Darshana Jayasinghe

Remote Cache Timing Attack on Advanced Encryption Standard and countermeasures

AES, Advanced Encryption Standard, is a symmetric key encryption standard being widely used to secure data in places where data confidentiality is a critical issue. AES was adopted from the Rijndael algorithm which was developed by Joan Daemen and Vincent Rijmen. In 2001 NIST, National Institute of Standards and Technology, declared Rijndael algorithm as the next generation cryptographic algorithm, and thus was titled AES — Advanced Encryption Standard. NIST spent several years analyzing the Rijndael algorithm for vulnerabilities against all known breeds of attacks and finally declared it to be a secure algorithm. In 2005 Daniel J. Bernstein claimed that the software implementation of AES is vulnerable to side channel attacks. Side Channel Attacks are a form of cryptanalysis that focuses not on breaking the underlying cipher directly but on exploiting weaknesses found in certain implementations of a cipher. One could derive attacks based on side-channel information gained through timing information, radiation of various sorts, power consumption statistics, cache contents, etc. AES uses a series of table look ups to increase its performance. Since these tables do not fully fit into the cache, cache hits and misses are frequent during encryption, causing various look up times, and thus various encryption times that change according to the input text and the encryption key. The Cache Timing Attack proposed by Bernstein correlates the timing details for encryption under a known key with an unknown key to deduce the unknown key. Bernstein demonstrated the attack against the OpenSSL 0.9.7a AES implementation on an 850MHz Pentium III desktop computer running FreeBSD 4.8. Over the years many researchers have proposed a number of countermeasures against Bernsteins Cache Timing Attack but there is no evidence to date of any investigation carried out to determine their effectiveness and efficiency. Our study focused on verifying Bernsteins Cache Timing Attack and investigating some of the countermeasures that have been proposed by implementing them.

Advanced modes in AES: Are they safe from power analysis based side channel attacks?

Advanced Encryption Standard (AES) is arguably the most popular symmetric block cipher algorithm. The commonly used mode of operation in AES is the Electronic Codebook (ECB) mode. In the past, side channel attacks (including power analysis based attacks) have been shown to be effective in breaking the secret keys used with AES, while AES is operating in the ECB mode. AES defines a number of advanced modes (namely Cipher Block Chaining - CBC, Cipher Feedback - CFB, Output Feedback - OFB, and Counter - CTR) of operations that are built on top of the EBC mode to enhance security via disassociating the encryption function from the plaintext or the secret key used. In this paper, we investigate the vulnerabilities against power analysis based side channel attacks of all such modes of operations, implemented on hardware circuits for low power and high speed embedded systems. Through such an investigation, we show that AES is vulnerable in all modes of operations against Correlation Power Analysis (CPA) attack, one of the strongest power analysis based side channel attacks. We also quantify the level of difficulty in breaking AES in different modes by calculating the number of power traces needed to arrive at the complete secret key. We conclude that the Counter mode of operation provides a balance in between area and power while maintaining adequate resistance for power analysis attacks than when used with other modes of operations. We show that the previous recommendations for the rate of change in the keys and vectors is grossly inadequate, and suggest that it must be changed at least every 210 encryptions in CBC mode and 212 encryptions in CFB, OFB and CTR modes in order to resist power analysis attacks.

Countermeasures against Bernstein's remote cache timing attack

Cache timing attack is a type of side channel attack where the leaking timing information due to the cache behaviour of a crypto system is used by an attacker to break the system. Advanced Encryption Standard (AES) was considered a secure encryption standard until 2005 when Daniel Bernstein claimed that the software implementation of AES is vulnerable to cache timing attack. Bernstein demonstrated a remote cache timing attack on a software implementation of AES. The original AES implementation can methodically be altered to prevent the cache timing attack by hiding the natural cache-timing pattern during the encryption while preserving its semantics. The alternations while preventing the attack should not make the implementation very slow. In this paper, we report outcomes of our experiments on designing and implementing a number of possible countermeasures.

Randomised multi-modulo residue number system architecture for double-and-add to prevent power analysis side channel attacks

Security in embedded systems is of critical importance since most of our secure transactions are currently made via credit cards or mobile phones. Power analysis-based side channel attacks have been proved as the most successful attacks on embedded systems to retrieve secret keys, allowing impersonation and theft. State-of-the-art solutions for such attacks on public key cryptographic algorithms, such as elliptic curve cryptography, mostly in software, hinder performance and repeatedly attacked using improved techniques. To protect these public key ciphers from both simple power analysis and differential power analysis, as a hardware solution, we propose to take advantage of the inherent parallelisation capability in multi-modulo residue number systems (RNS) architectures to obfuscate the secure information. Random selection of moduli is proposed to randomly choose the moduli sets for each key bit operation. This solution allows us to prevent power analysis, although still providing all the benefits of RNS. In this study, the authors show that differential power analysis, cross correlation analysis and correlation power analysis for a simple binary double-and-add operation are thwarted using their solution.

Constant time encryption as a countermeasure against remote cache timing attacks

Rijndael was standardized in 2001 by National Institute of Standard and Technology as the Advanced Encryption Standard (AES). AES is still being used to encrypt financial, military and even government confidential data. In 2005, Bernstein illustrated a remote cache timing attack on AES using the client-server architecture and therefore proved a side channel in its software implementation. Over the years, a number of countermeasures have been proposed against cache timing attacks both using hardware and software. Although the software based countermeasures are flexible and easy to deploy, most of such countermeasures are vulnerable to statistical analysis. In this paper, we propose a novel software based countermeasure against cache timing attacks, known as constant time encryption, which we believe is secure against statistical analysis. The countermeasure we proposed performs rescheduling of instructions such that the encryption rounds will consume constant time independent of the cache hits and misses. Through experiments, we prove that our countermeasure is secure against Bernsteins cache timing attack.

Accelerating correlation power analysis using graphics processing units (GPUs)

Correlation Power Analysis (CPA) is a type of power analysis based side channel attack that can be used to derive the secret key of encryption algorithms including DES (Data Encryption Standard) and AES (Advanced Encryption Standard). A typical CPA attack on unprotected AES is performed by analysing a few thousand power traces that requires about an hour of computational time on a general purpose CPU. Due to the severity of this situation, a large number of researchers work on countermeasures to such attacks. Verifying that a proposed countermeasure works well requires performing the CPA attack on about 1.5 million power traces. Such processing, even for a single attempt of verification on commodity hardware would run for several days making the verification process infeasible. Modern Graphics Processing Units (GPUs) have support for thousands of light weight threads, making them ideal for parallelizable algorithms like CPA. While the cost of a GPU being lesser than a high performance multicore server, still the GPU performance for this algorithm is many folds better than that of a multicore server. We present an algorithm and its implementation on GPU for CPA on 128-bit AES that is capable of executing 1300x faster than that on a single threaded CPU and more than 60x faster than that on a 32 threaded multicore server. We show that an attack that would take hours on the multicore server would take even less than a minute on a much cost effective GPU.

A Hardware/Software Countermeasure and a Testing Framework for Cache Based Side Channel Attacks

Cache attacks have been described in the literature for over a decade now. Cache attacks are performed remotely by the use of time differences observed due to cache misses and hits, or by the use of power traces either by measuring power or by monitoring the bus between the processor and the memory to monitor the cache activity. In this paper, for the first time we have implemented a fast trace driven cache attack, and incorporated this attack into a flexible framework containing extensible processor(s). This simulator is modifiable and incorporates both Tensilicas [9] processor simulator environment along with DRAMsim, a DRAM simulator. Thus we are able to make changes to processors instruction set, its cache architecture, and add additional hardware units. On this framework we have implemented a hardware / software countermeasure and shown that it is difficult to differentiate the cache misses for differing encryptions. The processor with the countermeasure is 30% more energy efficient, 17% more power efficient and 15% faster and when compared to processor without the countermeasure. The area of the processor with the countermeasure increases by 7.6%.

QuadSeal: quadruple algorithmic symmetrizing countermeasure against power based side-channel attacks

Power based side-channel attacks attempt to obtain the secret key from implementations of cryptographic algorithms, such as Advanced Encryption Standard (AES), by analyzing the power traces during execution. Such attacks employ statistical methods to find correlations of power traces with parts of the secret key. In order to be effective, a countermeasure must remove or conceal such a signature. Previous countermeasures have either removed dynamic power signatures or leakage power signatures, but have not demonstrated effectiveness against both. In this paper, for the first time, we propose a balance and rotate technique for block cipher based algorithms and demonstrate it on an AES circuitry to remove the signature of the secret key from both the static and dynamic components of the power traces and further demonstrate that the countermeasure can withstand the path imbalances and process variation effects. Our solution, relies on algorithmically balancing Hamming distances and Hamming weights (where the bit transitions on the registers and gates are balanced, and the total number of 1s and 0s are balanced) by the use of four identical circuits with differing inputs and modified SubByte tables. By randomly rotating the four encryptions, the system is protected against variations, path imbalances and aging effects. When resistance against power analysis attacks is not of high priority, the proposed countermeasure allows components to be switched off to save power, or to run four executions in parallel for high performance. The proposed countermeasure is implemented for AES and tested against CPA and MIA attacks (for up to a million traces) and none of the secret keys were found even after one million power traces (unprotected AES circuit revealed the secret key within 5,000 power traces). This is the smallest known circuit which is capable of withstanding power based side-channel attacks when variations, path imbalances and aging effects are considered.

Does it sound as it claims: a detailed side-channel security analysis of QuadSeal countermeasure

VLSI systems often rely on embedded cryptographic cores for security when the confidentiality and authorization is a must. Such cores are theoretically sound but often vulnerable to physical attacks like side-channel analysis (SCA). Several countermeasures have been previously proposed to protect these cryptographic cores. QuadSeal was proposed as an algorithmic balancing technique to thwart power analysis attacks on block cipher algorithms. QuadSeal can be implemented either in hardware or software and it was previously shown on Advanced Encryption Standard (AES) (referred as QuadSeal-AES) to be resistant against power analysis attacks (Correlation Power Analsis and Mutual Information Analysis). In this paper, we analyze QuadSeal against SCA (against power analysis attacks) using leakage detection techniques as well as Correlation Power Analysis with success rates. Our results show that QuadSeal has leakages; however CPA with success rate attack was unable to exploit the leakages efficiently.

Side channel attacks in embedded systems: A tale of hostilities and deterrence

Security of embedded computing systems is becoming paramount as these devices become more ubiquitous, contain personal information and are increasingly used for financial transactions. Side Channel Attacks, in particular, have been effective in obtaining secret keys which protect information. In this paper we selectively classify the side channel attacks, and selectively demonstrate a few attacks. We further classify the popular countermeasures to Side Channel Attacks. The paper paints an overall picture for a researcher or a practitioner who seeks to understand or begin to work in the area of side channel attacks in embedded systems.