Cache-Access Pattern Attack on Disaligned AES T-Tables

Raphael Spreitzer; Thomas Plos

Cache-Access Pattern Attack on Disaligned AES T-Tables

Raphael Spreitzer, Thomas Plos

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer et al. we gather the cache-memory access patterns of AES T-table implementations and perform a pattern-matching attack in order to recover the used secret key. These T-tables usually do not start at memory addresses which are mapped to the beginning of a specific cache line. Thus, focusing on disaligned AES T-tables allows us to recover the whole secret key by considering only the first round of the AES. We apply the presented cache attack on a Google Nexus S smartphone, which employs a Cortex-A8 processor and runs a fully-functioning operating system. The attack is purely implemented in software and the only requirement is a rooted mobile device. To the best of our knowledge, we are the first to launch an access-driven attack on an ARM Cortex-A processor. Based on our observations of the gathered access patterns we also present an enhancement, which in some cases allows us to recover the secret key without a subsequent brute-force key search.

Originalsprache	englisch
Titel	Constructive Side-Channel Analysis and Secure Design - COSADE 2013, 4th International Workshop, Paris, France, March 7-8, 2013, Proceedings.
Herausgeber (Verlag)	Springer
Seiten	200-214
Publikationsstatus	Veröffentlicht - 2013
Veranstaltung	International Workshop on Constructive Side-Channel Analysis and Secure Design - Paris, Frankreich Dauer: 7 März 2013 → 8 März 2013

Publikationsreihe

Name	Lecture Notes in Computer Science
Herausgeber (Verlag)	Springer

Konferenz

Konferenz	International Workshop on Constructive Side-Channel Analysis and Secure Design
Land/Gebiet	Frankreich
Ort	Paris
Zeitraum	7/03/13 → 8/03/13

Fields of Expertise

Information, Communication & Computing

Treatment code (Nähere Zuordnung)

Application

Zugriff auf Dokument

paper.pdfEndgültige, publizierte Fassung, 424 KB

FWF -ReSIT - Umsetzung eines sicheren Internets der Dinge
Hutter, M., Wenger, E., Schmidt, J., Mendel, F., Mangard, S. & Posch, R.
1/07/12 → 31/05/16
Projekt: Forschungsprojekt

Dieses zitieren

Cache-Access Pattern Attack on Disaligned AES T-Tables. / Spreitzer, Raphael; Plos, Thomas.
Constructive Side-Channel Analysis and Secure Design - COSADE 2013, 4th International Workshop, Paris, France, March 7-8, 2013, Proceedings.. Springer, 2013. S. 200-214 (Lecture Notes in Computer Science).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Spreitzer, R & Plos, T 2013, Cache-Access Pattern Attack on Disaligned AES T-Tables. in Constructive Side-Channel Analysis and Secure Design - COSADE 2013, 4th International Workshop, Paris, France, March 7-8, 2013, Proceedings.. Lecture Notes in Computer Science, Springer, S. 200-214, International Workshop on Constructive Side-Channel Analysis and Secure Design, Paris, Frankreich, 7/03/13.

@inproceedings{57229311dcaa478ebea4ac149032a030,

title = "Cache-Access Pattern Attack on Disaligned AES T-Tables",

abstract = "Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer et al. we gather the cache-memory access patterns of AES T-table implementations and perform a pattern-matching attack in order to recover the used secret key. These T-tables usually do not start at memory addresses which are mapped to the beginning of a specific cache line. Thus, focusing on disaligned AES T-tables allows us to recover the whole secret key by considering only the first round of the AES. We apply the presented cache attack on a Google Nexus S smartphone, which employs a Cortex-A8 processor and runs a fully-functioning operating system. The attack is purely implemented in software and the only requirement is a rooted mobile device. To the best of our knowledge, we are the first to launch an access-driven attack on an ARM Cortex-A processor. Based on our observations of the gathered access patterns we also present an enhancement, which in some cases allows us to recover the secret key without a subsequent brute-force key search.",

author = "Raphael Spreitzer and Thomas Plos",

year = "2013",

language = "English",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "200--214",

booktitle = "Constructive Side-Channel Analysis and Secure Design - COSADE 2013, 4th International Workshop, Paris, France, March 7-8, 2013, Proceedings.",

note = "International Workshop on Constructive Side-Channel Analysis and Secure Design ; Conference date: 07-03-2013 Through 08-03-2013",

}

TY - GEN

T1 - Cache-Access Pattern Attack on Disaligned AES T-Tables

AU - Spreitzer, Raphael

AU - Plos, Thomas

PY - 2013

Y1 - 2013

N2 - Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer et al. we gather the cache-memory access patterns of AES T-table implementations and perform a pattern-matching attack in order to recover the used secret key. These T-tables usually do not start at memory addresses which are mapped to the beginning of a specific cache line. Thus, focusing on disaligned AES T-tables allows us to recover the whole secret key by considering only the first round of the AES. We apply the presented cache attack on a Google Nexus S smartphone, which employs a Cortex-A8 processor and runs a fully-functioning operating system. The attack is purely implemented in software and the only requirement is a rooted mobile device. To the best of our knowledge, we are the first to launch an access-driven attack on an ARM Cortex-A processor. Based on our observations of the gathered access patterns we also present an enhancement, which in some cases allows us to recover the secret key without a subsequent brute-force key search.

AB - Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer et al. we gather the cache-memory access patterns of AES T-table implementations and perform a pattern-matching attack in order to recover the used secret key. These T-tables usually do not start at memory addresses which are mapped to the beginning of a specific cache line. Thus, focusing on disaligned AES T-tables allows us to recover the whole secret key by considering only the first round of the AES. We apply the presented cache attack on a Google Nexus S smartphone, which employs a Cortex-A8 processor and runs a fully-functioning operating system. The attack is purely implemented in software and the only requirement is a rooted mobile device. To the best of our knowledge, we are the first to launch an access-driven attack on an ARM Cortex-A processor. Based on our observations of the gathered access patterns we also present an enhancement, which in some cases allows us to recover the secret key without a subsequent brute-force key search.

M3 - Conference paper

T3 - Lecture Notes in Computer Science

SP - 200

EP - 214

BT - Constructive Side-Channel Analysis and Secure Design - COSADE 2013, 4th International Workshop, Paris, France, March 7-8, 2013, Proceedings.

PB - Springer

T2 - International Workshop on Constructive Side-Channel Analysis and Secure Design

Y2 - 7 March 2013 through 8 March 2013

ER -

Cache-Access Pattern Attack on Disaligned AES T-Tables

Abstract

Publikationsreihe

Konferenz

Fields of Expertise

Treatment code (Nähere Zuordnung)

Zugriff auf Dokument

Fingerprint

Projekte

FWF -ReSIT - Umsetzung eines sicheren Internets der Dinge

Dieses zitieren