Skip to main content
Book cover

International Workshop on Fast Software Encryption

FSE 2007: Fast Software Encryption pp 399–413Cite as

An Analytical Model for Time-Driven Cache Attacks

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 4593)

Abstract

Cache attacks exploit side-channel information that is leaked by a microprocessor’s cache. There has been a significant amount of research effort on the subject to analyze and identify cache side-channel vulnerabilities since early 2002. Experimental results support the fact that the effectiveness of a cache attack depends on the particular implementation of the cryptosystem under attack and on the cache architecture of the device this implementation is running on. Yet, the precise effect of the mutual impact between the software implementation and the cache architecture is still an unknown. In this manuscript, we explain the effect and present an analytical model for time-driven cache attacks that accurately forecasts the strength of a symmetric key cryptosystem based on 3 simple parameters: (1) the number of lookup tables; (2) the size of the lookup tables; (3) and the length of the microprocessor’s cache line. The accuracy of the model has been experimentally verified on 3 different platforms with different implementations of the AES algorithm attacked by adversaries with different capabilities.

Keywords

  • Cache Line
  • Performance Counter
  • Cache Access
  • Cache Architecture
  • Powerful Adversary

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Trace Driven Cache Attack on AES. e-print of the IACR (2006), Available online at http://eprint.iacr.org/2006/138.pdf

  2. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the aes. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  3. Bernstein, D.J.: Cache-timing attacks on AES (2004), Available online at http://cr.yp.to/papers.html#cachetiming

  4. Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES Power Attack Based on Induced Cache Miss and Countermeasure. In: ITCC (1), pp. 586–591. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  5. Bonneau, J., Mironov, I.: Cache-collision timing attacks against aes. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  6. Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge AES against cache-based software side channel vulnerabilities. Cryptology ePrint Archive, Report 2006/052 (2006), Available online at http://eprint.iacr.org/

  7. Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. Journal of Computer Security 8(2/3) (2000)

    Google Scholar 

  8. Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  9. Lauradoux, C.: Collision attacks on processors with cache and countermeasures. In: Wolf, C., Lucks, S., Yau, P.-W. (eds.) Proceedings of Western European Workshop on Research in Cryptplogy (WeWorc 2005). GI edn. Lecture Notes in Informatics (LNI), p. 74. Bonner Köllen Verlag (2005)

    Google Scholar 

  10. Mangard, S.: Hardware countermeasures against dpa? a statistical analysis of their effectiveness. In: CT-RSA, pp. 222–235 (2004)

    Google Scholar 

  11. Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on aes. Selected Areas of Cryptography – SAC 2006, LNCS, vol. 4356, Springer, Heidelberg (to appear, 2007)

    Google Scholar 

  12. OpenSSL. OpenSSL: the Open-source toolkit for SSL / TLS, Available online at http://www.openssl.org/

  13. Osvik, D., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  14. Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Technical Report CSTR-02-003, Department of Computer Science, University of Bristol (June 2002)

    Google Scholar 

  15. Percival, C.: Cache missing for fun and profit (2005), Available online at http://www.daemonology.net/hyperthreading-considered-harmful/

  16. Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES Implemented on Computers with Cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Platform Validation Architecture,  

    Kris Tiri & Michael Neve

  2. Visual Computing Group, Intel Corporation, 2111 NE 25th Avenue, Hillsboro Oregon 97124, USA

    Flemming Andersen

  3. Computer Science Lab, Samsung Information Systems America, USA

    Onur Acıiçmez

Authors
  1. Kris Tiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Onur Acıiçmez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Neve
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Flemming Andersen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 2007 Springer-Verlag Berlin Heidelberg

    About this paper

    Cite this paper

    Tiri, K., Acıiçmez, O., Neve, M., Andersen, F. (2007). An Analytical Model for Time-Driven Cache Attacks. In: Biryukov, A. (eds) Fast Software Encryption. FSE 2007. Lecture Notes in Computer Science, vol 4593. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74619-5_25

    Download citation

    • DOI: https://doi.org/10.1007/978-3-540-74619-5_25

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-74617-1

    • Online ISBN: 978-3-540-74619-5

    • eBook Packages: Computer ScienceComputer Science (R0)