Cache Based AES Attack Implementation and Its Theoretical Analysis

This paper proposes a highly efficient cache-based timing attack method against AES as well as other cryptographic algorithms running on SoC platforms. It is available due to the leaking information of cache behavior which can be actually observed during AES execution and is implemented based on table lookups for performance enhancement. We can completely confirm the 128 b cipher key by searching the statistical relationship between the cipher key and encryption timing during the first two rounds. Compared with the known means, our method is much easier to carry out and more robust under noisy environments caused by hardware and software interference. Additionally, by introducing the notion of sample number needed for a successful attack which denotes the strength of cryptographic algorithm, we present an analytical model based on statistical differential timing analysis. Through this model we could find out that different attacking strategies as well as system noise and some other factors exert very different influence on necessary sample number. Using our method, we have successfully compromised AES on several SoC platforms and verified the analytical model on MIPS4kc SoC platform with Linux2.4. By studying this analytical model, some common features of cache-based timing attacks have been deduced, and countermeasures are proposed therefore.