6/2/2015cache-timing attack on aes - sukesh jain 1 sukesh jain – 276904 media informatics...

04/18/23 Cache-timing Attack on AES - Sukesh Jain

1

Sukesh Jain – 276904Media Informatics

[email protected]

Cache-timing Attack on AESComputer Security Seminar


2

• What is AES?

• Development Process of AES

• AES Algorithm

• Efficient Implementation Technique

• Cache-timing Attack on AES

• Prevention of Attack

• Summary

Agenda


3

• AES stands for Advanced Encryption Standards.

• NIST selected Rijndael as the proposed AES algorithm.

• Pronunciation alternatives of Rijndael: "Reign Dahl," "Rain Doll"

and "Rhine Dahl.“

• Rijndael was proposed by Dr. Vincent Rijmen and Dr. Joan

Daemen from Belgium

• As a replacement for DES.

• Symmetric

• Block Cipher

• 128 bit Data and Key size of 128, 192 and 256 bits.

• Resistant to known attacks.

What is AES?


4

Development Process of AES

• Development Process was known for its openness and transparency.

• For the first time general public was involved in the development process.

• January 2, 1997 - NIST decided to develop AES.

• Goal:– To develop a Federal Information Processing Standard

(FIPS).

– To be used by the U.S Government to protect its sensitive unclassified information.

– Should be available to public on royalty-free basis.


5

Development Process of AES – Acceptability Criteria

• September 12, 1997 - NIST made a formal

call for the algorithms

• Acceptability Criteria:

– Symmetric Key Encryption

– Block Cipher

– Key-Block combination of 128-128, 192-128 and

256-128 bits (Scalability).

– Should be available to public on royalty-free

basis.


6

Development Process of AES – Evaluation Criteria I

• 21 Algorithms were received.

• NIST evaluated these algorithms against

the following criteria ranked according

to their relative importance:

– Security

– Cost

– Algorithm & Implementation Characteristics


7

Development Process of AES – Evaluation Criteria II

• Security– Effort required for cryptanalysis– Mathematical Basis of the algorithm– Security Issues raised by public.

• Cost– Licensing requirements– Computational efficiency– Memory requirements

• Algorithm & Implementation Characteristics– Flexibility– Hardware & Software suitability– Simplicity


8

Development Process of AES – Important Milestones I

• January 2, 1997: NIST decides on AES development.• April 2, 1997: Deadline for Comments on Proposal of AES.• April 15, 1997: Workshop on evaluation Criteria.• September 12, 1997: Formal call for Algorithms• April 15, 1998: Deadline for completeness review by NIST.• May 15, 1998: Deadline time for any changes.• June 15, 1998: Deadline for submission of final Algorithm. 21

Submission were received.• August 20-22, 1998: NIST announces the 15 candidate

algorithm from 12 different countries at the First AES Candidate Conference held in Ventura, California.

• March 22-23, 1999: For the first time the conference was held outside U.S. Second AES Candidate Conference was held in Rome, Italy.

• April 15, 1999: Deadline for initial public review of the algorithm.


9

Development Process of AES – Important Milestones II

• August 9, 1999: NIST announces the final five candidates for the AES. They are : – MARS– RC6– Rijndael– Serpent– Twofish

• April 13-14, 2000: Third AES Candidate Conference was held at the Hilton New York and Towers in New York, USA.

• October 2, 2000: Rijndael (but only key lengths of 128, 192 & 256 bits) was chosen for AES by NIST after very long and complex evaluation process.

• February 28, 2001: Federal Information Processing Standard (FIPS) for AES was available for public review.

• November 26, 2001: AES was adopted as a standard.• December 4, 2001: FIPS 197 was published in the Federal

Register.


10

AES Algorithm

• Mathematical Preliminaries– Field

– Finite Field

– Finite Field Operations

– Polynomials with Coefficients in GF(28)

• Algorithm Specification

• Encryption Process

• Decryption Process


11

Mathematical Preliminaries - Field

• Field:– Set M with two binary operators ‘+’ & ‘*’ : M x M

M.

– Result of ‘+’ & ‘*’ operation must be an element of set M itself.

– Satisfies field axioms of Commutative, Associative, identity (this indicates set must contain ‘0’ & ‘1’) and Inverse (except ‘0’ doesn’t have multiplicative inverse) for both ‘+’ & ‘*’ operation.

– Also Distributive Property.


12

Mathematical Preliminaries - Finite Field

• Finite Field:– Finite field order (finite number of elements)– Also known as Galois field.– Field order always a prime or a power of a prime – Various notations like Fpn , GF(pn) or GF(q) where

q = pn and p is prime. If q is prime, the elements 0,1,...,q-1 form the field GF(q) under modulo q addition and multiplication.

– Example of Galois Field is GF(22) with irreducible polynomial f(x) = x2+ x + 1. This field has four elements {0, 1, x, x+1}. The coefficient of x can be either 0 or 1.


13

Mathematical Preliminaries - Finite Field Operations

• Finite Field Operations over GF(2)– Addition

• XOR operation denoted by the symbol .

• Modulo 2 additions of the coefficients of the corresponding powers of the polynomial.

– Subtraction• Similar to addition.

– Multiplication• Multiplication is denoted by •.• Multiplication modulo an irreducible polynomial of degree 8 to reduce

the degree of the result back to less than 8 so, that it can be represented in a byte.

• The irreducible polynomial used in AES is m(x) = x8 + x4 + x3 + x + 1.• Multiplicative inverse of any non zero binary polynomial b(x) of degree

less than 8 can be found using the extended Euclidean algorithm


14

Mathematical Preliminaries - Polynomials with Coefficients in GF(28)

• Polynomials with Coefficients in GF(28)– Consider a 32 bit word polynomial where each coefficient is a

finite field element i.e. each coefficient is of 8 bits.a(x) = a3x3 + a2x2 + a1x + a0

– a(x) can also be denoted as [a0, a1, a2, a3].– Now addition of two polynomials is given by

a(x) + b(x) = (a3 b3)x3 + (a2 b2)x2 + (a1 b1)x + (a0 b0)– Multiplication of two 32 bit word polynomial is the product of

two polynomials. This may result in a polynomial of degree greater than 4 and hence the resultant polynomial is reduced by modulo a polynomial of degree 4 to make it 32 bit word.

– In case of AES the modulo polynomial used is x4 + 1.– x4 + 1 is a reducible polynomial. Hence the multiplication may

not be invertible. For this reason AES uses a fixed four term polynomial which has the inverse.

a(x) = {0x03}x3 + {0x01}x2 + {0x01}x + {0x02}a-1(x) = {0x0b}x3 + {0x0d}x2 + {0x09}x + {0x0e}


15

Algorithm Specification - I

• The State– Intermediate two dimensional array of bytes on

which all the operations are performed.– It has 4 rows and ‘Nb’ columns.– ‘Nb’ depends upon the block length and given

by block length divided by the word length (usually 32 bits).

– For AES-128 ‘Nb’ is 4 (128/32).– In the beginning of encryption and decryption

the input is copied to the state array and at the end the state is copied back to the output array.

s[r, c] = in[r + 4c] for 0 r < 4&0 c < Nb.

out[r + 4c] = s[r, c] for 0 r < 4&0 c < Nb.


16

Algorithm Specification - II

• Number of rounds ‘Nr’ depends upon the cipher key size and is given in the table below.

AES Version

Key Length

(Nk words)

Block Size(Nb

words)

Number ofRounds

(Nr)

AES-128 4 4 10

AES-192 6 4 12

AES-256 8 4 14


17

Encryption Process - I

Source: www.quadibloc.com/crypto/images/rijnov.gif

Source: http://klabs.org/mapld05/presento/103_swankoski_p.ppt


18

Encryption Process – SubBytes - I

• S-box lookup (16x16 bytes containing a permutation of all 256 (8-bit) values).

• Non-linear.• Two steps to create S-box:

– Multiplicative inverse in the finite field GF(28) (zero mapped to itself).

– Affine transformation is applied over finite field GF(2).b′i = bi b(i+4) mod 8 b(i+5) mod 8 b(i+6) mod 8 b(i+7) mod 8 ci

– for 0 ≤ i < 8, where bi is the ith bit of the State byte and ci is the ith bit of byte c with a value of {0x63} or {01100011}.


19

Encryption Process – SubBytes - II

• The matrix form of the affine transformation would be


20

Encryption Process – ShiftRows - I

• Cyclically left shifts last three rows of the State array.

• Number of bytes to be shifted depends upon:– The row number in the State array– The version of AES algorithm.


21

Encryption Process – ShiftRows - II

• ShiftRows transformation is given by

S′r,c = Sr,(c+shift(r, Nb)) mod Nb for 0 < r < 4 & 0 ≤ c < Nb

• The value of shift(r, Nb) depends upon the row number r as mentioned earlier.


22

Encryption Process – MixColumns - I

• Each column of the State array is treated as a four term polynomial over finite field GF(28).

• This polynomial is multiplied modulo x4+1 with a fixed polynomial a(x)

• a(x) = {0x03}x3 + {0x01}x2 + {0x01}x + {0x02}


23

Encryption Process – MixColumns - II

• x4+1 is not irreducible.• Hence the result may not be invertible.• Therefore select a fixed polynomial whose

inverse exist.

Fig : Matrix form of multiplication modulo


24

Encryption Process – AddRoundKey

• Bitwise XOR of the Round Key obtained through the Key Schedule with the State array.

[s′0,c s′1,c s′2,c s′3,c] = [s0,c s1,c s2,c s3,c] [wround*Nb+c]

for 0 ≤ c < Nb & 0 ≤ round ≤ Nr


25

Decryption Process

Source: http://ece.ut.ac.ir/classpages/F85/NetworkSecurity/slides/session_07.ppt


26

Decryption Process - InvShiftRows

• Inverse of ShiftRows• Cyclically right shifts last three

rows of the State array.• Number of bytes to be shifted

depends upon:– The row number in the State array– The version of AES algorithm.

• InvShiftRows transformation is given by

S′r,(c+shift(r, Nb)) mod Nb = Sr,c for 0 < r < 4 & 0 ≤ c <

Nb

• The value of shift(r, Nb) depends upon the row number r as mentioned earlier.


27

Decryption Process - InvSubBytes

• Inverse S-box look up for each byte of the State array.

• Construction of inverse S-box involves two steps:– Inverse affine

transformation is applied to each byte of the state array

– Multiplicative inverse is looked up in the finite field GF(28).


28

Decryption Process - InvMixColumns

• Each column of the State array is treated as a four term polynomial over finite field GF(28).

• The polynomial is multiplied modulo x4+1 with the inverse of fixed polynomial a(x) i.e. a-1(x).

• a-1(x) = {0x0b}x3 + {0x0d}x2 + {0x09}x + {0x0e}

s′(x) = s(x) a-1(x)


29

Decryption Process – Inverse AddRoundKey

• AddRoundKey transformation make use of simple XOR operation.

• Hence it is its own inverse.

• http://www-math.uni-paderborn.de/~aggathen/rijndael/2001/flussvisualisierung/

• Here one can find a good visualization of AES. It makes use of different colors to represent each byte and then how the bytes go through the transformation during the AES process.

http://www-math.uni-paderborn.de/~aggathen/rijndael/2001/flussvisualisierung/

http://www-math.uni-paderborn.de/~aggathen/rijndael/2001/flussvisualisierung/


30

Efficient Implementation Technique - I

• Consider the output ei,j of a round function of one row of the State array ai,j where i denote the row number and j denote the column number. 0,j 0,j 0,j

1,j 1,j 1,j

2,j 2,j 2,j

3,j 3,j 3,j

e d k

e d k

e d k

e d k

AddRoundKey transformation

MixColumns transformation

0,j 0,j

1,j 1,j

2,j 2,j

3,j 3,j

0 02 0 03 0 01 0 01

0 01 0 02 0 03 0 01

0 01 0 01 0 02 0 03

0 03 0 01 0 01 0 02

d cx x x xd cx x x x

d x x x x c

x x x xd c


31

Efficient Implementation Technique - II

• ShiftRows Transformation– In (j-C1), C1 denote the number of bytes to be shifted as shown

by the table in the Encryption process – ShiftRows – II section.

• SubBytes Transformationbi,j = S[ai,j]

• By Substituting the above equations can be combined into a single equation given by:

0, j 0, j

1, j 1, (j - C1) mod Nb

2, j 2, (j - C2) mod Nb

3, j 3, (j - C3) mod Nb

c b

c b

c b

c b

0,j0, j

1, (j - C1) mod Nb1, j

2, j 2, (j - C2) mod Nb

3, j3, (j - C3) mod Nb

0 02 0 03 0 01 0 01

0 01 0 02 0 03 0 01

0 01 0 01 0 02 0 03

0 03 0 01 0 01 0 02

S ae x x x x

S ae x x x x

e x x x x S ae x x x x

S a

0, j

1, j

2, j

3, j

k

k

k

k


32

Efficient Implementation Technique - III

• The previous equation can be rewritten as

• Now we can define 4 Tables:

0, j

1, j

0, 1,( 1)mod 2,( 2)mod 3,( 3)mod2, j

3, j

0 02 0 03 0 01 0 01

0 01 0 02 0 03 0 01[ ] [ ] [ ] [ ]

0 01 0 01 0 02 0 03

0 03 0 01 0 01 0 02

j j C Nb j C Nb j C Nb

e x x x x

e x x x xs a s a s a s a

e x x x x

e x x x x

0, j

1, j

2, j

3, j

k

k

k

k

[ ] 0 02

[ ][ ]

[ ]

[ ] 0 03

o

S a x

S aT a

S a

S a x

1

[ ] 0 03

[ ] 0 02[ ]

[ ]

[ ]

S a x

S a xT a

S a

S a

2

[ ]

[ ] 0 03[ ]

[ ] 0 02

[ ]

S a

S a xT a

S a x

S a

3

[ ]

[ ][ ]

[ ] 0 03

[ ] 0 02

S a

S aT a

S a x

S a x


33

Efficient Implementation Technique - IV

• Each Table occupies 1KB (256 *4) and in total 4 tables occupies 4KB.

• Finally the output of a round function can be expressed as a lookup of these 4 tables.

• Since there is no MixColumns transformation in the last round and hence we lookup S-box ‘S’ tables instead of these ‘T’ tables for the last round.

j 0 0,j 1 1,(j-C1) mod Nb 2 2,(j-C2) mod Nb 3 3,(j-C3) mod Nb j= [a ] [a ] [a ] [a ] ke T T T T


34

Efficient Implementation Technique - V

• These 4 table lookup can further be reduced to

single table lookup with additional 3 rotations

per round per column. In this case the total

table size is reduced from 4KB to 1KB.

• Moreover Key Expansion consist of 32 bit word

XORs, S-box lookup and a cyclic shift of 8-bits

which can be implemented very efficiently.


35

Cache-timing Attack on AES - I

• Cache-timing attack is one form of the “Side-channel attacks”.

• “Side-channel attacks” are the attacks that recover the secret key based on the “Side Channel Information” of the physical device on which the algorithm is implemented rather than the weakness of the algorithm or by making use of either plain text (input) or cipher text.

• Side channel Information:– Power consumption– Time (time taken by the process or the movement of

data into either CPU or memory)– Noise etc


36

Cache-timing Attack on AES - II

• Timing Attack:– Takes into account the time taken to perform an encryption.

– Varies based on the secret data to be encrypted.

• According to Daniel J. Bernstein, it is the weakness of AES that reveals the timing information.

• AES algorithm relies heavily on the table lookup.

• The table lookup depends upon the input (k[i]n[i]) and hence it doesn’t result in constant time.

• Thus the attacker can make use of this table look up to deduce the key k[i] as a timing function of n[i].


37

Cache-timing Attack on AES - Overview

• The steps involved in the attack:– Measure the timing information for different

values of n[i] for large set of data on target server.

– Total the time for each value of n[i].– Find the maximum time involved for which value

of n[i] say 147.– Simulates or make exact copy (same AES

software, same CPU etc) of the target server on which the above step was carried.

– Measure the maximum time for the combination of known key and the plain text k[i] n[i] say 8.

– From this one can calculate the key offset, revealing the key k[i] i.e. 147 8 = 155.


38

Cache-timing Attack on AES - Server Program

• Server Program

– Makes use of OpenSSL AES implementation.

– Returns the scrambled zero.

– To reduce the amount of noise in the timing

information.

– But the noise doesn’t prevent the attack itself,

it is just that large number of packets are then

required to average out the effect of noise.


39

Cache-timing Attack on AES - Preparation of Attack - I

• Runs the server program with known key of all zeros.

• Collects the reference timing information by sending random number of 400 (600, 800) byte packets to the simulated server using the study program from another x86 system.


40

Cache-timing Attack on AES - Preparation of Attack - II


41

Cache-timing Attack on AES - Carrying out the attack - I

• Runs the server program with secret key (/dev/urandom).

• Collects the timing information using the study program by sending random number of 400 (600, 800) byte packets.

• Correlate the two timing informations to find the offset of the possible keys k[i] , there by revealing the key k[i].


42

Cache-timing Attack on AES - Carrying out the attack - II


43

Reference timing data for each xi Timing data from a target machine

for the plaintext byte pi

The target machine’s timing data is exactly ki offset apart from the reference timing data and thereby revealing the secret key.


44

Prevention of Attack

• Constant time AES software– Table lookup should be independent of the input and key.

– Table lookup should be replaced by the short bitwise operations like XOR.

Would result in constant time.

Would take longer time compared to the table lookup.

• How to find whether given AES software takes constant time.– Collect timing information for different inputs and see if it all

takes constant time.• Even this cannot guarantee that AES software takes constant

time.


45

Problem: Cache is faster than DRAM

• Advice for AES Implementers

– AES S-boxes should be in the cache throughout the AES

computation

– S-boxes can be kicked out of the cache by AES

computation itself or by other process running on the

system.

• Advice for CPU Designers

– Should provide a constant time S-box lookup instruction

solving the problem not only for AES but also for all those

processes making use of table lookups.


46

Problem: L1 cache is faster than L2 cache

• Advice for AES Implementers– AES S-boxes should be in the L1 cache

throughout the AES computation– S-boxes can be kicked out of the L1 cache to

make room for other AES computation itself or other processes or interrupts etc.

• Advice for CPU Designers– Should provide an L1 table lookup instruction

which ensures that entire table is in L1 cache and also takes constant time to load a selected table entry.


47

Problem: Cache associativity is limited

• Most of CPU has 2-way associative L1 cache.• Each memory line can be placed in 2

locations of the cache.• But if there are more than two memory lines

with the same address modulo then any one has to be kicked out of L1 cache and hence this may leak timing information.– Advice for AES Implementers

• Place all the variables, input, key and the table into the cache, then they won’t kick each other out of the cache.


48

Problem: Code can be interrupted

• Assuming that all the S-box are already in the L1 cache and no other AES computation kicks S-box out of the L1 cache.

• Even then constant time cannot be guaranteed.– Interrupt like CPU timer.– Hyper threading etc.

• Advice for AES Implementers– Hyper threading feature should be disabled.– Implement AES as a part of the operating system kernel.

• Advice for CPU Designers– If AES is not implemented in the kernel then, this

unprivileged code can not disable all the interrupts. In that case the CPU should provide the facility of loading the original table back into the cache after the interrupt is processed but before AES processing starts back.


49

Summary

• The input dependent table lookup of AES result in the timing attack revealing the secret key.

Difficult to simulate exact copy of the target server.

This method also requires the knowledge of plaintext and its timing information.

There should be sufficient randomness in the plaintext.


50

References - I

1. AES Page available via http://www.nist.gov/CryptoToolkit/2. Federal Register: January 2, 1997 (Volume 62, Number 93),

available at [1].3. Federal Register: September 12, 1997 (Volume 62, Number 177),

available at [1].4. James Nechvatal, Elaine Barker, Lawrence Bassham, William Burr,

Morris Dworkin, James Foti, Edward Roback, “Report on the Development of the Advanced Encryption Standard (AES)”, October 2, 2000.

5. Journal of Research of the National Institute of Standards and Technology, “Report on the Development of the Advanced Encryption Standard (AES)” Volume 106, Number 3, May-June 2001.

6. Advance Encryption Standard, Federal Information Processing Standards (FIPS), publication 197, Computer Security Resource Center, National Institute for Standards and Technology (NIST), November 2001; http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.

http://www.nist.gov/CryptoToolkit/


51

References - II

7. WolframMathWorld, “Field”, http://mathworld.wolfram.com/Field.html.

8. J. Daemen and V. Rijmen, “AES Proposal: Rijndael, AES Algorithm” Submission, September 3, 1999, available at [1].

9. Daniel J. Bernstein, “Cache-timing attacks on AES”, 2005. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.

10.Definition of Side Channel Attacks - “Introduction to Side Channel Attacks” http://www.discretix.com/PDF/Introduction%20to%20Side%20Channel%20Attacks.pdf.

11.Definition of Side Channel Attacks from Wikipedia, http://en.wikipedia.org/wiki/Side_channel_attack.

12.D.A. Osvik, A. Shamir and E. Tromer. “Cache attacks and Counter-measures: the Case of AES”. In Cryptology ePrint Archive, Report 2005/271, 2005. http://citeseer.ist.psu.edu/osvik05cache.html

13.Joseph Bonneau and Ilya Mironov, “Cache-Collision Timing Attacks Against AES” , (Extended Version) revised 2005-11-20, www.stanford.edu/~jbonneau/AES_timing.pdf

http://mathworld.wolfram.com/Field.html

http://cr.yp.to/antiforgery/cachetiming-20050414.pdf

http://www.discretix.com/PDF/Introduction%20to%20Side%20Channel%20Attacks.pdf

http://www.discretix.com/PDF/Introduction%20to%20Side%20Channel%20Attacks.pdf

http://en.wikipedia.org/wiki/Side_channel_attack

http://citeseer.ist.psu.edu/osvik05cache.html

http://www.stanford.edu/~jbonneau/AES_timing.pdf

6/2/2015cache-timing attack on aes - sukesh jain 1 sukesh jain – 276904 media informatics...

Documents