Sciweavers

CHES
2006
Springer

Cache-Collision Timing Attacks Against AES

14 years 3 months ago
Cache-Collision Timing Attacks Against AES
This paper describes several novel timing attacks against the common table-driven software implementation of the AES cipher. We define a general attack strategy using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicable to most high-speed software AES implementations and computing platforms, we have implemented them against OpenSSL v. 0.9.8.(a) running on Pentium III, Pentium IV Xeon, and UltraSPARC III+ machines. The most powerful attack has been shown under optimal conditions to reliably recover a full 128-bit AES key with 213 timing samples, an improvement of almost four orders of magnitude over the best previously published attacks of this type [Ber05]. While the task of defending AES against all timing attacks is challenging, a small patch can significantly reduce the vulnerability to these specific attacks with no performance penalty.
Joseph Bonneau, Ilya Mironov
Added 20 Aug 2010
Updated 20 Aug 2010
Type Conference
Year 2006
Where CHES
Authors Joseph Bonneau, Ilya Mironov
Comments (0)