A Generic Method for the Analysis of a Class of Cache Attacks: A Case Study for AES

In this paper, we present a methodology to evaluate the feasibility, effectiveness and complexity of a class of cache-based side-channel attacks. The methodology provides estimates on the lower bound of the required number of observations on the side channel and the number of trials for a successful...

Full description

Saved in:
Bibliographic Details
Published inComputer journal Vol. 58; no. 10; pp. 2716 - 2737
Main Authors Savas, Erkay, Yilmaz, Cemal
Format Journal Article
LanguageEnglish
Published Oxford Oxford Publishing Limited (England) 01.10.2015
Subjects
Algorithms
Cache
Case studies
Channels
Cryptography
Data encryption
Entropy
Estimates
Feasibility
Mathematical models
Methodology
Software
Online AccessGet full text
ISSN0010-4620
1460-2067
DOI10.1093/comjnl/bxv027

Cover

More Information
Summary:In this paper, we present a methodology to evaluate the feasibility, effectiveness and complexity of a class of cache-based side-channel attacks. The methodology provides estimates on the lower bound of the required number of observations on the side channel and the number of trials for a successful attack. As a case study, a weak implementation of the Advanced Encryption Standard algorithm is selected to apply the proposed methodology to three different categories of cache-based attacks; namely, access-driven, trace-driven and time-driven attacks. The approach, however, is generic in the sense that it can be utilized in other algorithms that are subject to the micro-architectural side-channel attacks. The adopted approach bases its analysis method partially on the conditional entropy of secret keys given the observations of the intermediate variables in software implementations of cryptographic algorithms via the side channel and explores the extent to which the observations can be exploited in a successful attack. Provided that the intermediate variables are relatively simple functions of the key material and the known inputs or outputs of cryptographic algorithms, a successful attack is theoretically feasible. Our methodology emphasizes the need for an analysis of this leakage through such intermediate variables and demonstrates a systematic way to measure it. The method allows us to explore every attack possibility, estimate the feasibility of an attack, and compare the efficiency and the costs of different attack strategies to determine an optimal level of effective countermeasures.
Bibliography:SourceType-Scholarly Journals-1
ObjectType-Feature-1
content type line 14
ObjectType-Article-1
ObjectType-Feature-2
content type line 23
ISSN:0010-4620
1460-2067
DOI:10.1093/comjnl/bxv027