440 likes | 947 Views
AES Side Channel Attacks. Biru Cui Sam Skalicky. Outline. AES algorithm Side channel attacks Side channel attack against AES Cache-collision timing attack against AES Countermeasures. AES Algorithm. Key Expansion Initial Round Add Round Key – bitwise xor Rounds Sub Bytes - Sbox
E N D
AES Side Channel Attacks Biru Cui Sam Skalicky
Outline • AES algorithm • Side channel attacks • Side channel attack against AES • Cache-collision timing attack against AES • Countermeasures
AES Algorithm • Key Expansion • Initial Round • Add Round Key – bitwise xor • Rounds • Sub Bytes - Sbox • Shift Rows – rows shifted cyclically • Mix Columns – mixing operation on the columns • AddRoundKey • Final Round (no Mix Columns) • Sub Bytes • Shift Rows • Add Round Key
AES Algorithm • AES Lookup Table Optimizations • Transposed State by Bertoni • Speedup in decryption • CAM based by Li • Combined Sbox& inv Sbox into single table • FPGA implementations • Pre-computed GF ops in LUTs
Attacks on AES • Brute force • Related Key • Side Channel
Side Channel Attacks • Attacks through some implementation deficiency • Timing of computations • Power Analysis • Fault Injection • Electromagnetic Radiation • Acoustic Cryptanalysis • Cache
Cache-collision timing attack against AES • Cache collision • Hit • Miss • Time
Process Operation • Cache observation CFS - Scheduler Victim Process Spy Process Cache
AES Cache Side Channel Attack • AES-128 • Key recovery after observing ~100 encryptions • Implementation in Linux against OpenSSL 0.9.8n • Program does not require special privileges on the host machine • Linux kernel task scheduler compromised • Observe every memory access • (CFG) Completely Fair Scheduler
AES Cache Attack Features • No heuristic info about plain/cyphertexts • Works against compressed tables • 2 phase operation: • Observation • ~100 encryptions • ~2-3 seconds • Analysis • ~3 minutes
Process Operation • Cache observation CFS - Scheduler Victim Process Spy Process Cache
Cache-collision timing attack against AES • AES: operations on each byte
Cache-collision timing attack against AES • System information • Pentium III 1.0 GHz • L1 cache 32K (split data/instr.) • L2 cache 256K • “T” lookup table size 256x256=64k • Implication • If the table is fully loaded in the cache, then there is no cache miss. This is important for why we can do first round and final round attack.
Cache-collision timing attack against AES • AES: the computation of every round
Cache-collision timing attack against AES Plaintext Key xor Table Key xor Table … Table Key xor [6]
Cache-collision timing attack against AES Plaintext If a plaintext byte is known, as well as a first-round table lookup, a key byte is learned Key xor Table Key xor Table … Table Key xor [6]
Cache-collision timing attack against AES • First Round Attack • Spy process flush the cache • The lookup table is not in the cache. In other words, the cache collision is only due to same lookup table access index.
Cache-collision timing attack against AES • First Round Attack
Cache-collision timing attack against AES • First Round Attack • If cache hits ( access time less than average access time) • Counts the average encryption time for all and pair. If there is a low average time occurs for a pair and , there is high probability that .
Cache-collision timing attack against AES • Final Round Attack • The final round lookup table is different from previous lookup table , so there is no in the cache. And if there is a collision, it’s due to same lookup table index.
Cache-collision timing attack against AES • Final Round Attack • No MixColumns operations
Cache-collision timing attack against AES • Final Round Attack
Cache-collision timing attack against AES • Final Round Attack • If cache hits ( access time less than average access time) • Counts the average encryption time for all and pair. If there is a low average time occurs for a pair and , there is high probability that .
Countermeasures • AES can be performed without using lookup tables • Give OS ability to partition cache between processes • Put AES table into ROM, add special instructions • Separate AES hardware on chip (new Intel CPUs)
References • [1] Rijndel flash movie: http://www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf • [2] G. Bertoni, et al.,"Efficient Software Implementation of AES on 32-Bit Platforms” • [3] H. Li, "A New CAM Based S/S−1-Box Look-up Table in AES” • [4] M. McLoone et al. "Rijndael FPGA Implementations Utilising Look-Up Tables” • [5] D. Gullasch et al. "Cache Games – Bringing Access-Based Cache Attacks on AES to Practice“ • [6] J. Bonneau et al. “Cache-Collision Timing Attacks Against AES” • [7] Dag Arne Osvik et al. “Cache Attacks and Countermeasures: the Case of AES”