Cache Games - Bringing Access-Based Cache Attacks on AES to Practice

D. Gullasch, E. Bangerter, S. Krenn, in:, IEEE, 2011, pp. 490–505.

Download
No fulltext has been uploaded. References only!

Conference Paper | Published
Author
; ;
Abstract
Side channel attacks on cryptographic systems exploit information gained from physical implementations rather than theoretical weaknesses of a scheme. In recent years, major achievements were made for the class of so called access-driven cache attacks. Such attacks exploit the leakage of the memory locations accessed by a victim process. In this paper we consider the AES block cipher and present an attack which is capable of recovering the full secret key in almost realtime for AES-128, requiring only a very limited number of observed encryptions. Unlike previous attacks, we do not require any information about the plaintext (such as its distribution, etc.). Moreover, for the first time, we also show how the plaintext can be recovered without having access to the ciphertext at all. It is the first working attack on AES implementations using compressed tables. There, no efficient techniques to identify the beginning of AES rounds is known, which is the fundamental assumption underlying previous attacks. We have a fully working implementation of our attack which is able to recover AES keys after observing as little as 100 encryptions. It works against the OpenSSL 0.9.8n implementation of AES on Linux systems. Our spy process does not require any special privileges beyond those of a standard Linux user. A contribution of probably independent interest is a denial of service attack on the task scheduler of current Linux systems (CFS), which allows one to observe (on average) every single memory access of a victim process.
Publishing Year
Date Published
2011-01-01
Acknowledgement
This work was in part funded by the European Community’s Seventh Framework Programme (FP7) under grant agreement no. 216499 and the Swiss Hasler Foundation. An extended abstract was also accepted for COSADE 2011.
Page
490 - 505
Conference
S&P: IEEE Symposium on Security and Privacy
IST-REx-ID

Cite this

Gullasch D, Bangerter E, Krenn S. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. In: IEEE; 2011:490-505. doi:10.1109/SP.2011.22
Gullasch, D., Bangerter, E., & Krenn, S. (2011). Cache Games - Bringing Access-Based Cache Attacks on AES to Practice (pp. 490–505). Presented at the S&P: IEEE Symposium on Security and Privacy, IEEE. https://doi.org/10.1109/SP.2011.22
Gullasch, David, Endre Bangerter, and Stephan Krenn. “Cache Games - Bringing Access-Based Cache Attacks on AES to Practice,” 490–505. IEEE, 2011. https://doi.org/10.1109/SP.2011.22.
D. Gullasch, E. Bangerter, and S. Krenn, “Cache Games - Bringing Access-Based Cache Attacks on AES to Practice,” presented at the S&P: IEEE Symposium on Security and Privacy, 2011, pp. 490–505.
Gullasch D, Bangerter E, Krenn S. 2011. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. S&P: IEEE Symposium on Security and Privacy 490–505.
Gullasch, David, et al. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. IEEE, 2011, pp. 490–505, doi:10.1109/SP.2011.22.

Link(s) to Main File(s)
Access Level
Restricted Closed Access

Export

Marked Publications

Open Data IST Research Explorer

Search this title in

Google Scholar