A Practical Implementation of a New Flush+Reload Side Channel Attack on AES

Document Type : Original Article

Authors

Abstract

Since multiple memory accesses are time consuming, processors use cache to optimize runtime. The cache leads to temporal changes in the implementation of a program and is one of the most important source of information leakage in the timing side channel. Flush+Reload attack is a series of Cache Side Channel attack that the most important characteristics of this attack can be used to identify access to a particular memory line and target being the lowest level cache (LLC) noted that these features lead to increased precision of attack and its usability. In this paper, a new Flush+Reload attack (of the chosen plaintext attack) on the AES implemented in the OpenSSL is presented. While the previous Flush+Reload attack on AES requires about 400000 encryption operations, the attack presented in this paper, required only about 100 encryption operations to fully recover encryption keys. The attack described in this paper is implemented in practice and the actual results confirm the attack’s integrity.

Keywords

References

[1]     Jahanbani, M.; Noroozi, Z.; Bagheri, N. “FPGA Implementation of Cryptographic Systems Based on Tate Pairing on Binary Field”; J. Adv. Defence Sci. Technol. 2016, 7, 95-106.##
[2]     Rebeiro, C.; Mukhopadhyay, D.; Bhattacharya, S. “Timing Channel Cryptography “; Springer, 2015.##
[3]     Aciicmez, O.; Schindler, W.; Koc, C. K. “Cache Based Remote Timing Attack on the AES”; Proc. Int. Conf. CT-RSA, 2007, 271-286.##
[4]     Aly, H.; ElGayyar, M. “Attacking AES Using Bernstein’s Attack on Modern Processors”; Proc. Int. Conf. AFRICACRYPT, 2013, 127-139.##
[5]     Neve, M.; Seifert, J. P.; Wang, Z. “A Refined Look at Bernstein’s AES Side-Channel Analysis”; Proc. Int. Conf. ASIACCS, 2006. ##
[6]     Bonneau, J.; Mironov, I. “Cache-Collision Timing Attacks against AES”; Proc. Int. Conf.  CHES, 2006.##
[7]     Percival, C. “Cache Missing for Fun and Profit”; 2005.##
[8]     Neve, M.; Seifert, J. P. “Advances on Access-Driven Cache Attacks on AES”; International Workshop on Selected Areas in Cryptography: Selected Areas in Cryptography 2006, 147-162.##
[9]     Tromer, E.; Osvik, D. A.; Shamir, A. “Efficient Cache Attacks on AES and Countermeasures”; J. Cryptology 2010, 23, 37–71.##
[10]     Hu, W. M. “Lattice Scheduling and Covert Channels”; Proc. IEEE Computer Soc. Symp. Res. Security and Privacy 1992, 52.##
[11]     Kelsey, J.; Schneier, B.; Wagner, D.; Hall, C. “Side Channel Cryptanalysis of Product Ciphers”; J. Computer Security 2000, 8, 141-158.##
[12]     Tsunoo, Y.; Saito, T.; Suzaki, T.; Shigeri, M. “Cryptanalysis of DES Implemented on Computers with Cache”; Proc. Int. Conf. CHES  2003, 62-76.##
[13]     Bernstein, D. J. “Cache-Timing Attacks on AES”; 2004.##
[14]     Tiri, K.; Aciicmez, O.; Neve, M.; Andersen, F. “An Analytical Model for Time-Driven Cache Attacks”; Proc. Int. Conf.  FSE 2007, 399-413.##
[15]     Gullasch, D.; Bangerter, E.; Krenn, S. “Cache Games Bringing Access-Based Cache Attacks on AES”; IEEE Symposium on Security and Privacy 2011, 490-505.##
[16]     Irazoqui, G.; Sinan Inci, M.; Eisenbarth, T.; Sunar, B. “Wait a minute! A fast, Cross-VM Attack on AES”; Int. Workshop on Recent Advances in Intrusion Detection 2014, 299-319.##
[17]     Rebeiro, C.; Mukhopadhyay, D.; Bhattacharya, S. “Timing Channels in Cryptography: A Micro-Architectural Perspective”; Springer, 2014.##
[18]  Inci, M. S.; Gulmezoglu, B.; Irazoqui, G.; Eisenbarth, T.; Sunar, B. “Cache Attacks Enable Bulk Key Recovery on the Cloud”; Int. Conf. Cryptographic Hardware and Embedded Systems 2016, 368-388.##
[19]  Lipp, M.; Gruss, D.; Spreitzer, R.; Maurice, C.; Mangard, S. “ARMageddon: Cache Attacks on Mobile Devices”; USENIX Security Symposium 2016, 549-564.##
[20]     Yarom, Y.; Benger, N. “Recovering OpenSSL ECDSA Nonces Using the FLUSH+ RELOAD Cache Side-Channel Attack”; IACR Cryptology ePrint Archive, 2014, 140.##
[21]     Ge, Q.; Yarom, Y.; Li, F.; Heiser, G. “Contemporary Processors are Leaky–and there’s nothing You Can Do about It”; The Computing Research Repository arXiv. 2016.##
[22]     Brumley B. B. “Covert Timing Channels, Caching, and Cryptography”; Ph.D. Thesis, Aalto University, 2011.##
[23]     Yarom, Y.; Genkin, D.; Heninger, N. “CacheBleed: A Timing Attack on OpenSSL Constant-Time RSA”; J. Cryptographic Eng. 2017, 7, 99-112.##
[24]     Osvik, D. A.; Shamir, A.; Tromer, E. “Cache Attacks and Countermeasures: the Case of AES”; Cryptographers’ Track at the RSA Conference, 2006, 1-20.##
[25]     Yarom, Y.; Falkner, K. “FLUSH+ RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack”; USENIX Security Symposium, 2014, 1, 22-25.##
[26]     Rebeiro, C.; Mukhopadhyay, D.; Bhattacharya, S. “Access-Driven Cache Attacks on Block Ciphers”; Timing Channels in Cryptography 2015, 109-24.##
[27]     Daemen, J.; Rijmen, V. “The Design of Rijndael: AES-the Advanced Encryption Standard”; Springer Science & Business Media, 2013.##
[28]     Gulmezoglu, B.; Sinan, B.; Inci, M. S.; Irazoqui, G.; Eisenbarth, T.; Sunar, B. “A Faster and More Realistic Flush+Reload Attack on AES”; Proc. Int. Conf.  COSADE 2015, 111–126.##
[29]  Yarom, Y. “Microarchitectural Side-Channel Attacks”; Proc. Int. Conf. CHES 2016, Tutorial Part 2.##
Journal of Advanced Defense Science & Technology
Volume 10, Issue 4 - Serial Number 38
September 2020
Pages 383-392

Files

History

  • Receive Date: 06 August 2018
  • Revise Date: 08 November 2018
  • Accept Date: 08 January 2019
  • Publish Date: 21 January 2020

Share

How to cite

Statistics