exploiting cache-timing in aes: attacks and countermeasures
DESCRIPTION
Exploiting Cache-Timing in AES: Attacks and Countermeasures. Ivo Pooters [email protected] March 17, 2008. Seminar Information Security Technology. Outline. Introduction About Cache AES Primer Cache-timing attacks Countermeasures Conclusion. - PowerPoint PPT PresentationTRANSCRIPT
Exploiting Cache-Timing in AES:Attacks and Countermeasures
Ivo Pooters
March 17, 2008
Seminar Information Security Technology
Outline
→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures → Conclusion
1. Introduction
2. About Cache
3. AES Primer
4. Cache-timing attacks
5. Countermeasures
6. Conclusion
comes your footer Page 3
Side Channel Attacks
→ Side Channel Attacks → Cache-Timing Attacks→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
• Timing AttackBased on the time taken by the device to execute particular
operation.
• Power Analysis AttackBased on analyzing the power consumptions of the device to execute
particular operations.
• Fault AttackAbnormal environmental conditions to generate malfunctions in the processor which provide additional access.
Cache-Timing Attacks
Here comes your footer Page 4
Cache-Timing Attacks• Goal: Extract key information
• The difference in access time for cache and main memory can reveal memory access patterns
• Idea: Analyze time used for encrypting certain plaintexts to retrieve information of the secret key
• No special equipment required!
→ Side Channel Attacks → Cache-Timing Attacks→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 5
What is Cache?
→ What is cache?→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Slow!
Fast!
Figure from [1]
Here comes your footer Page 6
Advanced Encryption Standard
• Symmetric cipher to replace DES
• Three modes: AES-128, AES-192, AES-256
• 16-byte block size, 16-byte key, 16-byte intermediary states
• Key expanded to 10 Round Keys
→ Advanced Encryption Standard → AES Algorithm → AES Memory Access→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 7
AES Algorithm
→ Advanced Encryption Standard → AES Algorithm → AES Memory Access→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Figure from [3]
Here comes your footer Page 8
AES Memory Access• Implementated as series of table lookups
• 8 Tables precalculated; T0 , … , T3 and T0(10) , …, T3
(10)
• Each round r calculates intermediary state x(r+1)
• State X(0) is simply p k
→ Advanced Encryption Standard → AES Algorithm → AES Memory Access→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Ki(r) is the i-th 4-byte word of the expanded round key
Here comes your footer Page 9
Known Attacks
• D.J. Bernstein describes a synchronous attack in [4]• Osvik et al describe a more general approach for synchronous attacks ([2])• Applicable to existing systems, e.g. dm-crypt
• Manipulate the cache to influence delays
• Asynchronous attacks ([2])• No interaction required with the encryption algorithm
• Use own program to manipulate cache and analyze the timings
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 10
The Bernstein Attack
• Described by D.J. Bernstein in [4] on OpenSSL AES Implementation
• Synchronous attack: attacker can trigger encryption with known plaintext.
• Simple server setup: 1. Server started with secret key
2. Server Reads a UDP packet from network. UDP packet have variable length but start with 16-byte nonce
3. Server copies high precision timestamp and nonce to response
4. Server encrypts the packet content
5. Server sends the response: 2 x timestamp, scrambled zero and nonce
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 11
Attack Summary
• Special case for r=0
• Consider T0[x0(0)] = T0[k0 p0]
• Timing for lookup depends on value of k0 p0 → AES Timing leaks information on k0
• This is true for any ki pi , for i = 0,…,15
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 12
Attack Summary cont’d
• Assume the attacker1. Watches the total time taken by victim to handle many p’s
2. Totals the AES times for each possible p13
3. Observes the total time is maximum for p13 = 147
• Assume the attacker can experiment in the same environment with known k’s and finds that overall AES maximum when k13 p13 = 8.
• Now, k13 = 8 147
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 13
The actual Attack, step 1
• Attacker runs server with known key: all zeroes
• About 222 random 400-byte packets encrypted
• Study the resulting timings for e.g. p13 :• Timing max at p13 = 8
• Since k13 = 0, Timing max when x13 (=k13 p13) = 8
• See next slide for results
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 14
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Results for p13
Here comes your footer Page 15
The actual Aattack, step 1 cont’d
• For some key bytes, not all the bits are leaked from this attack run.
• E.g. p5 results show stronger correlation between values of p5
• Timings for p5 {0,1,2,3,4,5,6,7} statistically indistinguishable.
• This means timing analysis would leak k5 {0,1,2,3,4,5,6,7}, i.e. top 5 bits of k5
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 16
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Results for p5
Here comes your footer Page 17
The actual Attack, step 2
• Now send packets to the victims server which uses a secret key
• Step 1 gives values for xi = ki pi with max timing.
• Step 2 gives values for pi with max timing.
• Combining the results from step 1 with step 2 yields the leaked key-bits.
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 18
The actual Attack, step 2 cont’d
• The attacker repeats attack with various packet sizes to pinpoint the keys
• Most likely not all key-bits are leaked, but enough for brute-force search
• For the attack described by Bernstein, the brute force < 1 minute!
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 19
Evaluation
• Time in order of hours for AES-128
• More noise in measurement can be solved with more samples
• Attacker should be able to trigger encryptions
• To do experiments, attacker needs the exact same system as victim
→ Known Attacks → The Bernstein Attack → Attack Summary → The actual Attack → Evaluation→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 20
Countermeasures
• Avoid memory access: use bit slice implementation or crude slow arithmetic and logical operations
• Hide timing: worst-case constant time, slow. Every operation as slow as memory access
• Static cache: disable cache-sharing and load all tables in cache
→ Countermeasures→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 21
Conclusions
• Input dependant table lookups make AES vulnerable to cache-timing attacks
• Bernstein has found a feasible cache-timing attack.
• Osvik et al describe describe even faster and more applicable attacks
• Countermeasures exist, but hinder performance
→ Conclusions → References→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion
Here comes your footer Page 22
QUESTIONS ?
→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures → Conclusion
Here comes your footer Page 23
References
• [1] U. Drepper. Memory Part 2: CPU Caches. http://lwn.net/Articles/252125/
• [2] D. Osvik, A. Shamir, E. Tromer. Cache-attacks and Countermeasures: the Case of AES. November 2005
• [3] Specification for the Advanced Encryption Standard. November 2001
• [4] D.J. Bernstein. Cache-Timing Attacks on AES. April 2005
→ Conclusions → References→ Introduction → About Cache → AES Primer → Cache-Timing Attacks → Countermeasures →
Conclusion