FSE 2007: Fast Software Encryption pp 399-413 | Cite as

An Analytical Model for Time-Driven Cache Attacks

  • Kris Tiri
  • Onur Acıiçmez
  • Michael Neve
  • Flemming Andersen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4593)

Abstract

Cache attacks exploit side-channel information that is leaked by a microprocessor’s cache. There has been a significant amount of research effort on the subject to analyze and identify cache side-channel vulnerabilities since early 2002. Experimental results support the fact that the effectiveness of a cache attack depends on the particular implementation of the cryptosystem under attack and on the cache architecture of the device this implementation is running on. Yet, the precise effect of the mutual impact between the software implementation and the cache architecture is still an unknown. In this manuscript, we explain the effect and present an analytical model for time-driven cache attacks that accurately forecasts the strength of a symmetric key cryptosystem based on 3 simple parameters: (1) the number of lookup tables; (2) the size of the lookup tables; (3) and the length of the microprocessor’s cache line. The accuracy of the model has been experimentally verified on 3 different platforms with different implementations of the AES algorithm attacked by adversaries with different capabilities.

Keywords

Cache Line Performance Counter Cache Access Cache Architecture Powerful Adversary 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full conference paper text

References

  1. 1.
    Acıiçmez, O., Schindler, W., Koç, Ç.K.: Trace Driven Cache Attack on AES. e-print of the IACR (2006), Available online at http://eprint.iacr.org/2006/138.pdf
  2. 2.
    Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the aes. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J.: Cache-timing attacks on AES (2004), Available online at http://cr.yp.to/papers.html#cachetiming
  4. 4.
    Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES Power Attack Based on Induced Cache Miss and Countermeasure. In: ITCC (1), pp. 586–591. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  5. 5.
    Bonneau, J., Mironov, I.: Cache-collision timing attacks against aes. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge AES against cache-based software side channel vulnerabilities. Cryptology ePrint Archive, Report 2006/052 (2006), Available online at http://eprint.iacr.org/
  7. 7.
    Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. Journal of Computer Security 8(2/3) (2000)Google Scholar
  8. 8.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  9. 9.
    Lauradoux, C.: Collision attacks on processors with cache and countermeasures. In: Wolf, C., Lucks, S., Yau, P.-W. (eds.) Proceedings of Western European Workshop on Research in Cryptplogy (WeWorc 2005). GI edn. Lecture Notes in Informatics (LNI), p. 74. Bonner Köllen Verlag (2005)Google Scholar
  10. 10.
    Mangard, S.: Hardware countermeasures against dpa? a statistical analysis of their effectiveness. In: CT-RSA, pp. 222–235 (2004)Google Scholar
  11. 11.
    Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on aes. Selected Areas of Cryptography – SAC 2006, LNCS, vol. 4356, Springer, Heidelberg (to appear, 2007)Google Scholar
  12. 12.
    OpenSSL. OpenSSL: the Open-source toolkit for SSL / TLS, Available online at http://www.openssl.org/
  13. 13.
    Osvik, D., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Technical Report CSTR-02-003, Department of Computer Science, University of Bristol (June 2002)Google Scholar
  15. 15.
    Percival, C.: Cache missing for fun and profit (2005), Available online at http://www.daemonology.net/hyperthreading-considered-harmful/
  16. 16.
    Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES Implemented on Computers with Cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Kris Tiri
    • 1
  • Onur Acıiçmez
    • 3
  • Michael Neve
    • 1
  • Flemming Andersen
    • 2
  1. 1.Platform Validation Architecture 
  2. 2.Visual Computing Group, Intel Corporation, 2111 NE 25th Avenue, Hillsboro Oregon 97124USA
  3. 3.Computer Science Lab, Samsung Information Systems AmericaUSA

Personalised recommendations