Cache-Access pattern attack on disaligned AES t-tables

  • Authors:

  • Raphael Spreitzer;Thomas Plos

  • Affiliations:

  • Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Graz, Austria

  • Venue:
  • COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer etal. [20] we gather the cache-memory access patterns of AES T-table implementations and perform a pattern-matching attack in order to recover the used secret key. These T-tables usually do not start at memory addresses which are mapped to the beginning of a specific cache line. Thus, focusing on disaligned AES T-tables allows us to recover the whole secret key by considering only the first round of the AES. We apply the presented cache attack on a Google Nexus S smartphone, which employs a Cortex-A8 processor and runs a fully-functioning operating system. The attack is purely implemented in software and the only requirement is a rooted mobile device. To the best of our knowledge, we are the first to launch an access-driven attack on an ARM Cortex-A processor. Based on our observations of the gathered access patterns we also present an enhancement, which in some cases allows us to recover the secret key without a subsequent brute-force key search.