Your SlideShare is downloading. ×
0
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Presentation

268

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
268
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Full AES key extraction in 65 milliseconds using cache attacks Dag Arne Osvik Adi Shamir 1 Eran Tromer 1 1 Weizmann Institute of Science
  • 2. CPU core CPU cache memory Main memory CPU
  • 3. Cache Attacks <ul><ul><li>The state of the cache persists between processes, resulting in inter-process contention for cache resources. </li></ul></ul><ul><ul><li>The data in the memory and caches is protected by virtual memory mechanisms, but the metadata is unprotected. </li></ul></ul><ul><ul><li>This causes a leak of information about memory access patterns . </li></ul></ul><ul><ul><li>… which can be exploited cryptanalytically (e.g., breaking AES ) </li></ul></ul><ul><ul><li>… very efficiently (e.g., just 300 encryptions for a known-plaintext attack) </li></ul></ul><ul><ul><li>… or in a very powerful attack model (no knowledge of plaintexts or ciphertexts) </li></ul></ul>
  • 4. Past works on cache attacks <ul><ul><li>Theoretical attacks [Page 2002] </li></ul></ul><ul><ul><li>Timing attacks using internal collisions in block ciphers [Tsunoo Saito Suzaki Shigeri Miyauchi ’03] </li></ul></ul><ul><ul><li>Recently: </li></ul></ul><ul><ul><li>Timing attacks on AES based on external collisions [Bernstein ’04] </li></ul></ul><ul><ul><li>Cache probing attack, Improved timing attacks via cache modeling, “Hyper Attacks” on AES [Osvik Shamir Tromer ’05] </li></ul></ul><ul><ul><li>“ Hyper Attacks” on RSA [Percival ’05] </li></ul></ul>UPDATES
  • 5. A typical software implementation of AES char p[16], k[16]; // plaintext and key int32 T0[256],T1[256],T2[256],T3[256]; // lookup tables int32 Col[4]; // intermediate state ... /* Round 1 */ Col[0]  T0[ p[ 0] © k[ 0] ]  T1[ p[ 5] © k[ 5] ]  T2[ p[10] © k[10] ]  T3[ p[15] © k[15] ] ; Col[1]  T0[ p[ 4] © k[ 4] ]  T1[ p[ 9] © k[ 9] ]  T2[ p[14] © k[14] ]  T3[ p[ 3] © k[ 3] ] ; Col[2]  T0[ p[ 8] © k[ 8] ]  T1[ p[13] © k[13] ]  T2[ p[ 2] © k[ 2] ]  T3[ p[ 7] © k[ 7] ] ; Col[3]  T0[ p[12] © k[12] ]  T1[ p[ 1] © k[ 1] ]  T2[ p[ 6] © k[ 6] ]  T3[ p[11] © k[11] ] ; lookup index = plaintext  key (and the parameters are favorable to the attack)
  • 6. Associative memory cache main memory cache cache line (64 bytes) memory block (64 bytes) cache set (4 cache lines)
  • 7. AES tables in memory DRAM cache T0
  • 8. Detecting access to AES tables (basic idea) DRAM cache T0 Attacker memory
  • 9. Attack 1: Evict+Time <ul><li>Selectively manipulate the state of the cache (e.g., evict a full cache set) </li></ul><ul><li>Trigger encryption </li></ul><ul><li>Measure how long it took </li></ul><ul><li>Deduce what cache sets it accessed </li></ul><ul><li>… cryptanalyze </li></ul>Our experimental result When attacking OpenSSL AES encryptions, can recover full key using 35 seconds of measurements.
  • 10. Attack 2: Prime+Probe <ul><li>Fill cache with attacker’s own data </li></ul><ul><li>Trigger encryption </li></ul><ul><li>Time access to attacker memory to see if it is still in cache </li></ul><ul><li>Deduce what cache sets the encryption accessed </li></ul><ul><li>… cryptanalyze </li></ul><ul><li>Oblivious to timing variability in attacker code, hence applicable to larger real systems . </li></ul>
  • 11. Attack 2 Our experimental results: <ul><li>When attacking OpenSSL AES encryptions: Full key recovery using 16 milliseconds of measurements (300 encryptions with known inputs ). Next talk: If you have known outputs , 30 encryptions suffice. </li></ul><ul><li>When attacking a Linux dm-crypt AES encrypted filesystem (complicated system call going through filesystem, VM, scheduler…) : Full key recovery using 65 milliseconds of measurements (800 encryptions) and 3 seconds of off-line analysis. </li></ul>
  • 12. Attack 3: “Hyper Attack” <ul><li>No explicit interaction between attacker and victim. </li></ul><ul><li>No knowledge of specific plaintexts or ciphertexts. </li></ul><ul><li>One implementation exploits HyperThreading . </li></ul><ul><li>Fill cache with attacker’s data </li></ul><ul><li>Wait for someone else to perform encryption </li></ul><ul><li>Time access to attacker memory to see if it is still in cache </li></ul><ul><li>Deduce what cache sets the encryption accessed </li></ul><ul><li>… cryptanalyze based on knowledge of prior distribution of plaintexts/ciphertexts </li></ul>
  • 13. Experimental results measuring OpenSSL AES encryption of English text
  • 14. Implications <ul><li>Impact: </li></ul><ul><ul><li>Multiuser systems </li></ul></ul><ul><ul><li>VPNs </li></ul></ul><ul><ul><li>Virtual machines </li></ul></ul><ul><ul><li>Trusted computing </li></ul></ul><ul><ul><li>Sandboxes (JVM, JavaScript) </li></ul></ul><ul><ul><li>Remote attacks </li></ul></ul><ul><li>Easy to deploy – pure software </li></ul><ul><li>Hard to detect </li></ul><ul><li>Hard to protect efficiently </li></ul><ul><li>Full paper on my webpage: http://www.wisdom.weizmann.ac.il/~tromer </li></ul>

×