1. Highly Efficient Algorithms for AES Key Retrieval in
Cache Access Attacks
Ashokkumar C. , Ravi Prakash Giri , Bernard Menezes
Indian Institute of Technology, Bombay, INDIA
IEEE European Symposium on Security and Privacy, Saarbr¨ucken, GERMANY
March 21-24, 2016
2. Outline
1 Preliminaries (Side Channel Attacks, AES Implementation)
2 First Round Attack
3 Second Round Attack
4 Results
5 Limitations and Extensions
6 Summary and Conclusions
3. Preliminaries (Side Channel Attacks, AES Implementation)
Problem Statement
Retrieve entire 128-bit AES key in a cache access attack given
Known plaintext blocks and corresponding sets of cache line numbers
of table elements accessed during AES encryption
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 3/29 3 / 29
4. Preliminaries (Side Channel Attacks, AES Implementation)
Problem Statement
Retrieve entire 128-bit AES key in a cache access attack given
Known plaintext blocks and corresponding sets of cache line numbers
of table elements accessed during AES encryption
or
Known ciphertext blocks and corresponding sets of cache line
numbers of table elements accessed during AES decryption
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 3/29 3 / 29
5. Preliminaries (Side Channel Attacks, AES Implementation)
Attacks on Crypto Algorithms
Traditionally, attacks on cryptographic algorithms have focused on hard
mathematical problems (such as the factorization problem or the dis-
crete logarithm) or linear/differential cryptanalysis
A different approach is to exploit leakage of sensitive information through
various side channels – power, timing, etc. to obtain the key
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 4/29 4 / 29
6. Preliminaries (Side Channel Attacks, AES Implementation)
Cache-based Side Channel Attacks
Exploit the fact that memory access times vary by 1–2 orders of mag-
nitude depending on which level of the memory hierarchy the required
data/instruction currently resides
Typically depend on the actual implementation of the algorithm
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 5/29 5 / 29
7. Preliminaries (Side Channel Attacks, AES Implementation)
Cache-based Side Channel Attacks
Exploit the fact that memory access times vary by 1–2 orders of mag-
nitude depending on which level of the memory hierarchy the required
data/instruction currently resides
Typically depend on the actual implementation of the algorithm
Algorithms targeted – RSA, DSA, EC-DSA, AES, etc.
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 5/29 5 / 29
8. Preliminaries (Side Channel Attacks, AES Implementation)
AES Basics
Secret key cipher, 128-bit block size, key size = 128/192/256
Plaintext, ciphertext and key are each represented as a 4 × 4 matrix of
bytes
P =
p0 p4 p8 p12
p1 p5 p9 p13
p2 p6 p10 p14
p3 p7 p11 p15
K =
k0 k4 k8 k12
k1 k5 k9 k13
k2 k6 k10 k14
k3 k7 k11 k15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 6/29 6 / 29
9. Preliminaries (Side Channel Attacks, AES Implementation)
AES Basics
Secret key cipher, 128-bit block size, key size = 128/192/256
Plaintext, ciphertext and key are each represented as a 4 × 4 matrix of
bytes
P =
p0 p4 p8 p12
p1 p5 p9 p13
p2 p6 p10 p14
p3 p7 p11 p15
K =
k0 k4 k8 k12
k1 k5 k9 k13
k2 k6 k10 k14
k3 k7 k11 k15
10 rounds for 128-bit AES. Round keys obtained from original AES key
via “Key Expansion Algorithm”
Plaintext is XORed with AES key before first round
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 6/29 6 / 29
10. Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x
(r)
0 x
(r)
4 x
(r)
8 x
(r)
12
x
(r)
1 x
(r)
5 x
(r)
9 x
(r)
13
x
(r)
2 x
(r)
6 x
(r)
10 x
(r)
14
x
(r)
3 x
(r)
7 x
(r)
11 x
(r)
15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
11. Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x
(r)
0 x
(r)
4 x
(r)
8 x
(r)
12
x
(r)
1 x
(r)
5 x
(r)
9 x
(r)
13
x
(r)
2 x
(r)
6 x
(r)
10 x
(r)
14
x
(r)
3 x
(r)
7 x
(r)
11 x
(r)
15
↓
˜x
(r)
0 ˜x
(r)
4 ˜x
(r)
8 ˜x
(r)
12
˜x
(r)
5 ˜x
(r)
9 ˜x
(r)
13 ˜x
(r)
1
˜x
(r)
10 ˜x
(r)
14 ˜x
(r)
2 ˜x
(r)
6
˜x
(r)
15 ˜x
(r)
3 ˜x
(r)
7 ˜x
(r)
11
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
12. Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x
(r)
0 x
(r)
4 x
(r)
8 x
(r)
12
x
(r)
1 x
(r)
5 x
(r)
9 x
(r)
13
x
(r)
2 x
(r)
6 x
(r)
10 x
(r)
14
x
(r)
3 x
(r)
7 x
(r)
11 x
(r)
15
↓
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
˜x
(r)
0 ˜x
(r)
4 ˜x
(r)
8 ˜x
(r)
12
˜x
(r)
5 ˜x
(r)
9 ˜x
(r)
13 ˜x
(r)
1
˜x
(r)
10 ˜x
(r)
14 ˜x
(r)
2 ˜x
(r)
6
˜x
(r)
15 ˜x
(r)
3 ˜x
(r)
7 ˜x
(r)
11
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
13. Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x
(r)
0 x
(r)
4 x
(r)
8 x
(r)
12
x
(r)
1 x
(r)
5 x
(r)
9 x
(r)
13
x
(r)
2 x
(r)
6 x
(r)
10 x
(r)
14
x
(r)
3 x
(r)
7 x
(r)
11 x
(r)
15
↓
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
˜x
(r)
0 ˜x
(r)
4 ˜x
(r)
8 ˜x
(r)
12
˜x
(r)
5 ˜x
(r)
9 ˜x
(r)
13 ˜x
(r)
1
˜x
(r)
10 ˜x
(r)
14 ˜x
(r)
2 ˜x
(r)
6
˜x
(r)
15 ˜x
(r)
3 ˜x
(r)
7 ˜x
(r)
11
⊕
k
(r)
0 k
(r)
4 k
(r)
8 k
(r)
12
k
(r)
1 k
(r)
5 k
(r)
9 k
(r)
13
k
(r)
2 k
(r)
6 k
(r)
10 k
(r)
14
k
(r)
3 k
(r)
7 k
(r)
11 k
(r)
15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
14. Preliminaries (Side Channel Attacks, AES Implementation)
AES Operations with pictures
x
(r)
0 x
(r)
4 x
(r)
8 x
(r)
12
x
(r)
1 x
(r)
5 x
(r)
9 x
(r)
13
x
(r)
2 x
(r)
6 x
(r)
10 x
(r)
14
x
(r)
3 x
(r)
7 x
(r)
11 x
(r)
15
↓
02 03 01 01
01 02 03 01
01 01 02 03
03 01 01 02
•
˜x
(r)
0 ˜x
(r)
4 ˜x
(r)
8 ˜x
(r)
12
˜x
(r)
5 ˜x
(r)
9 ˜x
(r)
13 ˜x
(r)
1
˜x
(r)
10 ˜x
(r)
14 ˜x
(r)
2 ˜x
(r)
6
˜x
(r)
15 ˜x
(r)
3 ˜x
(r)
7 ˜x
(r)
11
⊕
k
(r)
0 k
(r)
4 k
(r)
8 k
(r)
12
k
(r)
1 k
(r)
5 k
(r)
9 k
(r)
13
k
(r)
2 k
(r)
6 k
(r)
10 k
(r)
14
k
(r)
3 k
(r)
7 k
(r)
11 k
(r)
15
=
x
(r+1)
0 x
(r+1)
4 x
(r+1)
8 x
(r+1)
12
x
(r+1)
1 x
(r+1)
5 x
(r+1)
9 x
(r+1)
13
x
(r+1)
2 x
(r+1)
6 x
(r+1)
10 x
(r+1)
14
x
(r+1)
3 x
(r+1)
7 x
(r+1)
11 x
(r+1)
15
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 7/29 7 / 29
15. Preliminaries (Side Channel Attacks, AES Implementation)
Software Implementation of AES
Makes extensive use of table look-ups in lieu of time-consuming field
operations (5-table implementation targeted by us)
Each table has 256 entries, each entry is 4 bytes
Line size or block size is 64 bytes in most machines
So a single table occupies 16 lines, 16 elements per line
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 8/29 8 / 29
16. Preliminaries (Side Channel Attacks, AES Implementation)
Round Functions implemented with table lookups
x
(r+1)
0 , x
(r+1)
1 , x
(r+1)
2 , x
(r+1)
3 ←T0 x
(r)
0 ⊕T1 x
(r)
5 ⊕T2 x
(r)
10 ⊕T3 x
(r)
15 ⊕ K
(r)
0
x
(r+1)
4 , x
(r+1)
5 , x
(r+1)
6 , x
(r+1)
7 ←T0 x
(r)
4 ⊕T1 x
(r)
9 ⊕T2 x
(r)
14 ⊕T3 x
(r)
3 ⊕ K
(r)
1
x
(r+1)
8 , x
(r+1)
9 , x
(r+1)
10 , x
(r+1)
11 ←T0 x
(r)
8 ⊕T1 x
(r)
13 ⊕T2 x
(r)
2 ⊕T3 x
(r)
7 ⊕ K
(r)
2
x
(r+1)
12 , x
(r+1)
13 , x
(r+1)
14 , x
(r+1)
15 ←T0 x
(r)
12 ⊕T1 x
(r)
1 ⊕T2 x
(r)
6 ⊕T3 x
(r)
11 ⊕ K
(r)
3
where,
x
(r)
i is the ith byte of the inputs to round r
K(r) is the rth round key and K
(r+1)
i refers to the ith
column of K(r+1).
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 9/29 9 / 29
17. Preliminaries (Side Channel Attacks, AES Implementation)
Organization of Tables in Cache
0
0
0
0
15
0
15
15
15
15
T0
T1
T2
T3
T4
Element 255
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 10/2910 / 29
18. Preliminaries (Side Channel Attacks, AES Implementation)
Organization of Tables in Cache
line size = 64 bytes
16 lines
Element 255
0
0
0
0
15
0
15
15
15
15
T0
T1
T2
T3
T4
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 10/2910 / 29
19. Preliminaries (Side Channel Attacks, AES Implementation)
Organization of Tables in Cache
Element 15
Element 0
Element 240 Element 255
0
0
0
0
15
0
15
15
15
15
T0
T1
T2
T3
T4
line size = 64 bytes
16 lines
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 10/2910 / 29
20. First Round Attack
Experimental Setup
Multi-threaded spy + Victim (running AES) on one core
Spy controller on another core
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 11/2911 / 29
21. First Round Attack
Run and Run size
The executions of the spy threads and victim are interleaved
Each execution instance of the victim is referred to as a run
The number of table accesses made during a run is referred to as the
run size (between 12 and 35 in our experiments)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 12/2912 / 29
22. First Round Attack
Run and Run size
The executions of the spy threads and victim are interleaved
Each execution instance of the victim is referred to as a run
The number of table accesses made during a run is referred to as the
run size (between 12 and 35 in our experiments)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 12/2912 / 29
23. First Round Attack
1st
Round Attack - Goal and Input
Goal:
To obtain the high-order nibble of each of the 16 bytes of the AES key
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 13/2913 / 29
24. First Round Attack
1st
Round Attack - Goal and Input
Goal:
To obtain the high-order nibble of each of the 16 bytes of the AES key
Input:
Several blocks of plaintext (Scenario 1) or ciphertext (Scenario 2)
Sets of cache line numbers accessed by victim in each run during
encryption (Scenario 1) or decryption (Scenario 2) of those blocks
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 13/2913 / 29
25. First Round Attack
1st
Round Attack - Example
Uses input to the first round
p0 ⊕ k0 p4 ⊕ k4 p8 ⊕ k8 p12 ⊕ k12
p1 ⊕ k1 p5 ⊕ k5 p9 ⊕ k9 p13 ⊕ k13
p2 ⊕ k2 p6 ⊕ k6 p10 ⊕ k10 p14 ⊕ k14
p3 ⊕ k3 p7 ⊕ k7 p11 ⊕ k11 p15 ⊕ k15
Table line number of elements accessed are (p0 ⊕ k0) , (p1 ⊕ k1) , ...,
(p15 ⊕ k15)
If we know the (pi ⊕ ki ) and pi , we can deduce (ki )
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 14/2914 / 29
26. First Round Attack
1st
Round Attack - Example
Uses input to the first round
p0 ⊕ k0 p4 ⊕ k4 p8 ⊕ k8 p12 ⊕ k12
p1 ⊕ k1 p5 ⊕ k5 p9 ⊕ k9 p13 ⊕ k13
p2 ⊕ k2 p6 ⊕ k6 p10 ⊕ k10 p14 ⊕ k14
p3 ⊕ k3 p7 ⊕ k7 p11 ⊕ k11 p15 ⊕ k15
Table line number of elements accessed are (p0 ⊕ k0) , (p1 ⊕ k1) , ...,
(p15 ⊕ k15)
If we know the (pi ⊕ ki ) and pi , we can deduce (ki )
Example
Actual sequence of line numbers: 5, 19, 44, 57, 3, 30, 40, 55, 14, 26, 37, 49, 10, 20, 32,
63, 15, 30, 41, 53, 5, 23, 39, 51, 11, 23, 37, 62, 2, 28, 39,...
Run 0: 3, 5, 14, 19, 26, 30, 40, 44, 55, 57, 64, 65, 73, 75
Run 1: 2, 3, 5, 10, 11, 14, 15, 19, 20, 23, 26, 30, 32, 37, 39, 40, 41, 44, 49, 51, 53, 55,
57, 62, 63
Run 2: 2, 5, 6, 8, 11, 14, 17, 21, 23, 27, 28, 31, 33, 37, 38, 39, 40, 44, 49, 50, 51, ...
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 14/2914 / 29
27. First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
28. First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
29. First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
30. First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
31. First Round Attack
Histogram of scores for each guessed value
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 15/2915 / 29
32. Second Round Attack
2nd
Round Attack - Strategy
Goal
To obtain the low-order nibble of each byte of the AES key
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 16/2916 / 29
33. Second Round Attack
2nd
Round Attack - Strategy
Goal
To obtain the low-order nibble of each byte of the AES key
Treat the low-order nibble of each of the 16 bytes of the key as an
attribute of a relation (table)
Each tuple in the table is a potential subkey values. Initially, any of
the 264 subkey values are possible
As in RDBMS, selection predicates are used to filter out tuples
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 16/2916 / 29
34. Second Round Attack
Selection Predicate for Key Retrieval
The selection predicates we employ are the 16 equations that relate the
indices of line numbers of table elements accessed in the second round
and various bytes of the plaintext and key
Example
x
(2)
0 = 2•s(p0 ⊕k0)⊕3•s(p5 ⊕k5)⊕s(p10 ⊕k10)⊕ s(p15 ⊕k15)⊕s(k13)⊕k0 ⊕1
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 17/2917 / 29
35. Second Round Attack
Applying the selection predicate
(x
(2)
0 ) = (2 • s(p0 ⊕ k0) ⊕ 3 • s(p5 ⊕ k5) ⊕ s(p10 ⊕ k10) ⊕ s(p15 ⊕ k15)
⊕ s(k13) ⊕ k0 ⊕ 1)
The LHS is the line number on which the required element resides
Actually what is provided by the spy is not a single number but a set
of line numbers
We retain a tuple only if the RHS evaluates to any element in the set
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 18/2918 / 29
36. Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key is
ε = −4
log2 c , where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
37. Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key is
ε = −4
log2 c , where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
But at what cost?
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
38. Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key is
ε = −4
log2 c , where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
But at what cost?
Handling 264 tuples
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
39. Second Round Attack
Performance and Cost considerations
The number of plaintexts (encryptions) required to retrieve the key is
ε = −4
log2 c , where c = (per table run size) /16
If c = 8/16 = 0.5, the number of encryptions required is just 4!
But at what cost?
Handling 264 tuples
Solution
Use relational join operations and Cartesian products in addition to
selects
Carefully choose the relational schema and which operations are per-
formed when and on which relations
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 19/2919 / 29
40. Second Round Attack
Relational Join Recap
Student Dept.
Cynthia EE
Mustafa ME
Prashant CS
Tsai-Shing CS
Dept. Building
CS Niagara
EE Danube
EE Nile
ME Ganges
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 20/2920 / 29
41. Second Round Attack
Relational Join Recap
Student Dept.
Cynthia EE
Mustafa ME
Prashant CS
Tsai-Shing CS
Dept. Building
CS Niagara
EE Danube
EE Nile
ME Ganges
Which students visit which buildings for department-related work?
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 20/2920 / 29
42. Second Round Attack
Relational Join Recap
Student Dept.
Cynthia EE
Mustafa ME
Prashant CS
Tsai-Shing CS
Dept. Building
CS Niagara
EE Danube
EE Nile
ME Ganges
=
Student Dept. Building
Cynthia EE Danube
Cynthia EE Nile
Mustafa ME Ganges
Prashant CS Niagara
Tsai-Shing CS Niagara
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 20/2920 / 29
50. Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
51. Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
52. Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
53. Results
Key Retrieval Algo in action (contd.) (Round 2 Attack)
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 23/2923 / 29
54. Results
Performance of Key Retrieval Algorithms
First Round Attack:
70% → in 5–7 encryptions
16% → in 8 encryptions
13% → in 9 encryptions
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 24/2924 / 29
55. Results
Performance of Key Retrieval Algorithms
First Round Attack:
70% → in 5–7 encryptions
16% → in 8 encryptions
13% → in 9 encryptions
Second Round Attack:
90% → in 6 encryptions
7% → in 7 encryptions
3% → in 8 encryptions
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 24/2924 / 29
56. Results
Algorithm’s performance as a function of run size
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 25/2925 / 29
57. Limitations and Extensions
Limitations
False Negatives in spy input will result in an incorrect key being de-
duced
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 26/2926 / 29
58. Limitations and Extensions
Limitations
False Negatives in spy input will result in an incorrect key being de-
duced
Assumptions made may not always hold
1 Victim and multi-threaded spy process are located on same core
2 Hardware prefetching of cache line is turned off
3 No other processes are accessing AES table
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 26/2926 / 29
59. Limitations and Extensions
Extensions
Design and implementation of error-tolerant key retrieval algorithm
Key retrieval algorithms with hardware prefetching turned on
Further optimizations in First Round Attack
Operationalization of the attack
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 27/2927 / 29
60. Summary and Conclusions
Conclusions
Designed and implemented a suite of algorithms to deduce the 128-bit
AES key using as input sets of unordered lines captured by spy threads
Two attack scenarios where either plaintext or ciphertext is known
Algorithms expressed using simple relational algebraic operations and
run in under a minute
In practice only 6–7 blocks of plaintext or ciphertext were required
Developed analytical models to estimate number of encryptions or de-
cryptions required
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 28/2928 / 29
61.
62. Function of Spy Thread and Spy Controller
Spy Thread
1: block until cond variable is true
2: for each line of AES tables do
3: measure access time
4: flush line
5: end for
6: finished ← true
Spy Controller
1: while finished = true do
2: keep polling
3: end while
4: signal(nextThreadID)
5: finished ← false
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 1/3 1 / 3
63. Function of Spy Thread and Spy Controller
Spy Thread
1: block until cond variable is true
2: for each line of AES tables do
3: measure access time
4: flush line
5: end for
6: finished ← true
Spy Controller
1: while finished = true do
2: keep polling
3: end while
4: signal(nextThreadID)
5: finished ← false
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 1/3 1 / 3
64. No. of surviving tuples
(x
(2)
0 ) = (2 • s(p0 ⊕ k0) ⊕ 3 • s(p5 ⊕ k5) ⊕ s(p10 ⊕ k10) ⊕ s(p15 ⊕ k15)
⊕ s(k13) ⊕ k0 ⊕ 1)
For an incorrect/random “guess” of the key, the RHS takes a value
between 0 and F with equal probability
The probability that a tuple survives (satisfies the predicate) is c =
(per table run size) /16
The number of surviving tuples is hence 264 × c
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 2/3 2 / 3
65. No. of plaintexts required for Key Retrieval
We have a total of 16 equations and inputs from ε encryptions or a
total of 16ε predicates
The size of the output relation after being subject to 16ε select
operations is 264 × c16ε
To estimate the number of plaintexts (encryptions) required to
retrieve the key, we solve for ε from 264 × c16ε = 1 to obtain
ε = −4
log2 c , where ε is no. of plaintext(s) required
Euro S&P ’16 Highly Efficient Algorithms for AES Key Retrieval in Cache Access Attacks 3/3 3 / 3