanced Encryption Standard. FIPS. Publication 197. National Bureau of Standards, U.S. Department of Commerce (2001)
ARM Limited. ARM920T Technical Reference Manual, 1 edn.
Bernstein, D.J.: Cache-timing attacks on AES. Technical report, Department of Mathematics, Statistics and Computer Science, The University of Illinois at Chicago, 2005, cr.yp.to/antiforgery/cachetiming-20050414.pdf
Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. Technical report, Computer Science Department, Stanford University and Microsoft Research, Mountain View, CA (2006)
Daemen, J., Rijmen, V.: The Design of Rijndael. Springer, Heidelberg (2002)
ARM INC. ARM Powered Products, http://www.arm.com/markets/mobile_solutions/app.html
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. Journal of Computer Security, 97–110 (1998)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks and Countermeasures for Cryptographic Smart Cards: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)
Neve, M., Seifert, J., Wang, Z.: Cache time-behavior analysis on AES (2006), http://www.cryptologie.be/document/Publications/AsiaCSSfull06.pdf
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Technical report (2002)
Samsung Electronics. S3C2440A 32-Bit CMOS Microcontroller User’s Manual, 1 edn.
ST33F1M. Smartcard MCU with 32-bit ARM, http://www.st.com/stonline/books/pdf/docs/15066.pdf
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)
Tsunoo, Y., Tsujihara, E., Shigeri, M., Kubo, H., Minematsu, K.: Improving cache attacks by considering cipher structure. Int. J. Inf. Secur. 5(3), 166–176 (2006)
Hamburg, M.: Accelerating AES with Vector Permute Instructions. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 18–32. Springer, Heidelberg (2009)
OpenSSL 0.9.8.K. Openssl: The open source toolkit for ssl/tls, http://www.openssl.org/ (accessed June 18, 2009)
Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A Practical Implementation of the Timing Attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 167–182. Springer, Heidelberg (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bogdanov, A., Eisenbarth, T., Paar, C., Wienecke, M. (2010). Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs. In: Pieprzyk, J. (eds) Topics in Cryptology - CT-RSA 2010. CT-RSA 2010. Lecture Notes in Computer Science, vol 5985. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11925-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-11925-5_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11924-8
Online ISBN: 978-3-642-11925-5
eBook Packages: Computer ScienceComputer Science (R0)