Abstract
This paper describes several novel timing attacks against the common table-driven software implementation of the AES cipher. We define a general attack strategy using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicable to most high-speed software AES implementations and computing platforms, we have implemented them against OpenSSL v. 0.9.8.(a) running on Pentium III, Pentium IV Xeon, and UltraSPARC III+ machines. The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 213 timing samples, an improvement of almost four orders of magnitude over the best previously published attacks of this type [Ber05]. While the task of defending AES against all timing attacks is challenging, a small patch can significantly reduce the vulnerability to these specific attacks with no performance penalty.
Keywords
- AES
- cryptanalysis
- side-channel attack
- timing attack
- cache
Chapter PDF
References
Akkar, M.-L., Bévan, R., Dischamp, P., Moyart, D.: Power analysis, what is now possible.... In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 489–502. Springer, Heidelberg (2000)
Acıiçmez, O., Koç, Ç. K.: Trace driven cache attack on AES. IACR Cryptology ePrint Archive, Report 2006/138 (April 2006)
Acıiçmez, O.: Remote Timing Attacks. Given at Intel Corporation, Oregon, USA (December 2005), Available at: http://web.engr.oregonstate.edu/~aciicmez/osutass/
Acıiçmez, O., Schindler, W., Koç, Ç.K.: Improving Brumley and Boneh timing attack on unprotected SSL implementations. In: ACM Conference on Computer and Communications Security (2005)
Biham, E., Anderson, R.J., Knudsen, L.R.: Serpent: A new block cipher proposal. In: Vaudenay, S. (ed.) FSE 1998. LNCS, vol. 1372, pp. 222–238. Springer, Heidelberg (1998)
Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge AES against cache-based software side channel vulnerabilities. IACR ePrint Archive, Report 2006/052 (February 2006)
Brumley, D., Boneh, D.: Remote timing attacks are practical. Computer Networks 48(5), 701–716 (2005)
Bertoni, G., Breveglieri, L., Monchiero, M., Palermo, G., Zaccaria, V.: AES power attack based on induced cache miss and countermeasure. ITCC(1) (2005)
Bernstein, D.J.: Cache-timing attacks on AES (April 2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Canteaut, A., Lauradoux, C., Seznec, A.: Understanding cache attacks. Technical Report (April 2006), available at: ftp://ftp.inria.fr/INRIA/publication/publi-pdf/RR/RR-5881.pdf
Daemen, J., Rijmen, V.: Resistance against implementation attacks: A comparative study of the AES proposals. In: Second AES Candidate Conference (February 1999)
Daemen, J., Rijmen, V.: The design of Rijndael: AES—the advanced encryption standard. Springer, Heidelberg (2002)
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Koeune, F., Quisquater, J.-J.: A timing attack against Rijndael. Technical Report CG-1999/1 (June 1999)
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. J. of Computer Security 8(2/3) (2000)
Laradoux, C.: Collision attacks on processors with cache and countermeasures. In: Wolf, C., Lucks, S., Yau, P.-W. (eds.) Western European Workshop on Research in Cryptology—WEWoRC 2005, pp. 76–85 (2005)
Ledig, H., Muller, F., Valette, F.: Enhancing collision attacks. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 176–190. Springer, Heidelberg (2004)
Nechvatal, J., Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J., Roback, E.: Report on the development of the Advanced Encryption Standard (AES) (October 2000), http://csrc.nist.gov/CryptoToolkit/aes/round2/r2report.pdf
Neve, M., Seifert, J.-P., Wang, Z.: A refined look at Bernstein’s AES side-channel analysis. ASIACCS, 369 (2006)
Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147–162. Springer, Heidelberg (2007)
O’Hanlan, M., Tonge, A.: Investigation of cache timing attacks on AES. School of Computing, Dublin City University (2005)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Technical Report CSTR-02-003, University of Bristol (April 2002)
Page, D.: Defending against cache based side channel attacks. Technical Report. Department of Computer Science, University of Bristol (2003)
Page, D.: Partitioned cache as a side-channel defense mechanism. IACR Cryptology ePrint Archive, Report 2005/280 (August 2005)
Percival, C.: Cache missing for fun and profit. In: BSDCan 2005 (2005), http://www.daemonology.net/hyperthreading-considered-harmful/
Schramm, K., Leander, G., Felke, P., Paar, C.: A collision attack on AES: Combining side channel and differential attack. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 163–175. Springer, Heidelberg (2004)
Schramm, K., Wollinger, T.J., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)
Tsunoo, Y., Tsujihara, E., Minematsu, K., Miyauchi, H.: Cryptanalysis of block ciphers implemented on computers with cache. In: International Symposium on Information Theory and Applications 2002, pp. 803–806 (2002)
Tsunoo, Y., Tsujihara, E., Shigeri, M., Kubo, H., Minematsu, K.: Improving cache attacks by considering cipher structure. International Journal of Information Security (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bonneau, J., Mironov, I. (2006). Cache-Collision Timing Attacks Against AES. In: Goubin, L., Matsui, M. (eds) Cryptographic Hardware and Embedded Systems - CHES 2006. CHES 2006. Lecture Notes in Computer Science, vol 4249. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11894063_16
Download citation
DOI: https://doi.org/10.1007/11894063_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46559-1
Online ISBN: 978-3-540-46561-4
eBook Packages: Computer ScienceComputer Science (R0)