scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on AES

01 Nov 2013-Computers & Security (Elsevier)-Vol. 39, pp 173-189
TL;DR: A mathematical model is constructed to estimate the maximal number of leakage rounds that can be utilized and the minimal number of cache traces required for a successful MDATDCA on AES and attests that combining TDCAs with algebraic techniques is a very efficient way to improve cache attacks.
About: This article is published in Computers & Security.The article was published on 2013-11-01 and is currently open access. It has received 5 citations till now. The article focuses on the topics: AES implementations & Cache.

Summary (6 min read)

1. Introduction

  • Cache attacks are a class of Side-channel attacks (SCAs) that extract the secret from the behavior of cache in the processors.
  • Under error-free attack scenario2, the number of cache traces required to attack the AES implemented with a compact lookup table of 256 bytes can be reduced to only five.
  • Section 2 describes the notations used throughout the paper.

2. Notation

  • Throughout the paper, P denotes the public variable (plaintext or ciphertext) and K denotes the targeted secret variable (the master key or equivalent key).
  • Suppose each entry in the table has 2 e bytes and each cache line has 2δ bytes.
  • Assume qt is the t-th targeted cache events in TDCA and yt denotes the related table lookup index.

3. The TDCA Problem

  • The goal of TDCA is to extract the value of all ki in K (the secret key) from the knowledge of the pis (known public variables) and qjs (cache events).
  • Suppose the cache contains no data from the table before each encryption.
  • Otherwise, the assignment is an incorrect guess.
  • In TDCA, the adversary can analyze different table lookups and traces until the search space of K is reduced to a level where a brute-force attack is feasible.

4.1. AES implementations

  • All the AES implementations can be categorized into three types based on (1) gt, the number of the lookup tables; (2) gs, the size of the lookup tables; (3) gl, the number of lookups in one round that access the same table; (4) gc, the size of the cache line, where gc = 2 δ.
  • Note that the scope of this paper is about AES implementations that use one or more lookup tables for the sole S-Box, and not the lookup tables for the field multiplication in the MixColumns operation of AES [8].
  • Recall b is the number of bits revealed from one table lookup.

4.2. TDCA on AES of Type A

  • To further reduce the key search space and the number of plaintexts (or power traces) required, attacks in [8, 9, 10] also utilized some cache events in the second round.
  • In [8], equations are generated only from the cache hits as shown in Eq.(3).
  • To improve the attack, the work in [8] also considered the case where the first two lookups in the second round (q16 and q17) are cache hits.
  • The result in [8] is that 1280 chosen plaintexts are required to reduce the key search space to 224.

4.3. TDCA on AES of Type B

  • Acı̈ıçmez [4] presented the first TDCA on AES for such implementation, in which four lookup tables are used for each round and each is accessed four times.
  • More key bits can be derived via the analysis of the second round.
  • Acı̈ıçmez [4] also pointed out that TDCA on the third or the deeper rounds was an open problem.

4.4. TDCA on AES of Type C

  • The work in [5, 7] showed that under Type C implementations, TDCA on the final round of AES is much more effective than in the first round.
  • While in the last round, f t(·) becomes a complicated nonlinear function.

4.5. Limitation of previous TDCAs

  • Moreover, all current TDCA works are for AES-128.
  • As to AES with longer key lengths (e.g., AES-192 and AES-256), the key expansion algorithms become more complicated and the first 20 lookups only leak partial bits of the master key.
  • The manual representation of table indexes is awkward.
  • Combining algebraic techniques with TDCA seems to be interesting and promising.

5. MDASCA-based Trace Driven Cache Attacks (MDATDCAs)

  • In TDCA, the key issue is to obtain the cache events related to table lookups and to represent the possible (and/or impossible) candidates of lookup indexes with equations.
  • The work in [18] proposes a generic method to convert the multiple deductions into algebraic equations and applies it to TDCA.
  • Finally, the secret key is recovered by solving the whole equation system [21, 22].
  • More details about MDASCA can be found in [18].
  • Next, the authors will describe the core of MDATDCA, which is to represent cache hit and miss events with algebraic equations.

5.2. Representing a cache miss

  • Eji is also introduced as in Section 5.1.
  • They can be easily fed into a solver, e.g., the SAT solver CryptoMiniSAT [22], to recover the key.

6. Evaluation of MDATDCAs on AES

  • For simplicity, this section only estimates the number of rounds that can be exploited, and the number of cache traces required in MDATDCAs on AES-128 under the error-free attack scenario, where the cache does not contain any AES data prior to each encryption.
  • Extending these estimations to AES-192/256 is straightforward.

6.1. The Number of rounds that can be exploited

  • For convenience, D is used to denote the set of cache lines that will be filled up with data from lookup tables.
  • As long as D is not filled up, there may exist some cache misses (before qt) that can be used for key recovery.
  • For Type C, all the 16 lookups in the last round can be used for key recovery.

6.2. The Number of cache traces required

  • The work in [18] presents a preliminary study of estimating the minimal number of cache traces required in TDCA.
  • The authors introduce four metrics and adopt the information-theoretic approach to optimize the estimations on the minimal number of cache traces required for a successful MDATDCA.
  • Note that there are some intersects among.
  • Kt for different table lookups in practice, thus σi satisfies σi ≤ z=16i+15∑ z=16i πz (12) (4) τi: the maximal number of key bits recovered in the i-th round Let τ0, τ1, and τ9 denote the maximal number of the key bits recovered in the first, second and last round.
  • As τ0 bits are recovered in the first round, the authors only need to recover the remaining 128-τ0 bits in the second round.

7. Experiment Setup

  • The overall process of MDATDCA has been described in Section 5.
  • Due to the page limit, here the authors only list a few important details about the setup.
  • Each case will be repeated many times and referred to as instances.

7.1. Build the AES equation set

  • How to represent the S-Box is the most difficult part in algebraic analysis.
  • The authors adopt the technique in [23] to derive every S-Box output bit with high-degree equations (degree 7) from the eight S-Box input bits.

7.2. Profile the cache traces

  • This paper mainly focuses on the analysis part of MDATDCAs.
  • This can be achieved by modifying the AES source code in OpenSSL and generate the sequences of cache events under different configurations.
  • To prove the feasibility of MDATDCA, in Section 9, the authors conduct concrete MDATDCA experiments against AES implemented with 256B compact table on 32-bit ARM microprocessor NXP LPC2124.
  • In practice, the cache hits and misses are not always distinguishable from the EM traces, which are treated as uncertain cache events or errors.

7.3. Utilize the cache traces

  • The authors build additional equations from the generated cache events.
  • In order to verify these multiple solutions, the authors append a set of new equations which describes a full AES encryption with a pair of known plaintext and ciphertext.
  • Some instances cannot be solved within a day.
  • To accelerate the solving process, the authors give the guesses to nk key bits first and run the exhaustive search for all the 2nk guesses.
  • If the guess is correct, the solver can output the correct key within a reasonable amount of time.

7.4. Solve the equation system

  • Many automatic tools can be used, such as Gröbner basis-based [21], or SAT-based solver [22].
  • In Section 8, 9, and 10, three case studies are performed in MDATDCA on AES-128 considering different attack scenarios.

8. Case 1: Error-free MDATDCAs on AES

  • The authors conduct MDATDCA on AES under two assumptions.
  • The first is that the cache does not contain any AES data prior to each encryption.
  • The second is that the adversary can distinguish the cache miss event from the cache hit event precisely.

8.1. Data and time complexity

  • For each case, the authors run 100 instances where the correct values of nk key bits are fed into the equation set first).
  • Fig. 6(a)-6(i) show the distribution of the different solving times (in seconds) for the nine cases by analyzing N cache traces.
  • Similar observations are also reported in [14, 15].
  • The time required in attacking AES for Type A and Type C is less than Type B.
  • If the adversary has more computation power, the attack may require fewer cache traces.

8.2. Overhead for the equation system

  • The original AES with r rounds can be represented with a set of equations.
  • Suppose the number of equations and variables to represent this set are Nre and N r v respectively.
  • For the lookup qt, the overhead introduced can be calculated as in Section 5.1 and 5.2.
  • The ratio of Mre Nre and Mrv Nrv are denoted as EQr and VAr respectively.

8.3. Comparisons with previous work

  • The comparisons of MDATDCAs with previous work are listed in Table 3.
  • The first three columns describe the AES implementations.
  • The next three columns list the attacks, and the number of traces and rounds that are required.
  • The last column lists the reduced key search space.
  • The authors can see that MDATDCAs have better performances than all previous work in terms of both data and time complexity.

9. Case 2: Error-tolerant MDATDCAs on AES

  • Similar to [10], the authors implemented unprotected AES software implementations on a 32-bit ARM microprocessor NXP LPC2124 and profiled the cache collisions via EM probe.
  • The authors reset the cache to clear the AES data prior to each encryption.
  • The acquisition was performed with Langer RF-B 3-2 probe, Langer PA303N 30 dB preamplifier and Tektronix DPO 4104 oscilloscope.
  • For some table lookups, it is hard to tell whether they are cache miss or hit because the peak is not high enough.
  • Next, the authors describe the error-tolerant strategy and present the experimental results on AES.

9.1. Error tolerance strategy

  • In the attack, the authors set two thresholds of the amplitude peak value to deduce the cache events, the upper bound threshold VM and the lower bound threshold VH .
  • The authors adopt the following strategy to analyze each cache event.
  • Then D, the possible deduction set of d (〈yt〉b), is composed of the index set related to both previous cache miss events and uncertain cache events.
  • Thus, the set size sp is much larger than the one in error-free MDATDCA.
  • Note that as some uncertain cache events might be cache hit in reality, there might exist two or more deductions which are both equal to d.

2. qt is a miss.

  • Then the impossible deduction set of d(〈yt〉b) is only composed of the index set related to previous cache miss events.
  • Note that as some cache miss events in practice may be considered as uncertain cache events, the set size sn is much smaller than the one in error-free MDATDCA.

9.2. Experimental results and comparisons

  • The extensions to other cases are straightforward.
  • In practice, the error rate is about 40%.
  • Only 12 cache traces are required to break AES.
  • The authors can see that, their error-tolerant MDATDCA can analyze the cache events of the first three rounds and require less cache traces than [10].

10. Case 3: MDATDCAs on AES with Preloaded Cache

  • The MDATDCAs in Section 8 and 9 are all conducted assuming the cache is cleaned before the attack.
  • In practice, the cache might be partially filled with some lines of the lookup table, which is also named as TDCA in the partially preloaded cache scenario and widely studied in previous work [7, 9, 10].
  • This section presents the cache analysis strategy and experimental results of MDATDCAs on AES with partially preloaded cache.

10.1. Cache analysis strategy

  • Under this scenario, since some data of AES lookup table are already filled in the cache, more cache hit events can be observed for a single cache trace in practice.
  • Then, the cache hits that occur may correspond to preloaded lines, and no valuable information can be provided to the attack.
  • The authors utilized the cache miss events in their MDATDCA on AES.

10.2. Experimental results and comparisons

  • The comparisons of their results with previous work are depicted in Table 5.
  • The authors can see that, under partially preloaded cache scenario, less cache traces are required to break AES by MDATDCA than [10].
  • Even when ten of sixteen cache lines are preloaded into cache before the AES encryption, MDATDCA can still succeed within 120 cache traces, which is better than eight preloaded cache lines reported in [10].

11.1. Different difficulties in TDCAs on AES-128/192/256

  • All previous TDCA work targets AES-128 and can at most analyze 16 lookups in the first round and first 4 lookups in the second round.
  • Let P denote the plaintext, K0, K1, K2 be the round key of the first three rounds, and X1,X2 be the output of the first two rounds (f(·) be the round function).
  • The key leakages in TDCA on AES-128 are depicted in Fig.9.
  • Such preponderance does not exist when attacking AES-192 and AES-256, in which the key expansion algorithm is much more complicated and the second round key has little (e.g., AES-192) or no relation (e.g., AES-256) with the first round key.
  • Next, the authors show that why and how MDATDCA can be used to attack AES-192 and AES-256.

11.2. MDATDCA on AES-192

  • In total 144 key bits can be retrieved , which reduce the search space of the master key to 248.
  • The authors can see that, in order to recover the full 192 bits of the master key, three rounds of cache leakages have to be analyzed, which can be done with MDATDCA.
  • The authors show that 10 cache traces can recover AES key successfully within minutes on average under known plaintext and error-free scenario for the full attack.

11.3. MDATDCA on AES-256

  • In total 144 key bits can be retrieved and reduce the search space of the master key to 2112.
  • According to the key schedule of AES-256, the master key is just the concatenation of K0 and K1.
  • To break AES-256, analyzing at least the cache events of the first 3 rounds has to be considered and MDATDCA works well for this.
  • The authors show that 15 cache traces can recover the AES key within 30 minutes on average under known plaintext and error-free scenario for the full attack.

Did you find this useful? Give us your feedback

Citations
More filters
Journal ArticleDOI
TL;DR: The results show that the proposed version of AES is better in withstanding attacks and compared with the original AES based upon some parameters such as nonlinearity, resiliency, balancedness, propagation characteristics, and immunity.
Abstract: Advanced Encryption Standard (AES) is a standard algorithm for block ciphers for providing security services. A number of variations of this algorithm are available in network security domain. In spite of the strong security features, this algorithm has been recently broken down by the cryptanalysis processes. Therefore, it is required to improve the security strength of this algorithm as AES is popular in commercial use. In this paper, we have shown the reasons of the loopholes in AES and also have provided a solution by using our Symmetric Random Function Generator (SRFG). The use of randomness in the key generation process in block cipher is novel in this domain. We have also compared our results with the original AES based upon some parameters such as nonlinearity, resiliency, balancedness, propagation characteristics, and immunity. The results show that our proposed version of AES is better in withstanding attacks.

28 citations


Cites background from "A comprehensive study of multiple d..."

  • ...Multiple deductions-based algebraic trace driven cache attack on AES has been shown in [22]....

    [...]

Journal ArticleDOI
Ping Zhou, Tao Wang, Guang Li, Fan Zhang1, Xinjie Zhao 
TL;DR: The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed and how to select the optimal threshold based on Bayesian binary signal detection principal is also proposed.
Abstract: FLUSH+RELOAD attack is recently proposed as a new type of Cache timing attacks. There are three essential factors in this attack, which are monitored instructions, threshold and waiting interval. However, existing literature seldom exploit how and why they could affect the system. This paper aims to study the impacts of these three parameters, and the method of how to choose optimal values. The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed. How to select the optimal threshold based on Bayesian binary signal detection principal is also proposed. Meanwhile, the time sequence model of monitoring is constructed and the calculation of the optimal waiting interval is specified. Extensive experiments are conducted on RSA implemented with binary square-and-multiply algorithm. The results show that the average success rate of full RSA key recovery is 89.67%.

6 citations

Proceedings ArticleDOI
01 Oct 2018
TL;DR: This paper is provide support and background knowledge for new researchers in area of side channel attack in different environments and the strength of prevention method as well as drawbacks of that method.
Abstract: The Cloud Computing (CC) is famous due to shared resources technology. Cloud computing share resources among distrusting customers and provide on demand, cost effective, elasticity services. Due to rapid growth of cloud computing environment, vulnerabilities and their preventions methods are potential increase. We had seen that conventional prevention methods for Side Channel (SC) attack are not suitable for avoidance of cross-VM cashed based SC attacks.In 2016, shared technology issues is a one of top threat consider by cloud security alliance (CSA), which has been published in February 2016 in The Treacherous 12 [1]. This is a under top threat by CSA from last 5 year. In this paper we will discuss multiple method for performing side channel attack and prevention methods. We also discuss the strength of prevention method as well as drawbacks of that method. So that this paper will generate more research scope and new effective idea for prevention of side channel attack, this paper is provide support and background knowledge for new researchers in area of side channel attack in different environments.

4 citations


Cites methods from "A comprehensive study of multiple d..."

  • ...Paper Title Crypto System Algorithm used Severity In [21] Asymmetric AES HIGH ( Use two metrics: "expected number o f traces" and "average number of operations") In [23] Asymmetric RSA HIGH In [24] Asymmetric AES HIGH (proposed the numerous deductions -based algebraic side-channel attack to cope with the error in leakage capacity and to explo it new leakage Models)...

    [...]

Dissertation
28 Jul 2015

2 citations

References
More filters
Book ChapterDOI
24 Aug 2010
TL;DR: Two attacks that exploit cache events, which are visible in some side channel, to derive a secret key used in an implementation of AES using a new known plaintext attack that can recover a 128-bit key with approximately 30 measurements to reduce the number of key hypotheses to 230.
Abstract: In this paper we present two attacks that exploit cache events, which are visible in some side channel, to derive a secret key used in an implementation of AES. The first is an improvement of an adaptive chosen plaintext attack presented at ACISP 2006. The second is a new known plaintext attack that can recover a 128-bit key with approximately 30 measurements to reduce the number of key hypotheses to 230. This is comparable to classical Differential Power Analysis; however, our attacks are able to overcome certain masking techniques. We also show how to deal with unreliable cache event detection in the real-life measurement scenario and present practical explorations on a 32-bit ARM microprocessor.

37 citations


"A comprehensive study of multiple d..." refers background or methods in this paper

  • ...These channels are spy processes [1], timing information [2, 3] and power/electromagnetic (EM) traces [4, 5, 6, 7, 8, 9, 10, 11]....

    [...]

  • ...The above abstract model can help us to understand the TDCA problem and is generic to block ciphers using the S-Box (table) lookup structure [4, 5, 6, 7, 8, 9, 10, 11, 24, 25, 26, 27, 28]....

    [...]

  • ...For AES implemented with a compact table (256 bytes), TDCAs can exploit the cache events in the first round [6], or the first two rounds [8, 9, 10]....

    [...]

  • ...Different attack techniques can be developed to solve this problem, such as traditional TDCA technique [4, 5, 6, 7, 8, 9, 10, 11], MDASCA technique [18] or others to be proposed in the future....

    [...]

  • ...One is about exploiting new and real leakages in TDCAs, where cache traces were collected from real power consumptions in [8, 9] and from EM in [10]....

    [...]

Book ChapterDOI
03 May 2012
TL;DR: This work proposes a generic method, called Multiple Deductions-based ASCA (MDASCA), to cope with the multiple deductions caused by inaccurate measurements or interferences and shows that ASCA can exploit cache leakage models.
Abstract: Algebraic side-channel attack (ASCA) is a powerful cryptanalysis technique different from conventional side-channel attacks. This paper studies ASCA from three aspects: enhancement, analysis and application. To enhance ASCA, we propose a generic method, called Multiple Deductions-based ASCA (MDASCA), to cope the multiple deductions caused by inaccurate measurements or interferences. For the first time, we show that ASCA can exploit cache leakage models. We analyze the attacks and estimate the minimal amount of leakages required for a successful ASCA on AES under different leakage models. In addition, we apply MDASCA to attack AES on an 8-bit microcontroller under Hamming weight leakage model, on two typical microprocessors under access driven cache leakage model, and on a 32-bit ARM microprocessor under trace driven cache leakage model. Many better results are achieved compared to the previous work. The results are also consistent with the theoretical analysis. Our work shows that MDASCA poses great threats with its excellence in error tolerance and new leakage model exploitation.

36 citations


"A comprehensive study of multiple d..." refers background or methods or result in this paper

  • ...Different attack techniques can be developed to solve this problem, such as traditional TDCA technique [4, 5, 6, 7, 8, 9, 10, 11], MDASCA technique [18] or others to be proposed in the future....

    [...]

  • ...The work in Zhao et al. (2012) proposes a generic method to convert the multiple deductions into algebraic equations and applies it to TDCA....

    [...]

  • ...This paper performs a comprehensive study of MDASCA-based TDCAs (MDATDCA) on most of the AES implementations that are widely used....

    [...]

  • ...For example, d¼ 4 for Type A, but if we set the threshold to 3600 s, only 5 cache traces are required (Zhao et al., 2012)....

    [...]

  • ...[18] in COSADE 2012 is a generic method to exploit many types of side-channels leakages with algebraic techniques....

    [...]

Posted Content
TL;DR: Wang et al. as mentioned in this paper presented an improved cache trace attack on AES and CLEFIA by considering Cache miss trace information and S-box misalignment, and obtained 128-bit AES-128 key for about 220 samples within seconds.
Abstract: This paper presents an improved Cache trace attack on AES and CLEFIA by considering Cache miss trace information and S-box misalignment. In 2006, O. Aciicmez et al. present a trace driven Cache attack on AES first two rounds, and point out that if the Cache element number of the Cache block is 16, at most 48-bit of AES key can be obtained in the first round attack. Their attack is based on the ideal case when S-box elements are perfected aligned in the Cache block. However, this paper discovers that, the S-box elements are usually misaligned, and due to this feature and by considering Cache miss trace information, about 200 samples are enough to obtain full 128-bit AES key within seconds. In 2010, Chester Rebeiro et al. present the first trace driven Cache attack on C LEFIA by considering Cache hit information and obtain 128bit key with 2 CLEFIA encryptions. In this paper, we present a new attack on CLEFIA by considering Cache miss information and S-box misalignment features, finally successfully obtain CLEFIA-128 key for about 220 samples within seconds.

35 citations

Book ChapterDOI
14 Feb 2011
TL;DR: The paper shows that although obtaining cache access patterns from the power consumption of the device may be difficult due to the non-blocking cache architectures of modern processors, still the cache trace has a distinct signature on the power profiles.
Abstract: In this paper we use a combination of differential techniques and cache traces to attack the block cipher CLEFIA in less than 214 encryptions on an embedded processor with a cache line size of 32 bytes. The attack is evaluated on an implementation of CLEFIA on the PowerPC processor present in the SASEBO side channel attack evaluation board. The paper shows that although obtaining cache access patterns from the power consumption of the device may be difficult due to the non-blocking cache architectures of modern processors, still the cache trace has a distinct signature on the power profiles. Experimental results have been presented to show that the power consumption of the device reveal the cache access patterns, which are then used to obtain the CLEFIA key. Further, a simple low overhead countermeasure is implemented that is guaranteed to prevent cache attacks.

29 citations


"A comprehensive study of multiple d..." refers background or methods in this paper

  • ...…(table) lookup structure (Acıı̈çmez and Koç, 2006a, 2006b; Bertoni et al., 2005; Bonneau, 2006; Fournier and Tunstall, 2006; Gallais et al., 2011; Gallais and Kizhvatov, 2011; Lauradoux, 2005; Poddar et al., 2011; Rebeiro and Mukhopadhyay, 2010, 2011; Rebeiro et al., 2011; Zhao and Wang, 2010)....

    [...]

  • ...The above abstract model can help us to understand the TDCA problem and is generic to block ciphers using the S-Box (table) lookup structure [4, 5, 6, 7, 8, 9, 10, 11, 24, 25, 26, 27, 28]....

    [...]

  • ...Note that MDATDCA can also be extended to improve TDCAs on other block ciphers, such as Camellia [24] and CLEFIA [25, 26, 27, 28]....

    [...]

Posted Content
TL;DR: This paper interprets cache trace data available as binary constraints on pairs of key bytes then reduces key search to a constraint-satisfaction problem, guaranteeing that an attacker is guaranteed to perform as little search as is possible given a set of cache traces, leading to a natural tradeoff between online collection and offline processing.
Abstract: This paper describes an algorithm to attack AES using sidechannel information from the final round cache lookups performed by the encryption, specifically whether each access hits or misses in the cache, building off of previous work by Aciicmez and Koc [AK06]. It is assumed that an attacker could gain such a trace through power consumption analysis or electromagnetic analysis. This information has already been shown to lead to an effective attack. This paper interprets cache trace data available as binary constraints on pairs of key bytes then reduces key search to a constraint-satisfaction problem. In this way, an attacker is guaranteed to perform as little search as is possible given a set of cache traces, leading to a natural tradeoff between online collection and offline processing. This paper also differs from previous work in assuming a partially pre-loaded cache, proving that cache trace attacks are still effective in this scenario with the number of samples required being inversely related to the percentage of cache which is pre-loaded.

29 citations


"A comprehensive study of multiple d..." refers background or methods or result in this paper

  • ...8a [19] Type B,C 5 1KB 4,16 16B, 32B, 64B etc [5, 7] AES in OpenSSL v0....

    [...]

  • ...These channels are spy processes [1], timing information [2, 3] and power/electromagnetic (EM) traces [4, 5, 6, 7, 8, 9, 10, 11]....

    [...]

  • ...The above abstract model can help us to understand the TDCA problem and is generic to block ciphers using the S-Box (table) lookup structure [4, 5, 6, 7, 8, 9, 10, 11, 24, 25, 26, 27, 28]....

    [...]

  • ...In the attacks on AESwith large lookup tables (e.g., 1 K bytes), TDCAs can exploit cache events in the first round (Lauradoux, 2005), the first two rounds (Acıı̈çmez andKoç, 2006a) or the last round (Acıı̈çmez and Koç, 2006b; Bonneau, 2006)....

    [...]

  • ...Different attack techniques can be developed to solve this problem, such as traditional TDCA technique [4, 5, 6, 7, 8, 9, 10, 11], MDASCA technique [18] or others to be proposed in the future....

    [...]

Frequently Asked Questions (2)
Q1. What are the contributions in "A comprehensive study of multiple deductions-based algebraic trace driven cache attacks on aes" ?

This paper performs a comprehensive study of MDASCA-based TDCAs ( MDATDCA ) on most of the AES implementations that are widely used. How to utilize the cache events with MDATDCA is presented and the overhead is also calculated. To evaluate MDATDCA on AES, this paper constructs a mathematical model to estimate the maximal number of leakage rounds that can be utilized and the minimal number of cache traces required for a successful MDATDCA. For the first time, the authors show that TDCAs on AES-192 and AES-256 become possible with the MDATDCA technique. 

The study of the trade-off between the data and time complexity in online and offline phases of MDATDCA, how to further quantized evaluating MDATDCA in the contributions of the leaked key bits from cache events to the recovery of the maser key of AES, how to evaluate MDATDCA on AES in case of error-tolerant and pre-loaded cache attack scenarios, how to develop new attack techniques to solve the TDCA problem might also be interesting problems in the future. The authors hope this paper can bring the understanding of both ASCA and TDCA to a new level, and help to evaluate the physical security of block cipher implementations.