Abstract
This paper proposes a new highly-accurate key extraction method for access-driven cache attacks (CAs). We show that a mathematical correlation method can be utilized to evaluate quantitatively the access-driven CAs. To the best of our knowledge, this is the first study on CAs that clarifies precisely and mathematically the key candidate space based on memory allocation, and analyzes quantitatively how the correlation values change based on the number of plaintexts. We show empirical improvement of the proposed method based on real processors. We correctly examine the correlation between the access timing data and the key within a few minutes even in a noisy environment. Based on the proposed method, we show the key candidate space with the mathematical proof and find the relationship between the correlation values and the number of plaintexts needed to examine the required number of plaintexts for a successful attack.
This paper is an extended and improved version of two technical reports: concept [1] and its application [2].
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Takahashi, J., Sakamoto, H., Fukunaga, T., Fuji, H., Sakiyama, K.: Automatic Evaluation Method of Access-Driven Cache Attack. In: The 29th Symposium on Cryptography and Information Security (SCIS 2012), p. 2C2-2, 7 pages (2012) (in Japanese)
Takahashi, J., Fukunaga, T.: Analysis on Number of Plaintexts for Cache Attacks Using Highly Accurate Key Extraction Method. In: The 30th Symposium on Cryptography and Information Security (SCIS 2013), p. 3E3-3, 8 pages (2013) (in Japanese)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 97–110. Springer, Heidelberg (1998)
Page, D.: Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel. Technical Report CSTR-02-003, Department of Computer Science, University of Bristol (2002)
Page, D.: Defending against cache based side-channel attacks. Information Security Technical Report 8(1), 30–44 (2003)
Tsunoo, Y., Tsujihara, E., Minematsu, K., Miyauchi, H.: Cryptanalysis of Block Ciphers Implemented on Computers with Cache. In: Proc of ISITA 2002 (2002)
Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES Implemented on Computers with Cache. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 62–76. Springer, Heidelberg (2003)
Bernstein, D.J.: Cache Timing Attacks on AES (April 2005), http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
Tiri, K., Acıiçmez, O., Neve, M., Andersen, F.: An Analytical Model for Time-Driven Cache Attacks. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 399–413. Springer, Heidelberg (2007)
Acıiçmez, O., Koç, Ç.K.: Trace-Driven Cache Attacks on AES (Short Paper). In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 112–121. Springer, Heidelberg (2006)
Bertoni, G., Zaccaria, V., Breveglieri, L., Monchiero, M., Palermo, G.: AES Power Attack Based on Induced Cache Miss and Countermeasure. In: ITCC 2005, vol. 1, pp. 586–591. IEEE Computer Society (2005)
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23(1), 37–71 (2010)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: The case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)
Neve, M., Seifert, J.-P.: Advances on Access-Driven Cache Attacks on AES. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 147–162. Springer, Heidelberg (2007)
Xinjie, Z., Tao, W.: Dong, Mi., Yuanyuan, Z., Zhaoyang, L.: Robust First Two Rounds Access Driven Cache Timing Attack on AES. In: CSSE 2008, pp. 785–788. IEEE Computer Society (2008)
Spreitzer, R., Plos, T.: Cache-Access Pattern Attack on Disaligned AES T-Tables. Pre-Proceedings of the Fourth International Workshop on Constructive Side-Channel Analysis and Secure Design, COSADE 2013 (2013)
Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In: ACM CCS 2009, pp. 199–212 (2009)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks -Revealing the Secret of Smart Cards. Springer-Verlag New York Inc. (C); ISBN: 978-0-387-30857-9
OpenSSL, Cryptography and SSL/TLS Toolkit, http://www.openssl.org/
Xinjie, Z., Tao, W.: Improved Cache Trace Attack on AES and CLEFIA by Considering Cache Miss and S-box Misalignment. IACR Cryptology ePrint Archive 2010/056 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Takahashi, J., Fukunaga, T., Aoki, K., Fuji, H. (2013). Highly Accurate Key Extraction Method for Access-Driven Cache Attacks Using Correlation Coefficient. In: Boyd, C., Simpson, L. (eds) Information Security and Privacy. ACISP 2013. Lecture Notes in Computer Science, vol 7959. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39059-3_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-39059-3_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39058-6
Online ISBN: 978-3-642-39059-3
eBook Packages: Computer ScienceComputer Science (R0)