AES Side Channel Attacks Biru Cui Sam Skalicky. Outline AES algorithm Side channel attacks Side...

AES Side Channel Attacks

Biru CuiSam Skalicky

Outline

• AES algorithm• Side channel attacks• Side channel attack against AES• Cache-collision timing attack against AES• Countermeasures

AES Algorithm

• Key Expansion• Initial Round

– Add Round Key – bitwise xor

• Rounds– Sub Bytes - Sbox– Shift Rows – rows shifted cyclically– Mix Columns – mixing operation on the columns– AddRoundKey

• Final Round (no Mix Columns)– Sub Bytes– Shift Rows– Add Round Key

Rijndel Starting Data

Rijndel AES Steps

Rijndel Sub Bytes

Rijndel Shift Rows

Rijndel Mix Columns

Rijndel Add Round Key

AES Algorithm

• AES Lookup Table Optimizations– Transposed State by Bertoni• Speedup in decryption

– CAM based by Li• Combined Sbox& inv Sbox into single table

– FPGA implementations• Pre-computed GF ops in LUTs

Attacks on AES

• Brute force• Related Key• Side Channel

Side Channel Attacks

• Attacks through some implementation deficiency– Timing of computations– Power Analysis– Fault Injection– Electromagnetic Radiation– Acoustic Cryptanalysis– Cache

Cache-collision timing attack against AES

• Cache collision– Hit– Miss– Time

Process Operation

• Cache observation

Victim Process Spy Process

CFS - Scheduler

Cache

AES Cache Side Channel Attack

• AES-128• Key recovery after observing ~100 encryptions• Implementation in Linux against OpenSSL 0.9.8n• Program does not require special privileges on

the host machine• Linux kernel task scheduler compromised– Observe every memory access– (CFG) Completely Fair Scheduler

AES Cache Attack Features

• No heuristic info about plain/cyphertexts• Works against compressed tables• 2 phase operation:– Observation• ~100 encryptions• ~2-3 seconds

– Analysis• ~3 minutes

Process Operation

• Cache observation

Victim Process Spy Process

CFS - Scheduler

Cache


• AES: operations on each byte


• System information– Pentium III 1.0 GHz

• L1 cache 32K (split data/instr.)• L2 cache 256K

– “T” lookup table size 256x256=64k

• Implication– If the table is fully loaded in the cache, then there is

no cache miss. This is important for why we can do first round and final round attack.


• AES: the computation of every round

-40

-30

-20

-10

0

10

20

30

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

# of cache collisions

Tim

ing

de

via

tio

n (

cy

cle

s)

Actual Results, Pentium III


Table

Key xor

Plaintext

…

Key xor

Table

Table

Key xor

[6]


Table

Key xor

Plaintext

…

Key xor

Table

Table

Key xor

If a plaintext byte is known, as well as a first-round table lookup, a key byte is learned

[6]


• First Round Attack– Spy process flush the cache– The lookup table is not in the cache. In other

words, the cache collision is only due to same lookup table access index.


• First Round Attack


• First Round Attack– If cache hits ( access time less than average access

time)– Counts the average encryption time for all and pair. If there is a low average time occurs for a

pair and , there is high probability that .

ip

jp

ip jp

jiji kkpp


• Final Round Attack– The final round lookup table is different from

previous lookup table , so there is no in the cache. And if there is a collision, it’s due to same lookup table index.

4T

3210 ,,, TTTT

4T


• Final Round Attack– No MixColumns operations


• Final Round Attack


• Final Round Attack– If cache hits ( access time less than average access

time)– Counts the average encryption time for all and pair. If there is a low average time occurs for a

pair and , there is high probability that .

ic

jc

ic jc1010jiji kkcc


• ResultAttack Encryptions needed Sample type

Bernstein Plaintext/timing

Tesunoo Plaintext/timing

First/Final round attack

Plaintext/timing

5.272

262

152

Countermeasures

– AES can be performed without using lookup tables– Give OS ability to partition cache between

processes– Put AES table into ROM, add special instructions– Separate AES hardware on chip (new Intel CPUs)

References• [1] Rijndel flash movie:http://www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf• [2] G. Bertoni, et al.,"Efficient Software Implementation of AES on

32-Bit Platforms”• [3] H. Li, "A New CAM Based S/S−1-Box Look-up Table in AES”• [4] M. McLoone et al. "Rijndael FPGA Implementations Utilising

Look-Up Tables”• [5] D. Gullasch et al. "Cache Games – Bringing Access-Based Cache

Attacks on AES to Practice“• [6] J. Bonneau et al. “Cache-Collision Timing Attacks Against AES”• [7] Dag Arne Osvik et al. “Cache Attacks and Countermeasures: the

Case of AES”

http://www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf

http://www.cs.bc.edu/~straubin/cs381-05/blockciphers/rijndael_ingles2004.swf

Backup slides

Original Mix Columns Equations

Revised Mix Columns Equations

FPGA LUT Implementation

AES Side Channel Attacks Biru Cui Sam Skalicky. Outline AES algorithm Side channel attacks Side...

Documents

Transcript of AES Side Channel Attacks Biru Cui Sam Skalicky. Outline AES algorithm Side channel attacks Side...