Advances on Access-Driven Cache Attacks on AES

Neve, Michael; Seifert, Jean-Pierre

doi:10.1007/978-3-540-74462-7_11

Cited by 118 publications

(105 citation statements)

References 8 publications

Supporting

Mentioning

101

Contrasting

Unclassified

Order By: Relevance

“…Moreover, the last round has non-linearity but no MixColumn operation, so the key can be extracted byteby-byte without analyzing additional rounds. Indeed, this was demonstrated by [41] (subsequent to [44]); see Section 6.5. Since the round subkey derivation process in AES is reversible, recovering the last round's subkey yields the full key.…”

Section: Variants and Extensionsmentioning

confidence: 79%

Efficient Cache Attacks on AES, and Countermeasures

2009

View full text Add to dashboard Cite

Abstract. We describe several software side-channel attacks based on inter-process leakage through the state of the CPU's memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several attacks on AES, and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux's dm-crypt encrypted partitions (in the latter case, the full key was recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we discuss a variety of countermeasures which can be used to mitigate such attacks.

show abstract

Section: Variants and Extensionsmentioning

confidence: 79%

Efficient Cache Attacks on AES, and Countermeasures

2009

View full text Add to dashboard Cite

show abstract

“…In general, side channel attacks benefit from variations, e.g., in timing, power consumption, electromagnetic emanation and temperature, to gain information of a cryptosystem. A high-awareness security system should be tested for side channel attacks and should take sophisticated attacks into account, e.g., cache-based side channel analysis [25]. A covert channel exploits the same variations as a side channel attack, but is used by malicious processes to exchange information.…”

Section: Periods Processingmentioning

confidence: 99%

A Secure System Architecture for Measuring Instruments in Legal Metrology

et al. 2015

Self Cite

View full text Add to dashboard Cite

Embedded systems show the tendency of becoming more and more connected. This fact combined with the trend towards the Internet of Things, from which measuring instruments are not immune (e.g., smart meters), lets one assume that security in measuring instruments will inevitably play an important role soon. Additionally, measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. In this paper, a flexible software system architecture is presented that addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. This system architecture tries to eliminate the risks general-purpose operating systems have by wrapping them, together with dedicated applications, in secure sandboxes, while supervising the communication between the essential parts and the outside world.

show abstract

“…Bernstein described a simple cache-timing attack leading to a complete key recovery on a remote server [3]. In accessdriven attacks presented in [18,20], an attacker learns which cache lines were accessed during the execution by pre-loading the cache with the chosen data.…”

Section: Cache-based Attacks Against Aesmentioning

confidence: 99%

Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations

Gallais

Kizhvatov

Tunstall

2011

Information Security Applications

View full text Add to dashboard Cite

Abstract. In this paper we present two attacks that exploit cache events, which are visible in some side channel, to derive a secret key used in an implementation of AES. The first is an improvement of an adaptive chosen plaintext attack presented at ACISP 2006. The second is a new known plaintext attack that can recover a 128-bit key with approximately 30 measurements to reduce the number of key hypotheses to 2 30 . This is comparable to classical Differential Power Analysis; however, our attacks are able to overcome certain masking techniques. We also show how to deal with unreliable cache event detection in the real-life measurement scenario and present practical explorations on a 32-bit ARM microprocessor.

show abstract

Advances on Access-Driven Cache Attacks on AES

Cited by 118 publications

References 8 publications

Efficient Cache Attacks on AES, and Countermeasures

Efficient Cache Attacks on AES, and Countermeasures

A Secure System Architecture for Measuring Instruments in Legal Metrology

Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations

Contact Info

Product

Resources

About