Trace-Driven Cache Attacks on AES (Short Paper)

Abstract: Cache based side-channel attacks have recently been attracted significant attention due to the new developments in the field. In this paper, we present an efficient trace-driven cache attack on a widely used implementation of the AES cryptosystem. We also evaluate the cost of the proposed attack in detail under the assumption of a noiseless environment. We develop an accurate mathematical model that we use in the cost analysis of our attack. We use two different metrics, specifically, the expected number of ne… Show more

“…The above abstract model can help us to understand the TDCA problem and is generic to block ciphers using the S-Box (table) lookup structure [4,5,6,7,8,9,10,11,24,25,26,27,28]. Different attack techniques can be developed to solve this problem, such as traditional TDCA technique [4,5,6,7,8,9,10,11], MDASCA technique [18] or others to be proposed in the future.…”

“…Cache attacks demonstrated fall into three categories, depending on the channels used to collect the leakages. These channels are spy processes [1], timing information [2,3] and power/electromagnetic (EM) traces [4,5,6,7,8,9,10,11]. The focus of this paper is trace driven cache attack (TDCA), which exploits the power or electromagnetic traces.…”

“…AES was targeted in many TDCAs [4,5,6,7,8,9,10,11]. Throughout this paper, AES refers to AES-128 by default.…”

“…The other is improving the efficiency of TDCAs on different AES implementations. In attacks on AES with large lookup tables (e.g., 1K bytes), TDCAs can exploit cache events in the first round [11], the first two rounds [4] or the last round [5,7]. For AES implemented with a compact table (256 bytes), TDCAs can exploit the cache events in the first round [6], or the first two rounds [8,9,10].…”

“…Section 2 describes the notations used throughout the paper. In Section 3, we formalize the key recovery problem in TDCA with an abstract model, which is independent of specific TDCA techniques [4,5,6,7,8,9,10,11,18]. …”

A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on AES

“…The above abstract model can help us to understand the TDCA problem and is generic to block ciphers using the S-Box (table) lookup structure [4,5,6,7,8,9,10,11,24,25,26,27,28]. Different attack techniques can be developed to solve this problem, such as traditional TDCA technique [4,5,6,7,8,9,10,11], MDASCA technique [18] or others to be proposed in the future.…”

“…Cache attacks demonstrated fall into three categories, depending on the channels used to collect the leakages. These channels are spy processes [1], timing information [2,3] and power/electromagnetic (EM) traces [4,5,6,7,8,9,10,11]. The focus of this paper is trace driven cache attack (TDCA), which exploits the power or electromagnetic traces.…”

“…AES was targeted in many TDCAs [4,5,6,7,8,9,10,11]. Throughout this paper, AES refers to AES-128 by default.…”

“…The other is improving the efficiency of TDCAs on different AES implementations. In attacks on AES with large lookup tables (e.g., 1K bytes), TDCAs can exploit cache events in the first round [11], the first two rounds [4] or the last round [5,7]. For AES implemented with a compact table (256 bytes), TDCAs can exploit the cache events in the first round [6], or the first two rounds [8,9,10].…”

“…Section 2 describes the notations used throughout the paper. In Section 3, we formalize the key recovery problem in TDCA with an abstract model, which is independent of specific TDCA techniques [4,5,6,7,8,9,10,11,18]. …”

A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on AES

An exploration of effective fuzzing for side‐channel cache leakage

Cache-Collision Timing Attacks Against AES