Post on 12-Apr-2017
Highly Efficient Algorithms for AES Key Retrieval inCache Access Attacks
Ashokkumar C. , Ravi Prakash Giri , Bernard Menezes
Indian Institute of Technology, Bombay, INDIA
IEEE European Symposium on Security and Privacy, Saarbrucken, GERMANYMarch 21-24, 2016
Outline
1 Preliminaries (Side Channel Attacks, AES Implementation)
2 First Round Attack
3 Second Round Attack
4 Results
5 Limitations and Extensions
6 Summary and Conclusions
Preliminaries (Side Channel Attacks, AES Implementation)
Problem Statement
Retrieve entire 128-bit AES key in a cache access attack given
Known plaintext blocks and corresponding sets of cache line numbersof table elements accessed during AES encryption
or
Known ciphertext blocks and corresponding sets of cache linenumbers of table elements accessed during AES decryption
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 3/29 3 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Problem Statement
Retrieve entire 128-bit AES key in a cache access attack given
Known plaintext blocks and corresponding sets of cache line numbersof table elements accessed during AES encryption
or
Known ciphertext blocks and corresponding sets of cache linenumbers of table elements accessed during AES decryption
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 3/29 3 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Attacks on Crypto Algorithms
Traditionally, attacks on cryptographic algorithms have focused on hardmathematical problems (such as the factorization problem or the dis-crete logarithm) or linear/differential cryptanalysis
A different approach is to exploit leakage of sensitive information throughvarious side channels – power, timing, etc. to obtain the key
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 4/29 4 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Cache-based Side Channel Attacks
Exploit the fact that memory access times vary by 1–2 orders of mag-nitude depending on which level of the memory hierarchy the requireddata/instruction currently resides
Typically depend on the actual implementation of the algorithm
Algorithms targeted – RSA, DSA, EC-DSA, AES, etc.
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 5/29 5 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Cache-based Side Channel Attacks
Exploit the fact that memory access times vary by 1–2 orders of mag-nitude depending on which level of the memory hierarchy the requireddata/instruction currently resides
Typically depend on the actual implementation of the algorithm
Algorithms targeted – RSA, DSA, EC-DSA, AES, etc.
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 5/29 5 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
AES Basics
Secret key cipher, 128-bit block size, key size = 128/192/256
Plaintext, ciphertext and key are each represented as a 4× 4 matrix ofbytes
P =
p0 p4 p8 p12p1 p5 p9 p13p2 p6 p10 p14p3 p7 p11 p15
K =
k0 k4 k8 k12k1 k5 k9 k13k2 k6 k10 k14k3 k7 k11 k15
10 rounds for 128-bit AES. Round keys obtained from original AES keyvia “Key Expansion Algorithm”
Plaintext is XORed with AES key before first round
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 6/29 6 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
AES Basics
Secret key cipher, 128-bit block size, key size = 128/192/256
Plaintext, ciphertext and key are each represented as a 4× 4 matrix ofbytes
P =
p0 p4 p8 p12p1 p5 p9 p13p2 p6 p10 p14p3 p7 p11 p15
K =
k0 k4 k8 k12k1 k5 k9 k13k2 k6 k10 k14k3 k7 k11 k15
10 rounds for 128-bit AES. Round keys obtained from original AES keyvia “Key Expansion Algorithm”
Plaintext is XORed with AES key before first round
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 6/29 6 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)1 x
(r)5 x
(r)9 x
(r)13
x(r)2 x
(r)6 x
(r)10 x
(r)14
x(r)3 x
(r)7 x
(r)11 x
(r)15
↓02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)5 x
(r)9 x
(r)13 x
(r)1
x(r)10 x
(r)14 x
(r)2 x
(r)6
x(r)15 x
(r)3 x
(r)7 x
(r)11
⊕
k(r)0 k
(r)4 k
(r)8 k
(r)12
k(r)1 k
(r)5 k
(r)9 k
(r)13
k(r)2 k
(r)6 k
(r)10 k
(r)14
k(r)3 k
(r)7 k
(r)11 k
(r)15
=
x(r+1)0 x
(r+1)4 x
(r+1)8 x
(r+1)12
x(r+1)1 x
(r+1)5 x
(r+1)9 x
(r+1)13
x(r+1)2 x
(r+1)6 x
(r+1)10 x
(r+1)14
x(r+1)3 x
(r+1)7 x
(r+1)11 x
(r+1)15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)1 x
(r)5 x
(r)9 x
(r)13
x(r)2 x
(r)6 x
(r)10 x
(r)14
x(r)3 x
(r)7 x
(r)11 x
(r)15
↓
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)5 x
(r)9 x
(r)13 x
(r)1
x(r)10 x
(r)14 x
(r)2 x
(r)6
x(r)15 x
(r)3 x
(r)7 x
(r)11
⊕
k(r)0 k
(r)4 k
(r)8 k
(r)12
k(r)1 k
(r)5 k
(r)9 k
(r)13
k(r)2 k
(r)6 k
(r)10 k
(r)14
k(r)3 k
(r)7 k
(r)11 k
(r)15
=
x(r+1)0 x
(r+1)4 x
(r+1)8 x
(r+1)12
x(r+1)1 x
(r+1)5 x
(r+1)9 x
(r+1)13
x(r+1)2 x
(r+1)6 x
(r+1)10 x
(r+1)14
x(r+1)3 x
(r+1)7 x
(r+1)11 x
(r+1)15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)1 x
(r)5 x
(r)9 x
(r)13
x(r)2 x
(r)6 x
(r)10 x
(r)14
x(r)3 x
(r)7 x
(r)11 x
(r)15
↓
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)5 x
(r)9 x
(r)13 x
(r)1
x(r)10 x
(r)14 x
(r)2 x
(r)6
x(r)15 x
(r)3 x
(r)7 x
(r)11
⊕
k(r)0 k
(r)4 k
(r)8 k
(r)12
k(r)1 k
(r)5 k
(r)9 k
(r)13
k(r)2 k
(r)6 k
(r)10 k
(r)14
k(r)3 k
(r)7 k
(r)11 k
(r)15
=
x(r+1)0 x
(r+1)4 x
(r+1)8 x
(r+1)12
x(r+1)1 x
(r+1)5 x
(r+1)9 x
(r+1)13
x(r+1)2 x
(r+1)6 x
(r+1)10 x
(r+1)14
x(r+1)3 x
(r+1)7 x
(r+1)11 x
(r+1)15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)1 x
(r)5 x
(r)9 x
(r)13
x(r)2 x
(r)6 x
(r)10 x
(r)14
x(r)3 x
(r)7 x
(r)11 x
(r)15
↓
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)5 x
(r)9 x
(r)13 x
(r)1
x(r)10 x
(r)14 x
(r)2 x
(r)6
x(r)15 x
(r)3 x
(r)7 x
(r)11
⊕
k(r)0 k
(r)4 k
(r)8 k
(r)12
k(r)1 k
(r)5 k
(r)9 k
(r)13
k(r)2 k
(r)6 k
(r)10 k
(r)14
k(r)3 k
(r)7 k
(r)11 k
(r)15
=
x(r+1)0 x
(r+1)4 x
(r+1)8 x
(r+1)12
x(r+1)1 x
(r+1)5 x
(r+1)9 x
(r+1)13
x(r+1)2 x
(r+1)6 x
(r+1)10 x
(r+1)14
x(r+1)3 x
(r+1)7 x
(r+1)11 x
(r+1)15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)1 x
(r)5 x
(r)9 x
(r)13
x(r)2 x
(r)6 x
(r)10 x
(r)14
x(r)3 x
(r)7 x
(r)11 x
(r)15
↓
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
x(r)0 x
(r)4 x
(r)8 x
(r)12
x(r)5 x
(r)9 x
(r)13 x
(r)1
x(r)10 x
(r)14 x
(r)2 x
(r)6
x(r)15 x
(r)3 x
(r)7 x
(r)11
⊕
k(r)0 k
(r)4 k
(r)8 k
(r)12
k(r)1 k
(r)5 k
(r)9 k
(r)13
k(r)2 k
(r)6 k
(r)10 k
(r)14
k(r)3 k
(r)7 k
(r)11 k
(r)15
=
x(r+1)0 x
(r+1)4 x
(r+1)8 x
(r+1)12
x(r+1)1 x
(r+1)5 x
(r+1)9 x
(r+1)13
x(r+1)2 x
(r+1)6 x
(r+1)10 x
(r+1)14
x(r+1)3 x
(r+1)7 x
(r+1)11 x
(r+1)15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Software Implementation of AES
Makes extensive use of table look-ups in lieu of time-consuming fieldoperations (5-table implementation targeted by us)
Each table has 256 entries, each entry is 4 bytes
Line size or block size is 64 bytes in most machines
So a single table occupies 16 lines, 16 elements per line
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 8/29 8 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Round Functions implemented with table lookups
(x(r+1)0 , x
(r+1)1 , x
(r+1)2 , x
(r+1)3
)←T0
[x(r)0
]⊕T1
[x(r)5
]⊕T2
[x(r)10
]⊕T3
[x(r)15
]⊕ K
(r)0(
x(r+1)4 , x
(r+1)5 , x
(r+1)6 , x
(r+1)7
)←T0
[x(r)4
]⊕T1
[x(r)9
]⊕T2
[x(r)14
]⊕T3
[x(r)3
]⊕ K
(r)1(
x(r+1)8 , x
(r+1)9 , x
(r+1)10 , x
(r+1)11
)←T0
[x(r)8
]⊕T1
[x(r)13
]⊕T2
[x(r)2
]⊕T3
[x(r)7
]⊕ K
(r)2(
x(r+1)12 , x
(r+1)13 , x
(r+1)14 , x
(r+1)15
)←T0
[x(r)12
]⊕T1
[x(r)1
]⊕T2
[x(r)6
]⊕T3
[x(r)11
]⊕ K
(r)3
where,x(r)i is the i th byte of the inputs to round r
K (r) is the r th round key and K(r+1)i refers to the i th
column of K (r+1).
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 9/29 9 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Organization of Tables in Cache
0
0
0
0
15
0
15
15
15
15
T0
T1
T2
T3
T4 Element 255
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 10/2910 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Organization of Tables in Cache
line size = 64 bytes
16 lines
Element 255
0
0
0
0
15
0
15
15
15
15
T0
T1
T2
T3
T4
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 10/2910 / 29
Preliminaries (Side Channel Attacks, AES Implementation)
Organization of Tables in Cache
Element 15
Element 0
Element 240 Element 255
0
0
0
0
15
0
15
15
15
15
T0
T1
T2
T3
T4
line size = 64 bytes
16 lines
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 10/2910 / 29
First Round Attack
Experimental Setup
Multi-threaded spy + Victim (running AES) on one core
Spy controller on another core
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 11/2911 / 29
First Round Attack
Run and Run size
The executions of the spy threads and victim are interleaved
Each execution instance of the victim is referred to as a run
The number of table accesses made during a run is referred to as therun size (between 12 and 35 in our experiments)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 12/2912 / 29
First Round Attack
Run and Run size
The executions of the spy threads and victim are interleaved
Each execution instance of the victim is referred to as a run
The number of table accesses made during a run is referred to as therun size (between 12 and 35 in our experiments)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 12/2912 / 29
First Round Attack
1st Round Attack - Goal and Input
Goal:
To obtain the high-order nibble of each of the 16 bytes of the AES key
Input:
Several blocks of plaintext (Scenario 1) or ciphertext (Scenario 2)
Sets of cache line numbers accessed by victim in each run duringencryption (Scenario 1) or decryption (Scenario 2) of those blocks
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 13/2913 / 29
First Round Attack
1st Round Attack - Goal and Input
Goal:
To obtain the high-order nibble of each of the 16 bytes of the AES key
Input:
Several blocks of plaintext (Scenario 1) or ciphertext (Scenario 2)
Sets of cache line numbers accessed by victim in each run duringencryption (Scenario 1) or decryption (Scenario 2) of those blocks
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 13/2913 / 29
First Round Attack
1st Round Attack - ExampleUses input to the first round
p0 ⊕ k0 p4 ⊕ k4 p8 ⊕ k8 p12 ⊕ k12p1 ⊕ k1 p5 ⊕ k5 p9 ⊕ k9 p13 ⊕ k13p2 ⊕ k2 p6 ⊕ k6 p10 ⊕ k10 p14 ⊕ k14p3 ⊕ k3 p7 ⊕ k7 p11 ⊕ k11 p15 ⊕ k15
Table line number of elements accessed are (p0 ⊕ k0)
′, (p1 ⊕ k1)
′, ...,
(p15 ⊕ k15)′
If we know the (pi ⊕ ki )′
and pi , we can deduce (ki )′
ExampleActual sequence of line numbers: 5, 19, 44, 57, 3, 30, 40, 55, 14, 26, 37, 49, 10, 20, 32,63, 15, 30, 41, 53, 5, 23, 39, 51, 11, 23, 37, 62, 2, 28, 39,...
Run 0: 3, 5, 14, 19, 26, 30, 40, 44, 55, 57, 64, 65, 73, 75Run 1: 2, 3, 5, 10, 11, 14, 15, 19, 20, 23, 26, 30, 32, 37, 39, 40, 41, 44, 49, 51, 53, 55,57, 62, 63Run 2: 2, 5, 6, 8, 11, 14, 17, 21, 23, 27, 28, 31, 33, 37, 38, 39, 40, 44, 49, 50, 51, ...
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 14/2914 / 29
First Round Attack
1st Round Attack - ExampleUses input to the first round
p0 ⊕ k0 p4 ⊕ k4 p8 ⊕ k8 p12 ⊕ k12p1 ⊕ k1 p5 ⊕ k5 p9 ⊕ k9 p13 ⊕ k13p2 ⊕ k2 p6 ⊕ k6 p10 ⊕ k10 p14 ⊕ k14p3 ⊕ k3 p7 ⊕ k7 p11 ⊕ k11 p15 ⊕ k15
Table line number of elements accessed are (p0 ⊕ k0)
′, (p1 ⊕ k1)
′, ...,
(p15 ⊕ k15)′
If we know the (pi ⊕ ki )′
and pi , we can deduce (ki )′
ExampleActual sequence of line numbers: 5, 19, 44, 57, 3, 30, 40, 55, 14, 26, 37, 49, 10, 20, 32,63, 15, 30, 41, 53, 5, 23, 39, 51, 11, 23, 37, 62, 2, 28, 39,...
Run 0: 3, 5, 14, 19, 26, 30, 40, 44, 55, 57, 64, 65, 73, 75Run 1: 2, 3, 5, 10, 11, 14, 15, 19, 20, 23, 26, 30, 32, 37, 39, 40, 41, 44, 49, 51, 53, 55,57, 62, 63Run 2: 2, 5, 6, 8, 11, 14, 17, 21, 23, 27, 28, 31, 33, 37, 38, 39, 40, 44, 49, 50, 51, ...
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 14/2914 / 29
First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
Second Round Attack
2nd Round Attack - Strategy
Goal
To obtain the low-order nibble of each byte of the AES key
Treat the low-order nibble of each of the 16 bytes of the key as anattribute of a relation (table)
Each tuple in the table is a potential subkey values. Initially, any ofthe 264 subkey values are possible
As in RDBMS, selection predicates are used to filter out tuples
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 16/2916 / 29
Second Round Attack
2nd Round Attack - Strategy
Goal
To obtain the low-order nibble of each byte of the AES key
Treat the low-order nibble of each of the 16 bytes of the key as anattribute of a relation (table)
Each tuple in the table is a potential subkey values. Initially, any ofthe 264 subkey values are possible
As in RDBMS, selection predicates are used to filter out tuples
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 16/2916 / 29
Second Round Attack
Selection Predicate for Key Retrieval
The selection predicates we employ are the 16 equations that relate theindices of line numbers of table elements accessed in the second roundand various bytes of the plaintext and key
Example
x(2)0 = 2• s(p0⊕k0)⊕3• s(p5⊕k5)⊕ s(p10⊕k10)⊕ s(p15⊕k15)⊕ s(k13)⊕k0⊕1
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 17/2917 / 29
Second Round Attack
Applying the selection predicate
(x(2)0 )
′= (2 • s(p0 ⊕ k0)⊕ 3 • s(p5 ⊕ k5)⊕ s(p10 ⊕ k10)⊕ s(p15 ⊕ k15)
⊕ s(k13)⊕ k0 ⊕ 1)′
The LHS is the line number on which the required element resides
Actually what is provided by the spy is not a single number but a setof line numbers
We retain a tuple only if the RHS evaluates to any element in the set
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 18/2918 / 29
Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key isε = −4
log2 c, where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
But at what cost?
Handling 264 tuples
Solution
Use relational join operations and Cartesian products in addition toselects
Carefully choose the relational schema and which operations are per-formed when and on which relations
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key isε = −4
log2 c, where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
But at what cost?
Handling 264 tuples
Solution
Use relational join operations and Cartesian products in addition toselects
Carefully choose the relational schema and which operations are per-formed when and on which relations
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key isε = −4
log2 c, where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
But at what cost?
Handling 264 tuples
Solution
Use relational join operations and Cartesian products in addition toselects
Carefully choose the relational schema and which operations are per-formed when and on which relations
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key isε = −4
log2 c, where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
But at what cost?
Handling 264 tuples
Solution
Use relational join operations and Cartesian products in addition toselects
Carefully choose the relational schema and which operations are per-formed when and on which relations
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
Second Round Attack
Relational Join Recap
Student Dept.
Cynthia EE
Mustafa ME
Prashant CS
Tsai-Shing CS
on
Dept. Building
CS Niagara
EE Danube
EE Nile
ME Ganges
Which students visit which buildings for department-related work?
=
Student Dept. Building
Cynthia EE Danube
Cynthia EE Nile
Mustafa ME Ganges
Prashant CS Niagara
Tsai-Shing CS Niagara
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 20/2920 / 29
Second Round Attack
Relational Join Recap
Student Dept.
Cynthia EE
Mustafa ME
Prashant CS
Tsai-Shing CS
on
Dept. Building
CS Niagara
EE Danube
EE Nile
ME Ganges
Which students visit which buildings for department-related work?
=
Student Dept. Building
Cynthia EE Danube
Cynthia EE Nile
Mustafa ME Ganges
Prashant CS Niagara
Tsai-Shing CS Niagara
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 20/2920 / 29
Second Round Attack
Relational Join Recap
Student Dept.
Cynthia EE
Mustafa ME
Prashant CS
Tsai-Shing CS
on
Dept. Building
CS Niagara
EE Danube
EE Nile
ME Ganges
Which students visit which buildings for department-related work?
=
Student Dept. Building
Cynthia EE Danube
Cynthia EE Nile
Mustafa ME Ganges
Prashant CS Niagara
Tsai-Shing CS Niagara
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 20/2920 / 29
Second Round Attack
Key Retrieval Algo in action (Round 2 Attack)
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′13
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′14
k′′0 , k
′′5 , k
′′10, k
′′15
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′12
216
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 21/2921 / 29
Second Round Attack
Key Retrieval Algo in action (Round 2 Attack)
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′13
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′14
k′′0 , k
′′5 , k
′′10, k
′′15
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′12
S (σ)
216 216 * cε
212
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 21/2921 / 29
Second Round Attack
Key Retrieval Algo in action (Round 2 Attack)
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′13
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′14
k′′0 , k
′′5 , k
′′10, k
′′15
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′12
S (σ)
A
216
216 * cε * 24
216
216 * cε
212
216
216
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 21/2921 / 29
Second Round Attack
Key Retrieval Algo in action (Round 2 Attack)
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′13
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′14
k′′0 , k
′′5 , k
′′10, k
′′15
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′12
S (σ)
S (σ)
A
216
216 * cε * 24
216
216 * cε
212
216
216
216 * c2ε * 24
212
212
212
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 21/2921 / 29
Second Round Attack
Key Retrieval Algo in action (Round 2 Attack)
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′13
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′14
k′′0 , k
′′5 , k
′′10, k
′′15
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′12
S (σ)
J ( ⋈)
S (σ)
A
216
216 * cε * 24
216
216 * cε
212
216
216
216 * c2ε * 24
212
212
212
224 * c3ε
212
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 21/2921 / 29
Second Round Attack
Key Retrieval Algo in action (Round 2 Attack)
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′13
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′14
k′′0 , k
′′5 , k
′′10, k
′′15
k′′0 , k
′′5 , k
′′10, k
′′15, k
′′12
J ( ⋈)
228 * c4ε
212
S (σ)
J ( ⋈)
S (σ)
A
216
216 * cε * 24
216
216 * cε
212
216
216
216 * c2ε * 24
212
212
212
224 * c3ε
212
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 21/2921 / 29
Second Round Attack
Key Retrieval Algo in action (Round 2 Attack)
k′′0 , k
′′5 , k
′′10, k
′′12, k
′′13, k
′′14, k
′′15
k′′3 , k
′′4 , k
′′9 , k
′′12, k
′′13, k
′′14, k
′′15
k′′2 , k
′′7 , k
′′8 , k
′′12, k
′′13, k
′′14, k
′′15
k′′1 , k
′′6 , k
′′11, k
′′12, k
′′13, k
′′14, k
′′15
228 * c4ε
212
240 * c8ε
28
264 * c16ε
212
212
212
28
J ( ⋈)
J ( ⋈)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 22/2922 / 29
Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
Results
Performance of Key Retrieval Algorithms
First Round Attack:
70% → in 5–7 encryptions
16% → in 8 encryptions
13% → in 9 encryptions
Second Round Attack:
90% → in 6 encryptions
7% → in 7 encryptions
3% → in 8 encryptions
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 24/2924 / 29
Results
Performance of Key Retrieval Algorithms
First Round Attack:
70% → in 5–7 encryptions
16% → in 8 encryptions
13% → in 9 encryptions
Second Round Attack:
90% → in 6 encryptions
7% → in 7 encryptions
3% → in 8 encryptions
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 24/2924 / 29
Results
Algorithm’s performance as a function of run size
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 25/2925 / 29
Limitations and Extensions
Limitations
False Negatives in spy input will result in an incorrect key being de-duced
Assumptions made may not always hold
1 Victim and multi-threaded spy process are located on same core
2 Hardware prefetching of cache line is turned off
3 No other processes are accessing AES table
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 26/2926 / 29
Limitations and Extensions
Limitations
False Negatives in spy input will result in an incorrect key being de-duced
Assumptions made may not always hold
1 Victim and multi-threaded spy process are located on same core
2 Hardware prefetching of cache line is turned off
3 No other processes are accessing AES table
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 26/2926 / 29
Limitations and Extensions
Extensions
Design and implementation of error-tolerant key retrieval algorithm
Key retrieval algorithms with hardware prefetching turned on
Further optimizations in First Round Attack
Operationalization of the attack
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 27/2927 / 29
Summary and Conclusions
Conclusions
Designed and implemented a suite of algorithms to deduce the 128-bitAES key using as input sets of unordered lines captured by spy threads
Two attack scenarios where either plaintext or ciphertext is known
Algorithms expressed using simple relational algebraic operations andrun in under a minute
In practice only 6–7 blocks of plaintext or ciphertext were required
Developed analytical models to estimate number of encryptions or de-cryptions required
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 28/2928 / 29
Function of Spy Thread and Spy Controller
Spy Thread
1: block until cond variable is true2: for each line of AES tables do3: measure access time4: flush line5: end for6: finished ← true
Spy Controller
1: while finished 6= true do2: keep polling3: end while4: signal(nextThreadID)5: finished ← false
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 1/3 1 / 3
Function of Spy Thread and Spy Controller
Spy Thread
1: block until cond variable is true2: for each line of AES tables do3: measure access time4: flush line5: end for6: finished ← true
Spy Controller
1: while finished 6= true do2: keep polling3: end while4: signal(nextThreadID)5: finished ← false
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 1/3 1 / 3
No. of surviving tuples
(x(2)0 )
′= (2 • s(p0 ⊕ k0)⊕ 3 • s(p5 ⊕ k5)⊕ s(p10 ⊕ k10)⊕ s(p15 ⊕ k15)
⊕ s(k13)⊕ k0 ⊕ 1)′
For an incorrect/random “guess” of the key, the RHS takes a valuebetween 0 and F with equal probability
The probability that a tuple survives (satisfies the predicate) is c =(per table run size) /16
The number of surviving tuples is hence 264 × c
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 2/3 2 / 3
No. of plaintexts required for Key Retrieval
We have a total of 16 equations and inputs from ε encryptions or atotal of 16ε predicates
The size of the output relation after being subject to 16ε selectoperations is 264 × c16ε
To estimate the number of plaintexts (encryptions) required toretrieve the key, we solve for ε from 264 × c16ε = 1 to obtainε = −4
log2 c, where ε is no. of plaintext(s) required
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 3/3 3 / 3