Paper 2016/970

Statistical Analysis for Access-Driven Cache Attacks Against AES

Liwei Zhang, A. Adam Ding, Yunsi Fei, and Zhen Hang Jiang

Abstract

In recent years, side-channel timing attacks utilizing architectural behavior have been applied to cloud settings, presenting a realistic and serious cyber threat. Access-driven cache attacks allow the adversary to observe side-channel leakage (cache access pattern) of a critical cryptographic implementation to infer the secret key. However, what the attackers observe may deviate from the real cache footprint of the victim process, affecting the effectiveness of cache-based timing attacks using the observed leakage. Various countermeasures, including secure cache and architectures design, should also be evaluated accurately for their side-channel resilience. To address this need, this paper proposes a mathematical model for access-driven cache attacks, and derives explicit success rate formulas for those attacks. It is the first theoretical model that explicitly considers the misclassification errors for cache access and cache non-access by the victim cryptographic process. We implement several access-driven cache attacks and use our models to evaluate them. We demonstrate that the proposed statistical model predicts the success rate of cache-based timing attacks accurately. We also apply the model onto various cache defense architectures for evaluation.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
AESside-channel analysisaccess-driven cache attacksstatistical model
Contact author(s)
a ding @ neu edu
zhang liw @ husky neu edu
History
2016-10-12: received
Short URL
https://ia.cr/2016/970
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/970,
      author = {Liwei Zhang and A.  Adam Ding and Yunsi Fei and Zhen Hang Jiang},
      title = {Statistical Analysis for Access-Driven Cache Attacks Against AES},
      howpublished = {Cryptology ePrint Archive, Paper 2016/970},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/970}},
      url = {https://eprint.iacr.org/2016/970}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.