Differential cache-collision timing attacks on AES with applications to embedded CPUs

Authors:
Andrey Bogdanov;Thomas Eisenbarth;Christof Paar;Malte Wienecke
Affiliations:
Dept. ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Belgium;Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany;Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany;Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany
Venue:
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Year:
2010

Citing 9
Cited 5

The Design of Rijndael

The Design of Rijndael
A Practical Implementation of the Timing Attack

CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Improving cache attacks by considering cipher structure

International Journal of Information Security
Side channel cryptanalysis of product ciphers

Journal of Computer Security
Accelerating AES with Vector Permute Instructions

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Cache attacks and countermeasures: the case of AES

CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Cache based remote timing attack on the AES

CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology

Improved trace-driven cache-collision attacks against embedded AES implementations

WISA'10 Proceedings of the 11th international conference on Information security applications
Wide collisions in practice

ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Unraveling timewarp: what all the fuzz is about?

Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
Cache-Access pattern attack on disaligned AES t-tables

COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
Remote cache-timing attacks against AES

Proceedings of the First Workshop on Cryptography and Security in Computing Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper proposes a new type of cache-collision timing attacks on software implementations of AES. Our major technique is of differential nature and is based on the internal cryptographic properties of AES, namely, on the MDS property of the linear code providing the diffusion matrix used in the MixColumns transform. It is a chosen-plaintext attack where pairs of AES executions are treated differentially. The method can be easily converted into a chosen-ciphertext attack. We also thoroughly study the physical behavior of cache memory enabling this attack. On the practical side, we demonstrate that our theoretical findings lead to efficient real-world attacks on embedded systems implementing AES at the example of ARM9. As this is one of the most wide-spread embedded platforms today [7], our experimental results might make a revision of the practical security of many embedded applications with security functionality necessary. To our best knowledge, this is the first paper to study cache timing attacks on embedded systems.