A generic method for the analysis of a class of cache attacks: a case study for AES

Savaş, Erkay and Yılmaz, Cemal (2015) A generic method for the analysis of a class of cache attacks: a case study for AES. Computer Journal, 58 (10). pp. 2716-2737. ISSN 0010-4620 (Print) 1460-2067 (Online)

Full text not available from this repository. (Request a copy)


In this paper, we present a methodology to evaluate the feasibility, effectiveness and complexity of a class of cache-based side-channel attacks. The methodology provides estimates on the lower bound of the required number of observations on the side channel and the number of trials for a successful attack. As a case study, a weak implementation of the Advanced Encryption Standard algorithm is selected to apply the proposed methodology to three different categories of cache-based attacks; namely, access-driven, trace-driven and time-driven attacks. The approach, however, is generic in the sense that it can be utilized in other algorithms that are subject to the micro-architectural side-channel attacks. The adopted approach bases its analysis method partially on the conditional entropy of secret keys given the observations of the intermediate variables in software implementations of cryptographic algorithms via the side channel and explores the extent to which the observations can be exploited in a successful attack. Provided that the intermediate variables are relatively simple functions of the key material and the known inputs or outputs of cryptographic algorithms, a successful attack is theoretically feasible. Our methodology emphasizes the need for an analysis of this leakage through such intermediate variables and demonstrates a systematic way to measure it. The method allows us to explore every attack possibility, estimate the feasibility of an attack, and compare the efficiency and the costs of different attack strategies to determine an optimal level of effective countermeasures.
Item Type: Article
Uncontrolled Keywords: cache attacks; timing attacks; side-channel attacks
Subjects: Q Science > Q Science (General)
Divisions: Faculty of Engineering and Natural Sciences > Academic programs > Computer Science & Eng.
Faculty of Engineering and Natural Sciences
Depositing User: Cemal Yılmaz
Date Deposited: 21 Dec 2015 12:51
Last Modified: 23 Aug 2019 13:01
URI: https://research.sabanciuniv.edu/id/eprint/28136

Actions (login required)

View Item
View Item