A refined look at Bernstein's AES side-channel analysis

Section: Introductionmentioning

confidence: 93%

“…In the following, we give a simplified description of cache timing attacks; for a more complete description, see e.g. [13,9].…”

Section: Cache Timing Attacksmentioning

confidence: 99%

See 1 more Smart Citation

A Cache Timing Analysis of HC-256

Zenner

2009

“…In [2], Bernstein showed results of side channel analysis against AES, based on the first round. [10] and [11,12,13] independently provided an analysis of the second round of AES. These attacks belong to the class of timedriven cache-based attacks as they analyze the overall execution time.…”

Section: Introductionmentioning

confidence: 99%

Advances on Access-Driven Cache Attacks on AES

Neve

Seifert

Self Cite

117

100

Abstract. An access-driven attack is a class of cache-based side channel analysis. Like the time-driven attack, the cache's timings are under inspection as a source of information leakage. Access-driven attacks scrutinize the cache behavior with a finer granularity, rather than evaluating the overall execution time. Access-driven attacks leverage the ability to detect whether a cache line has been evicted, or not, as the primary mechanism for mounting an attack. In this paper we focus on the case of AES and we show that the vast majority of processors suffer from this cache-based vulnerability. Our best results are indeed performed on a processor without the multi-threading capabilities -in contrast to previous works in this area that had suggested that multi-threading actually improved, or even made possible, this class of attack.Despite some technical difficulties required to mount such attacks, our work shows that access-driven cache-based attacks are becoming easier to understand and analyze. Also, when such attacks are mounted against systems performing AES, only a very limited number of encryptions are required to recover the whole key with a high probability of success, due to our last round analysis from the ciphertext.

“…Further publications of Page [15], Percival [16], Bernstein [3], Osvik et al [13] and Brickell et al [7] disclosed the full power of CBAs. See [4,10,12,1,2] for further improvements of CBAs. In particular, the fast AES implementation [8] is susceptible to CBAs.…”

Section: Introductionmentioning

confidence: 99%

Analysis of Countermeasures Against Access Driven Cache Attacks on AES

Blömer

Krummel

Abstract. Cache based attacks (CBA) exploit the different access times of main memory and cache memory to determine information about internal states of cryptographic algorithms. CBAs turn out to be very powerful attacks even in practice. In this paper we present a general and strong model to analyze the security against CBAs. We introduce the notions of information leakage and resistance to analyze the security of several implementations of AES. Furthermore, we analyze how to use random permutations to protect against CBAs. By providing a successful attack on an AES implementation protected by random permutations we show that random permutations used in a straightforward manner are not enough to protect against CBAs. Hence, to improve upon the security provided by random permutations, we describe the property a permutation must have in order to prevent the leakage of some key bits through CBAs.