Paper 2012/034
Automatic Quantification of Cache Side-Channels
Boris Köpf, Laurent Mauborgne, and Martin Ochoa
Abstract
The latency gap between caches and main memory has been successfully exploited for recovering sensitive input to programs, such as cryptographic keys from implementation of AES and RSA. So far, there are no practical general-purpose countermeasures against this threat. In this paper we propose a novel method for automatically deriving upper bounds on the amount of information about the input that an adversary can extract from a program by observing the CPU's cache behavior. At the heart of our approach is a novel technique for efficient counting of concretizations of abstract cache states that enables us to connect state-of-the-art techniques for static cache analysis and quantitative information-flow. We implement our counting procedure on top of the AbsInt TimingExplorer, one of the most advanced engines for static cache analysis. We use our tool to perform a case study where we derive upper bounds on the cache leakage of a 128-bit AES executable on an ARM processor with a realistic cache configuration. We also analyze this implementation with a commonly suggested (but until now heuristic) countermeasure applied, obtaining a formal account of the corresponding increase in security.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. Unknown where it was published
- Keywords
- Cache AttacksQuantitative Information-flow AnalysisAES
- Contact author(s)
- boris koepf @ imdea org
- History
- 2012-02-16: revised
- 2012-01-29: received
- See all versions
- Short URL
- https://ia.cr/2012/034
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2012/034, author = {Boris Köpf and Laurent Mauborgne and Martin Ochoa}, title = {Automatic Quantification of Cache Side-Channels}, howpublished = {Cryptology {ePrint} Archive, Paper 2012/034}, year = {2012}, url = {https://eprint.iacr.org/2012/034} }