Abstract
The Advanced Encryption Standard (AES) was selected by NIST due to its heavy resistance against classical cryptanalysis like differential and linear cryptanalysis. Even after the appearance of the modern side-channel attacks like timing and power consumption side-channel attacks, NIST claimed that AES is not vulnerable to timing attacks. In 2005, Bernstein [6] has successfully attacked the OpenSSL AES implementation on a Pentium III processor and completely retrieved the full AES key using his cache timing side-channel attack. This paper reproduces Bernstein’s attack on Pentium Dual-Core and Core 2 Duo processors. We have successfully attacked the AES implemented in the latest OpenSSL release 1.0.1c using the most recent GCC compiler 4.7.0 running on both Windows and Linux in some seconds by sending 222 plaintexts at most. We improved Bernstein’s first round attack by using 2 way measurements. Instead of using only the above average timing information, we added the above minimum timing information which significantly improved the results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Acıiçmez, O., Koç, Ç.: Trace-driven cache attacks on AES (short paper). Information and Communications Security, 112–121 (2006)
Acıiçmez, O., Koç, K.: Microarchitectural attacks and countermeasures. Cryptographic Engineering, 475–504 (2009)
Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Abe, M. (ed.) CT-RSA 2007. LNCS, vol. 4377, pp. 271–286. Springer, Heidelberg (2006)
Acıiçmez, O., Schindler, W., Koç, Ç.: Improving Brumley and Boneh timing attack on unprotected SSL implementations. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 139–146. ACM (2005)
Bar-El, H.: Introduction to side channel attacks, vol. 43. Discretix Technologies Ltd. (2003)
Bernstein, D.: Cache-timing attacks on AES (2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES power attack based on induced cache miss and countermeasure. In: International Conference on Information Technology: Coding and Computing, ITCC 2005, vol. 1, pp. 586–591. IEEE (2005)
Bonneau, J.: Robust final-round cache-trace attacks against AES. Tech. rep., Citeseer (2006)
Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 201–215. Springer, Heidelberg (2006)
Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th Conference on USENIX Security Symposium, vol. 12, p. 1. USENIX Association (2003)
Canteaut, A., Lauradoux, C., Seznec, A.: Understanding cache attacks (2006)
Gallais, J., Kizhvatov, I., Tunstall, M.: Improved trace-driven cache-collision attacks against embedded AES implementations. Information Security Applications, 243–257 (2011)
Gullasch, D., Bangerter, E., Krenn, S.: Cache games–bringing access-based cache attacks on AES to practice. In: 2011 IEEE Symposium on Security and Privacy (SP), pp. 490–505. IEEE (2011)
Jayasinghe, D., Fernando, J., Herath, R., Ragel, R.: Remote cache timing attack on Advanced Encryption Standard and countermeasures. In: 2010 5th International Conference on Information and Automation for Sustainability (ICIAFs), pp. 177–182. IEEE (2010)
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97–110. Springer, Heidelberg (1998)
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Lauradoux, C.: Collision attacks on processors with cache and countermeasures. In: Western European Workshop on Research in Cryptology WEWoRC, vol. 5, pp. 76–85 (2005)
MIRACL: Multiprecision Integer and Rational Arithmetic C/C++ Library. Shamus Software Ltd., Dublin, http://www.shamus.ie
Mowery, K., Keelveedhi, S., Shacham, H.: Are AES x86 cache timing attacks still feasible? In: Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, pp. 19–24. ACM (2012)
Nechvatal, J., Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J., Roback, E.: Report on the development of the Advanced Encryption Standard (AES). Journal of Research of the National Institute of Standards and Technology 106(3) (2001), http://archive.org/details/jresv106n3p511
Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147–162. Springer, Heidelberg (2007)
Neve, M., Seifert, J., Wang, Z.: Cache time-behavior analysis on AES. In: Selected Area of Cryptology (2006)
Neve, M., Seifert, J., Wang, Z.: A refined look at Bernstein’s AES side-channel analysis. In: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications security. pp. 369–369. ACM (2006)
O’Hanlon, M., Tonge, A.: Investigation of cache timing attacks on AES. School of Computing, Dublin City University (2005)
OpenSSL: The open source toolkit for SSL/TLS, http://www.openssl.org
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. Tech. rep., Citeseer (2002)
Page, D.: Defending against cache-based side-channel attacks. Information Security Technical Report 8(1), 30–44 (2003)
Percival, C.: Cache missing for fun and profit. In: BSDCan 2005 (2005)
Rebeiro, C., Mondal, M., Mukhopadhyay, D.: Pinpointing cache timing attacks on AES. In: 23rd International Conference on VLSI Design, VLSID 2010, pp. 306–311. IEEE (2010)
Rijmen, V., Bosselaers, A., Barreto, P.: Optimised ANSI C code for the Rijndael cipher (now AES). Public domain software (2000), http://fastcrypto.org/front/misc/rijndael-alg-fst.c
Tiri, K., Acıiçmez, O., Neve, M., Andersen, F.: An analytical model for time-driven cache attacks. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 399–413. Springer, Heidelberg (2007)
Tromer, E., Osvik, D., Shamir, A.: Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23(1), 37–71 (2009)
Tsunoo, Y.: Cryptanalysis of block ciphers implemented on computers with cache. In: Preproceedings of ISITA 2002 (2002)
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)
Zhao, X., Wang, T.: Improved cache trace attack on AES and CLEFIA by considering cache miss and S-box misalignment. Tech. rep., Cryptology ePrint Archive, Report 2010/056 (2010)
Zhao, X., Wang, T., Dong, M., Yuanyuan, Z., Zhaoyang, L.: Robust first two rounds access driven cache timing attack on AES. In: 2008 International Conference on Computer Science and Software Engineering, vol. 3, pp. 785–788. IEEE (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aly, H., ElGayyar, M. (2013). Attacking AES Using Bernstein’s Attack on Modern Processors. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds) Progress in Cryptology – AFRICACRYPT 2013. AFRICACRYPT 2013. Lecture Notes in Computer Science, vol 7918. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38553-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-38553-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38552-0
Online ISBN: 978-3-642-38553-7
eBook Packages: Computer ScienceComputer Science (R0)