Cache-Collision Timing Attacks Against AES

Bonneau, Joseph; Mironov, Ilya

doi:10.1007/11894063_16

Cited by 256 publications

(164 citation statements)

References 20 publications

Supporting

Mentioning

158

Contrasting

Unclassified

Order By: Relevance

“…We stress that MDATDCAs are resistant to Boolean masking of software AES implementations in the case where all S-Boxes share the same random mask, as detailed in [3]. When such a masking scheme is used, our attacks will outperform higher order DPAs or CPAs that typically require thousands of traces.…”

Section: Discussionmentioning

confidence: 94%

“…Cache attacks demonstrated fall into three categories, depending on the channels used to collect the leakages. These channels are spy processes [1], timing information [2,3] and power/electromagnetic (EM) traces [4,5,6,7,8,9,10,11]. The focus of this paper is trace driven cache attack (TDCA), which exploits the power or electromagnetic traces.…”

Section: Introductionmentioning

confidence: 99%

“…As the name suggests, TDCAs monitor cache hits and misses from power/EM traces, and recover the secret key used in the computation. The number of traces required in TDCAs is much less than in the conventional differential power attacks (DPAs) [12], correlation power attacks (CPAs) [13] or other types of cache attacks [1,2,3]. Considering AES for example, only 30 cache traces are required in TDCAs [9,10] instead of hundreds (or thousands) of power traces in DPAs, CPAs [13], hundreds of cache traces in access driven cache attacks [1], and millions of cache traces in timing driven cache attacks [2,3].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on AES

Zhao

Guo

Zhang

et al. 2013

Computers & Security

View full text Add to dashboard Cite

First, the key recovery in TDCA is depicted by an abstract model regardless of the specific attack techniques.Then, the previous work of TDCAs on AES is classified into three types and its limitations are analyzed.How to utilize the cache events with MDATDCA is presented and the overhead is also calculated. To evaluate MDATDCA on AES, this paper constructs a mathematical model to estimate the maximal number of leakage rounds that can be utilized and the minimal number of cache traces required for a successful MDATDCA.

show abstract

Section: Discussionmentioning

confidence: 94%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on AES

Zhao

Guo

Zhang

et al. 2013

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Subsequent research verified the correctness of the findings [11,10,9,15], improved the attack technically [14,3,8] or algorithmically [5], and devised and analysed countermeasures [6,4,16].…”

Section: Introductionmentioning

confidence: 95%

A Cache Timing Analysis of HC-256

Zenner

2009

Selected Areas in Cryptography

View full text Add to dashboard Cite

show abstract

“…Unfortunately, many of the techniques are not designed for IFC scenarios. For example, modifying an algorithm implementation, as in the case of AES [7], does not naturally generalize to arbitrary untrusted code. Similarly, flushing or disabling the cache when switching protection domains, as suggested in [6,49], is prohibitively expensive in systems like Hails, where context switches occur hundreds of times per second.…”

Section: Introductionmentioning

confidence: 99%

Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling

Stefan

Buiras

Yang

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Information flow control allows untrusted code to access sensitive and trustworthy information without leaking this information. However, the presence of covert channels subverts this security mechanism, allowing processes to communicate information in violation of IFC policies. In this paper, we show that concurrent deterministic IFC systems that use time-based scheduling are vulnerable to a cache-based internal timing channel. We demonstrate this vulnerability with a concrete attack on Hails, one particular IFC web framework. To eliminate this internal timing channel, we implement instruction-based scheduling, a new kind of scheduler that is indifferent to timing perturbations from underlying hardware components, such as the cache, TLB, and CPU buses. We show this scheduler is secure against cache-based internal timing attacks for applications using a single CPU. To show the feasibility of instruction-based scheduling, we have implemented a version of Hails that uses the CPU retired-instruction counters available on commodity Intel and AMD hardware. We show that instruction-based scheduling does not impose significant performance penalties. Additionally, we formally prove that our modifications to Hails' underlying IFC system preserve non-interference in the presence of caches.

show abstract

Cache-Collision Timing Attacks Against AES

Cited by 256 publications

References 20 publications

A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on AES

A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on AES

A Cache Timing Analysis of HC-256

Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling

Contact Info

Product

Resources

About