Paper 2007/282
Analysis of countermeasures against access driven cache attacks on AES
Johannes Blömer and Volker Krummel
Abstract
Cache attacks on implementations of cryptographic algorithms have turned out to be very powerful. Progress in processor design, e.g., like hyperthreading, requires to adapt models for tampering or side-channel attacks to cover cache attacks as well. Hence, in this paper we present a rather general model for cache attacks. Our model is stronger than recently used ones. We introduce the notions of information leakage and so called resistance to analyze the security of several implementations of AES. Furthermore, we analyze how to use random permutations to protect against cache attacks. By providing a successful attack on an AES implementation protected by random permutations we show that random permutations used in a straightforward manner are not enough to protect against cache attacks. Hence, to improve upon the security provided by random permutations, we describe the property a permutation must have in order to prevent the leakage of some key bits through cache attacks. Using a permutation having this property forces an adversary to consider several rounds of the cipher. This increases the complexity of any cache attack considerably. We also describe how to implement our countermeasure efficiently. The method to do so is of independent interest, since it alone can also be used to protect against cache attacks. Moreover, combining both countermeasures allows for a trade-off between security and efficiency.
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Full version
- Keywords
- cache attacksAESthreat modelcountermeasuresrandom permutations
- Contact author(s)
- krummel @ uni-paderborn de
- History
- 2007-08-07: received
- Short URL
- https://ia.cr/2007/282
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/282, author = {Johannes Blömer and Volker Krummel}, title = {Analysis of countermeasures against access driven cache attacks on {AES}}, howpublished = {Cryptology {ePrint} Archive, Paper 2007/282}, year = {2007}, url = {https://eprint.iacr.org/2007/282} }