Paper Info
Title
Differential cache-collision timing attacks on AES with applications to embedded CPUs
Abstract
This paper proposes a new type of cache-collision timing attacks on software implementations of AES. Our major technique is of differential nature and is based on the internal cryptographic properties of AES, namely, on the MDS property of the linear code providing the diffusion matrix used in the MixColumns transform. It is a chosen-plaintext attack where pairs of AES executions are treated differentially. The method can be easily converted into a chosen-ciphertext attack. We also thoroughly study the physical behavior of cache memory enabling this attack. On the practical side, we demonstrate that our theoretical findings lead to efficient real-world attacks on embedded systems implementing AES at the example of ARM9. As this is one of the most wide-spread embedded platforms today [7], our experimental results might make a revision of the practical security of many embedded applications with security functionality necessary. To our best knowledge, this is the first paper to study cache timing attacks on embedded systems.
Year
DOI
Venue
2010
10.1007/978-3-642-11925-5_17
CT-RSA
Keywords
Field
DocType
cache-collision timing attack,embedded cpus,differential cache-collision timing attack,cache memory,efficient real-world attack,wide-spread embedded platform,cache timing attack,aes execution,chosen-ciphertext attack,embedded application,chosen-plaintext attack,embedded system,linear code,chosen ciphertext attack,timing attack
Block cipher,CPU cache,Cryptography,Cache,Computer science,Parallel computing,Smart card,Timing attack,Side channel attack,Linear code,Embedded system
Conference
Volume
ISSN
ISBN
5985
0302-9743
3-642-11924-7
Citations 
PageRank 
References 
32
1.41
11
Authors
4
Name
Order
Citations
PageRank
Andrey Bogdanov1206798.10
Thomas Eisenbarth284061.33
Christof Paar33794442.62
Malte Wienecke4321.41