Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks

@article{Ashokkumar2016HighlyEA,
  title={Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks},
  author={C. Ashokkumar and Ravi Prakash Giri and Bernard L. Menezes},
  journal={2016 IEEE European Symposium on Security and Privacy (EuroS\&P)},
  year={2016},
  pages={261-275}
}
Leakage of information between two processes sharing the same processor cache has been exploited in many novel approaches targeting various cryptographic algorithms. The software implementation of AES is an specially attractive target since it makes extensive use of cache-resident table lookups. We consider two attack scenarios where either the plaintext or ciphertext is known. We employ a multi-threaded spy process and ensure that each time slice provided to the victim (running AES) is small… 

Figures and Tables from this paper

An error-tolerant approach for efficient AES key retrieval in the presence of cacheprefetching – experiments, results, analysis
TLDR
A theoretical framework is developed based upon which the AES key retrieval algorithms are not only more efficient in terms of execution time but also require up to 75% fewer blocks of ciphertext compared with previous work.
“S-Box” Implementation of AES Is Not Side Channel Resistant
TLDR
This work devise and implement two strategies to retrieve the complete AES key and presents an analytical model to explain the effect of false positives and false negatives and capture various practical tradeoffs involving number of blocks of plaintext, offline computation time for key retrieval and success probability.
Security evaluation of Cache Mappings Schemes
  • Computer Science
  • 2019
TLDR
This work explores and evaluates the security of various cache mapping functions and proposes a new performance-security product metric to jointly evaluate mapping schemes for both performance and security.
CacheZoom: How SGX Amplifies The Power of Cache Attacks
TLDR
This is the first cache side-channel attack on a real system that can recover AES key recovery with a minimal number of measurements, and can successfully recover AES keys from T-Table based implementations with as few as ten measurements.
Methods for finding the sources of leakage in cache-timing attacks and removing the profiling phase
TLDR
An approach to extract simplified cache timing-behavior models analytically and propose to use these generated models instead of a profiling phase to lead the attack to be considered a more realistic threat than the attack originally proposed by Bernstein.
CacheD: Identifying Cache-Based Timing Channels in Production Software
TLDR
This work proposes a novel technique to help software developers identify potential vulnerabilities that can lead to cache-based timing attacks, and implements the proposed technique as a practical tool named CacheD (Cache Difference), and evaluated it towards multiple real-world cryptosystems.
Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation
TLDR
A novel static analysis method on binaries to detect cache-based side channels and proposes a novel abstract domain called the Secret-Augmented Symbolic domain (SAS), which tracks program secrets and dependencies on them for precision, while it tracks only coarse-grained public information for scalability.
Side-Channel Attacks on Intel SGX: How SGX Amplifies The Power of Cache Attack
TLDR
This work introduces a new and more powerful cache side-channel attack that provides system adversaries a high resolution channel and can successfully recover the AES key from T-Table based implementations in a known plaintext and ciphertext scenario with an average of 15 and 7 samples respectively.
Cache-timing attacks without a profiling phase
TLDR
This work proposes a methodology to model the cache timing-behavior of the target machine by trying hypothetical cache behaviors exhaustively and shows that the proposed nonprofiled Bernstein's attack has comparable performance to the original attack with the profiling phase.
An exploration of effective fuzzing for side‐channel cache leakage
TLDR
This paper proposes a test‐generation methodology, which, in both timing‐based and access‐based dimensions, systematically discovers the cache side‐channel leakage of an arbitrary software program.
...
...

References

SHOWING 1-10 OF 46 REFERENCES
Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice
TLDR
This paper considers the AES block cipher and presents an attack which is capable of recovering the full secret key in almost real time for AES-128, requiring only a very limited number of observed encryptions, and is the first working attack on AES implementations using compressed tables.
Efficient Cache Attacks on AES, and Countermeasures
TLDR
An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts and works by merely monitoring the effect of the cryptographic process on the cache.
Cache Attacks and Countermeasures: The Case of AES
TLDR
An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache.
Cache-Collision Timing Attacks Against AES
TLDR
The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 213 timing samples, an improvement of almost four orders of magnitude over the best previously published attacks of this type.
An Approach for Isolating the Sources of Information Leakage Exploited in Cache-Based Side-Channel Attacks
TLDR
The results demonstrate, for the first time, that the primary source of exploitable information leakage in the Bernstein's AES server, rendering the attack a success, is the unintentional cache contentions between the parts of the OS kernel that handle network communications and the AES encryption code.
Understanding cache attacks
TLDR
This paper points out that both the micro-architecture of the processor and the cache initial state impact the amount of side-channel information which is provided by analyzing the cache behaviour during a symmetric encryption and indicates that some AES key bits can be recovered even if all lookup tables lie in the cache before each encryption.
Improved Trace-Driven Cache-Collision Attacks against Embedded AES Implementations
TLDR
Two attacks that exploit cache events, which are visible in some side channel, to derive a secret key used in an implementation of AES using a new known plaintext attack that can recover a 128-bit key with approximately 30 measurements to reduce the number of key hypotheses to 230.
Cryptanalysis of DES Implemented on Computers with Cache
TLDR
The results of applying an attack against the Data Encryption Standard (DES) implemented in some applications, using side-channel information based on CPU delay as proposed in (11), found that the cipher can be broken with 2 known plaintexts and 2 24 calculations at a success rate > 90%, using a personal computer with 600-MHz Pentium III.
Hardware-software integrated approaches to defend against software cache-based side channel attacks
TLDR
This paper proposes three hardware-software approaches to defend against software cache-based attacks - they present different tradeoffs between hardware complexity and performance overhead and proposes novel software permutation to replace the random permutation hardware in the RPcache.
A Cache Timing Attack on AES in Virtualization Environments
TLDR
It is shown in this paper that the isolation characteristic of system virtualization can be bypassed by the use of a cache timing attack, and that cache timing attacks are highly relevant in virtualization-based security architectures, such as trusted execution environments.
...
...