AES Side Channel Attacks

Biru CuiSam Skalicky

Outline

• AES algorithm• Side channel attacks• Side channel attack against AES• Cache-collision timing attack against AES• Countermeasures

AES Algorithm• Key Expansion• Initial Round

– Add Round Key – bitwise xor• Rounds

– Sub Bytes - Sbox– Shift Rows – rows shifted cyclically– Mix Columns – mixing operation on the columns– AddRoundKey

• Final Round (no Mix Columns)– Sub Bytes– Shift Rows– Add Round Key

Rijndel Starting Data

Rijndel AES Steps

Rijndel Sub Bytes

Rijndel Shift Rows

Rijndel Mix Columns

Rijndel Add Round Key

AES Algorithm

• AES Lookup Table Optimizations– Transposed State by Bertoni• Speedup in decryption

– CAM based by Li• Combined Sbox& inv Sbox into single table

– FPGA implementations• Pre-computed GF ops in LUTs

Attacks on AES

• Brute force• Related Key• Side Channel

Side Channel Attacks

• Attacks through some implementation deficiency– Timing of computations– Power Analysis– Fault Injection– Electromagnetic Radiation– Acoustic Cryptanalysis– Cache

Cache-collision timing attack against AES

• Cache collision– Hit– Miss– Time

Process Operation

• Cache observation

Victim Process Spy Process

CFS - Scheduler

AES Cache Side Channel Attack

• AES-128• Key recovery after observing ~100 encryptions• Implementation in Linux against OpenSSL 0.9.8n• Program does not require special privileges on

the host machine• Linux kernel task scheduler compromised– Observe every memory access– (CFG) Completely Fair Scheduler

AES Cache Attack Features

• No heuristic info about plain/cyphertexts• Works against compressed tables• 2 phase operation:– Observation• ~100 encryptions• ~2-3 seconds

– Analysis• ~3 minutes

Process Operation

• Cache observation

Victim Process Spy Process

CFS - Scheduler

• AES: operations on each byte

• System information– Pentium III 1.0 GHz

• L1 cache 32K (split data/instr.)• L2 cache 256K

– “T” lookup table size 256x256=64k

• Implication– If the table is fully loaded in the cache, then there is no

cache miss. This is important for why we can do first round and final round attack.

• AES: the computation of every round

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

# of cache collisions

Actual Results, Pentium III

Key xor

Plaintext

…Key xor

Key xor

Plaintext

…Key xor

Key xor

If a plaintext byte is known, as well as a first-round table lookup, a key byte is learned

• First Round Attack– Spy process flush the cache– The lookup table is not in the cache. In other

words, the cache collision is only due to same lookup table access index.

• First Round Attack

• First Round Attack– If cache hits ( access time less than average access

time)– Counts the average encryption time for all and pair. If there is a low average time occurs for a

pair and , there is high probability that .

jpip jp

jiji kkpp

• Final Round Attack– The final round lookup table is different from

previous lookup table , so there is no in the cache. And if there is a collision, it’s due to same lookup table index.

4T3210 ,,, TTTT

• Final Round Attack– No MixColumns operations

• Final Round Attack

• Final Round Attack– If cache hits ( access time less than average access

time)– Counts the average encryption time for all and pair. If there is a low average time occurs for a

pair and , there is high probability that .

ic jc1010jiji kkcc

• ResultAttack Encryptions needed Sample type

Bernstein Plaintext/timing

Tesunoo Plaintext/timing

First/Final round attack

Plaintext/timing

262152

Countermeasures

– AES can be performed without using lookup tables– Give OS ability to partition cache between

processes– Put AES table into ROM, add special instructions– Separate AES hardware on chip (new Intel CPUs)

References• [1] Rijndel flash movie:http://www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf• [2] G. Bertoni, et al.,"Efficient Software Implementation of AES on

32-Bit Platforms”• [3] H. Li, "A New CAM Based S/S−1-Box Look-up Table in AES”• [4] M. McLoone et al. "Rijndael FPGA Implementations Utilising

Look-Up Tables”• [5] D. Gullasch et al. "Cache Games – Bringing Access-Based Cache

Attacks on AES to Practice“• [6] J. Bonneau et al. “Cache-Collision Timing Attacks Against AES”• [7] Dag Arne Osvik et al. “Cache Attacks and Countermeasures: the

Case of AES”

Backup slides

Original Mix Columns Equations

Revised Mix Columns Equations

FPGA LUT Implementation

AES Side Channel Attacks

Documents

Transcript of AES Side Channel Attacks

Improved Key Recovery Attacks on Reduced-Round AES in the ... · Improved Key Recovery Attacks on Reduced-Round AES in the Single-Key Setting PatrickDerbez,Pierre-AlainFouque,andJérémyJean

Exploiting Cache-Timing in AES: Attacks and Countermeasures

Review of Side Channel Attacks and Countermeasures on …infonomics-society.org/wp-content/uploads/jitst/...2. Side Channel Attacks (SCAs) on ECC, RSA, and AES The implementations

Multiple-Diﬀerential Side-Channel Collision Attacks on AES · 2017. 8. 25. · Multiple-Diﬀerential Side-Channel Collision Attacks on AES 33 in one or two distinct runs process

Intro to Physical Side Channel Attacks · Side Channel Attacks Classification •Non-Profiled Attacks –Need some knowledge of implementation and (approximate) leakage model (or

LNCS 4249 - Cache-Collision Timing Attacks Against AES · to timing attacks” and regarded Rijndael as the easiest among the ﬁnalists to defend against side-channel attacks. In

Side Channel Analysis and Embedded Systems Impact and ... · contain hardware . countermeasures. against side channel attacks • Side channel attacks present a . serious threat.

Electromagnetic and Machine Learning Side-Channel Attacks ...Simple Power Analysis: AES-256 Background Side-Channel Attacks Countermeasures Remarks. SPARC Lab, ECE, Purdue ICSRL, ECE,

Collision Attacks on AES-based MAC: Alpha-MAC · Description of AlphaMAC Attacks on AlphaMAC Conclusion Collision Attacks on AES-based MAC: Alpha-MAC Alex Biryukov1, Andrey Bogdanov2,

Side-Channel Attacks (Brief Introduction) · Side-Channel Attacks (Brief Introduction) Presenter: Aria Shahverdi 9/31/2019 Cache 1

Cache-timing attacks on AES - cr.yp.to attacks on AES Daniel J. Bernstein? Department of Mathematics, Statistics, and Computer Science (M/C 249) The University of Illinois at Chicago

Cache Attacks and Countermeasures: the Case of AES ...tromer/papers/cache.pdf · Cache Attacks and Countermeasures: the Case of AES (Extended Version) revised 2005-11-20 Dag Arne

Cache Attacks and Countermeasures: the Case of AES

TEMPEST attacks against AES - Fox-IT | For a more … attacks against AES Covertly stealing keys for €200 Overview Side-channel attacks can recover secret keys from cryptographic

Update to Signalling Unit Logs December · Web viewTime, AES ID, DP AES Owner, Channel Name, Ocean Region, GES ID (octal), Channel Bearer, Channel Unit ID, Channel Type, Superframe

TEMPEST attacks against AES - Fox-IT · 2020. 7. 29. · TEMPEST attacks against AES Covertly stealing keys for €200 Overview Side-channel attacks can recover secret keys from cryptographic

Improved Single-Key Attacks on 9-Round AES-192/256 · Improved Single-Key Attacks on 9-Round AES-192/256 Preliminaries A Brief Description of AES Outline Preliminaries A Brief Description

MemPoline: Mitigating Memory-based Side-Channel Attacks … · 2020. 5. 30. · both AES, a symmetric cipher, and RSA, an asymmetric cipher. Both empirical results and theoretical

Cache Attacks and Countermeasures: the Case of AES ...

Improved Single-Key Attacks on 9-Round AES-192/256 · Table 1. Summary of the Attacks on AES-192/256 in the Single-key Model Cipher Rounds Attack Type Data Time Memory Source AES-192