6/2/2015cache-timing attack on aes - sukesh jain 1 sukesh jain – 276904 media informatics...
Post on 19-Dec-2015
219 views
TRANSCRIPT
04/18/23 Cache-timing Attack on AES - Sukesh Jain
1
Sukesh Jain – 276904Media Informatics
Cache-timing Attack on AESComputer Security Seminar
04/18/23 Cache-timing Attack on AES - Sukesh Jain
2
• What is AES?
• Development Process of AES
• AES Algorithm
• Efficient Implementation Technique
• Cache-timing Attack on AES
• Prevention of Attack
• Summary
Agenda
04/18/23 Cache-timing Attack on AES - Sukesh Jain
3
• AES stands for Advanced Encryption Standards.
• NIST selected Rijndael as the proposed AES algorithm.
• Pronunciation alternatives of Rijndael: "Reign Dahl," "Rain Doll"
and "Rhine Dahl.“
• Rijndael was proposed by Dr. Vincent Rijmen and Dr. Joan
Daemen from Belgium
• As a replacement for DES.
• Symmetric
• Block Cipher
• 128 bit Data and Key size of 128, 192 and 256 bits.
• Resistant to known attacks.
What is AES?
04/18/23 Cache-timing Attack on AES - Sukesh Jain
4
Development Process of AES
• Development Process was known for its openness and transparency.
• For the first time general public was involved in the development process.
• January 2, 1997 - NIST decided to develop AES.
• Goal:– To develop a Federal Information Processing Standard
(FIPS).
– To be used by the U.S Government to protect its sensitive unclassified information.
– Should be available to public on royalty-free basis.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
5
Development Process of AES – Acceptability Criteria
• September 12, 1997 - NIST made a formal
call for the algorithms
• Acceptability Criteria:
– Symmetric Key Encryption
– Block Cipher
– Key-Block combination of 128-128, 192-128 and
256-128 bits (Scalability).
– Should be available to public on royalty-free
basis.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
6
Development Process of AES – Evaluation Criteria I
• 21 Algorithms were received.
• NIST evaluated these algorithms against
the following criteria ranked according
to their relative importance:
– Security
– Cost
– Algorithm & Implementation Characteristics
04/18/23 Cache-timing Attack on AES - Sukesh Jain
7
Development Process of AES – Evaluation Criteria II
• Security– Effort required for cryptanalysis– Mathematical Basis of the algorithm– Security Issues raised by public.
• Cost– Licensing requirements– Computational efficiency– Memory requirements
• Algorithm & Implementation Characteristics– Flexibility– Hardware & Software suitability– Simplicity
04/18/23 Cache-timing Attack on AES - Sukesh Jain
8
Development Process of AES – Important Milestones I
• January 2, 1997: NIST decides on AES development.• April 2, 1997: Deadline for Comments on Proposal of AES.• April 15, 1997: Workshop on evaluation Criteria.• September 12, 1997: Formal call for Algorithms• April 15, 1998: Deadline for completeness review by NIST.• May 15, 1998: Deadline time for any changes.• June 15, 1998: Deadline for submission of final Algorithm. 21
Submission were received.• August 20-22, 1998: NIST announces the 15 candidate
algorithm from 12 different countries at the First AES Candidate Conference held in Ventura, California.
• March 22-23, 1999: For the first time the conference was held outside U.S. Second AES Candidate Conference was held in Rome, Italy.
• April 15, 1999: Deadline for initial public review of the algorithm.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
9
Development Process of AES – Important Milestones II
• August 9, 1999: NIST announces the final five candidates for the AES. They are : – MARS– RC6– Rijndael– Serpent– Twofish
• April 13-14, 2000: Third AES Candidate Conference was held at the Hilton New York and Towers in New York, USA.
• October 2, 2000: Rijndael (but only key lengths of 128, 192 & 256 bits) was chosen for AES by NIST after very long and complex evaluation process.
• February 28, 2001: Federal Information Processing Standard (FIPS) for AES was available for public review.
• November 26, 2001: AES was adopted as a standard.• December 4, 2001: FIPS 197 was published in the Federal
Register.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
10
AES Algorithm
• Mathematical Preliminaries– Field
– Finite Field
– Finite Field Operations
– Polynomials with Coefficients in GF(28)
• Algorithm Specification
• Encryption Process
• Decryption Process
04/18/23 Cache-timing Attack on AES - Sukesh Jain
11
Mathematical Preliminaries - Field
• Field:– Set M with two binary operators ‘+’ & ‘*’ : M x M
M.
– Result of ‘+’ & ‘*’ operation must be an element of set M itself.
– Satisfies field axioms of Commutative, Associative, identity (this indicates set must contain ‘0’ & ‘1’) and Inverse (except ‘0’ doesn’t have multiplicative inverse) for both ‘+’ & ‘*’ operation.
– Also Distributive Property.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
12
Mathematical Preliminaries - Finite Field
• Finite Field:– Finite field order (finite number of elements)– Also known as Galois field.– Field order always a prime or a power of a prime – Various notations like Fpn , GF(pn) or GF(q) where
q = pn and p is prime. If q is prime, the elements 0,1,...,q-1 form the field GF(q) under modulo q addition and multiplication.
– Example of Galois Field is GF(22) with irreducible polynomial f(x) = x2+ x + 1. This field has four elements {0, 1, x, x+1}. The coefficient of x can be either 0 or 1.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
13
Mathematical Preliminaries - Finite Field Operations
• Finite Field Operations over GF(2)– Addition
• XOR operation denoted by the symbol .
• Modulo 2 additions of the coefficients of the corresponding powers of the polynomial.
– Subtraction• Similar to addition.
– Multiplication• Multiplication is denoted by •.• Multiplication modulo an irreducible polynomial of degree 8 to reduce
the degree of the result back to less than 8 so, that it can be represented in a byte.
• The irreducible polynomial used in AES is m(x) = x8 + x4 + x3 + x + 1.• Multiplicative inverse of any non zero binary polynomial b(x) of degree
less than 8 can be found using the extended Euclidean algorithm
04/18/23 Cache-timing Attack on AES - Sukesh Jain
14
Mathematical Preliminaries - Polynomials with Coefficients in GF(28)
• Polynomials with Coefficients in GF(28)– Consider a 32 bit word polynomial where each coefficient is a
finite field element i.e. each coefficient is of 8 bits.a(x) = a3x3 + a2x2 + a1x + a0
– a(x) can also be denoted as [a0, a1, a2, a3].– Now addition of two polynomials is given by
a(x) + b(x) = (a3 b3)x3 + (a2 b2)x2 + (a1 b1)x + (a0 b0)– Multiplication of two 32 bit word polynomial is the product of
two polynomials. This may result in a polynomial of degree greater than 4 and hence the resultant polynomial is reduced by modulo a polynomial of degree 4 to make it 32 bit word.
– In case of AES the modulo polynomial used is x4 + 1.– x4 + 1 is a reducible polynomial. Hence the multiplication may
not be invertible. For this reason AES uses a fixed four term polynomial which has the inverse.
a(x) = {0x03}x3 + {0x01}x2 + {0x01}x + {0x02}a-1(x) = {0x0b}x3 + {0x0d}x2 + {0x09}x + {0x0e}
04/18/23 Cache-timing Attack on AES - Sukesh Jain
15
Algorithm Specification - I
• The State– Intermediate two dimensional array of bytes on
which all the operations are performed.– It has 4 rows and ‘Nb’ columns.– ‘Nb’ depends upon the block length and given
by block length divided by the word length (usually 32 bits).
– For AES-128 ‘Nb’ is 4 (128/32).– In the beginning of encryption and decryption
the input is copied to the state array and at the end the state is copied back to the output array.
s[r, c] = in[r + 4c] for 0 r < 4&0 c < Nb.
out[r + 4c] = s[r, c] for 0 r < 4&0 c < Nb.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
16
Algorithm Specification - II
• Number of rounds ‘Nr’ depends upon the cipher key size and is given in the table below.
AES Version
Key Length
(Nk words)
Block Size(Nb
words)
Number ofRounds
(Nr)
AES-128 4 4 10
AES-192 6 4 12
AES-256 8 4 14
04/18/23 Cache-timing Attack on AES - Sukesh Jain
17
Encryption Process - I
Source: www.quadibloc.com/crypto/images/rijnov.gif
Source: http://klabs.org/mapld05/presento/103_swankoski_p.ppt
04/18/23 Cache-timing Attack on AES - Sukesh Jain
18
Encryption Process – SubBytes - I
• S-box lookup (16x16 bytes containing a permutation of all 256 (8-bit) values).
• Non-linear.• Two steps to create S-box:
– Multiplicative inverse in the finite field GF(28) (zero mapped to itself).
– Affine transformation is applied over finite field GF(2).b′i = bi b(i+4) mod 8 b(i+5) mod 8 b(i+6) mod 8 b(i+7) mod 8 ci
– for 0 ≤ i < 8, where bi is the ith bit of the State byte and ci is the ith bit of byte c with a value of {0x63} or {01100011}.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
19
Encryption Process – SubBytes - II
• The matrix form of the affine transformation would be
04/18/23 Cache-timing Attack on AES - Sukesh Jain
20
Encryption Process – ShiftRows - I
• Cyclically left shifts last three rows of the State array.
• Number of bytes to be shifted depends upon:– The row number in the State array– The version of AES algorithm.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
21
Encryption Process – ShiftRows - II
• ShiftRows transformation is given by
S′r,c = Sr,(c+shift(r, Nb)) mod Nb for 0 < r < 4 & 0 ≤ c < Nb
• The value of shift(r, Nb) depends upon the row number r as mentioned earlier.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
22
Encryption Process – MixColumns - I
• Each column of the State array is treated as a four term polynomial over finite field GF(28).
• This polynomial is multiplied modulo x4+1 with a fixed polynomial a(x)
• a(x) = {0x03}x3 + {0x01}x2 + {0x01}x + {0x02}
04/18/23 Cache-timing Attack on AES - Sukesh Jain
23
Encryption Process – MixColumns - II
• x4+1 is not irreducible.• Hence the result may not be invertible.• Therefore select a fixed polynomial whose
inverse exist.
Fig : Matrix form of multiplication modulo
04/18/23 Cache-timing Attack on AES - Sukesh Jain
24
Encryption Process – AddRoundKey
• Bitwise XOR of the Round Key obtained through the Key Schedule with the State array.
[s′0,c s′1,c s′2,c s′3,c] = [s0,c s1,c s2,c s3,c] [wround*Nb+c]
for 0 ≤ c < Nb & 0 ≤ round ≤ Nr
04/18/23 Cache-timing Attack on AES - Sukesh Jain
25
Decryption Process
Source: http://ece.ut.ac.ir/classpages/F85/NetworkSecurity/slides/session_07.ppt
04/18/23 Cache-timing Attack on AES - Sukesh Jain
26
Decryption Process - InvShiftRows
• Inverse of ShiftRows• Cyclically right shifts last three
rows of the State array.• Number of bytes to be shifted
depends upon:– The row number in the State array– The version of AES algorithm.
• InvShiftRows transformation is given by
S′r,(c+shift(r, Nb)) mod Nb = Sr,c for 0 < r < 4 & 0 ≤ c <
Nb
• The value of shift(r, Nb) depends upon the row number r as mentioned earlier.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
27
Decryption Process - InvSubBytes
• Inverse S-box look up for each byte of the State array.
• Construction of inverse S-box involves two steps:– Inverse affine
transformation is applied to each byte of the state array
– Multiplicative inverse is looked up in the finite field GF(28).
04/18/23 Cache-timing Attack on AES - Sukesh Jain
28
Decryption Process - InvMixColumns
• Each column of the State array is treated as a four term polynomial over finite field GF(28).
• The polynomial is multiplied modulo x4+1 with the inverse of fixed polynomial a(x) i.e. a-1(x).
• a-1(x) = {0x0b}x3 + {0x0d}x2 + {0x09}x + {0x0e}
s′(x) = s(x) a-1(x)
04/18/23 Cache-timing Attack on AES - Sukesh Jain
29
Decryption Process – Inverse AddRoundKey
• AddRoundKey transformation make use of simple XOR operation.
• Hence it is its own inverse.
• http://www-math.uni-paderborn.de/~aggathen/rijndael/2001/flussvisualisierung/
• Here one can find a good visualization of AES. It makes use of different colors to represent each byte and then how the bytes go through the transformation during the AES process.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
30
Efficient Implementation Technique - I
• Consider the output ei,j of a round function of one row of the State array ai,j where i denote the row number and j denote the column number. 0,j 0,j 0,j
1,j 1,j 1,j
2,j 2,j 2,j
3,j 3,j 3,j
e d k
e d k
e d k
e d k
AddRoundKey transformation
MixColumns transformation
0,j 0,j
1,j 1,j
2,j 2,j
3,j 3,j
0 02 0 03 0 01 0 01
0 01 0 02 0 03 0 01
0 01 0 01 0 02 0 03
0 03 0 01 0 01 0 02
d cx x x xd cx x x x
d x x x x c
x x x xd c
04/18/23 Cache-timing Attack on AES - Sukesh Jain
31
Efficient Implementation Technique - II
• ShiftRows Transformation– In (j-C1), C1 denote the number of bytes to be shifted as shown
by the table in the Encryption process – ShiftRows – II section.
• SubBytes Transformationbi,j = S[ai,j]
• By Substituting the above equations can be combined into a single equation given by:
0, j 0, j
1, j 1, (j - C1) mod Nb
2, j 2, (j - C2) mod Nb
3, j 3, (j - C3) mod Nb
c b
c b
c b
c b
0,j0, j
1, (j - C1) mod Nb1, j
2, j 2, (j - C2) mod Nb
3, j3, (j - C3) mod Nb
0 02 0 03 0 01 0 01
0 01 0 02 0 03 0 01
0 01 0 01 0 02 0 03
0 03 0 01 0 01 0 02
S ae x x x x
S ae x x x x
e x x x x S ae x x x x
S a
0, j
1, j
2, j
3, j
k
k
k
k
04/18/23 Cache-timing Attack on AES - Sukesh Jain
32
Efficient Implementation Technique - III
• The previous equation can be rewritten as
• Now we can define 4 Tables:
0, j
1, j
0, 1,( 1)mod 2,( 2)mod 3,( 3)mod2, j
3, j
0 02 0 03 0 01 0 01
0 01 0 02 0 03 0 01[ ] [ ] [ ] [ ]
0 01 0 01 0 02 0 03
0 03 0 01 0 01 0 02
j j C Nb j C Nb j C Nb
e x x x x
e x x x xs a s a s a s a
e x x x x
e x x x x
0, j
1, j
2, j
3, j
k
k
k
k
[ ] 0 02
[ ][ ]
[ ]
[ ] 0 03
o
S a x
S aT a
S a
S a x
1
[ ] 0 03
[ ] 0 02[ ]
[ ]
[ ]
S a x
S a xT a
S a
S a
2
[ ]
[ ] 0 03[ ]
[ ] 0 02
[ ]
S a
S a xT a
S a x
S a
3
[ ]
[ ][ ]
[ ] 0 03
[ ] 0 02
S a
S aT a
S a x
S a x
04/18/23 Cache-timing Attack on AES - Sukesh Jain
33
Efficient Implementation Technique - IV
• Each Table occupies 1KB (256 *4) and in total 4 tables occupies 4KB.
• Finally the output of a round function can be expressed as a lookup of these 4 tables.
• Since there is no MixColumns transformation in the last round and hence we lookup S-box ‘S’ tables instead of these ‘T’ tables for the last round.
j 0 0,j 1 1,(j-C1) mod Nb 2 2,(j-C2) mod Nb 3 3,(j-C3) mod Nb j= [a ] [a ] [a ] [a ] ke T T T T
04/18/23 Cache-timing Attack on AES - Sukesh Jain
34
Efficient Implementation Technique - V
• These 4 table lookup can further be reduced to
single table lookup with additional 3 rotations
per round per column. In this case the total
table size is reduced from 4KB to 1KB.
• Moreover Key Expansion consist of 32 bit word
XORs, S-box lookup and a cyclic shift of 8-bits
which can be implemented very efficiently.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
35
Cache-timing Attack on AES - I
• Cache-timing attack is one form of the “Side-channel attacks”.
• “Side-channel attacks” are the attacks that recover the secret key based on the “Side Channel Information” of the physical device on which the algorithm is implemented rather than the weakness of the algorithm or by making use of either plain text (input) or cipher text.
• Side channel Information:– Power consumption– Time (time taken by the process or the movement of
data into either CPU or memory)– Noise etc
04/18/23 Cache-timing Attack on AES - Sukesh Jain
36
Cache-timing Attack on AES - II
• Timing Attack:– Takes into account the time taken to perform an encryption.
– Varies based on the secret data to be encrypted.
• According to Daniel J. Bernstein, it is the weakness of AES that reveals the timing information.
• AES algorithm relies heavily on the table lookup.
• The table lookup depends upon the input (k[i]n[i]) and hence it doesn’t result in constant time.
• Thus the attacker can make use of this table look up to deduce the key k[i] as a timing function of n[i].
04/18/23 Cache-timing Attack on AES - Sukesh Jain
37
Cache-timing Attack on AES - Overview
• The steps involved in the attack:– Measure the timing information for different
values of n[i] for large set of data on target server.
– Total the time for each value of n[i].– Find the maximum time involved for which value
of n[i] say 147.– Simulates or make exact copy (same AES
software, same CPU etc) of the target server on which the above step was carried.
– Measure the maximum time for the combination of known key and the plain text k[i] n[i] say 8.
– From this one can calculate the key offset, revealing the key k[i] i.e. 147 8 = 155.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
38
Cache-timing Attack on AES - Server Program
• Server Program
– Makes use of OpenSSL AES implementation.
– Returns the scrambled zero.
– To reduce the amount of noise in the timing
information.
– But the noise doesn’t prevent the attack itself,
it is just that large number of packets are then
required to average out the effect of noise.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
39
Cache-timing Attack on AES - Preparation of Attack - I
• Runs the server program with known key of all zeros.
• Collects the reference timing information by sending random number of 400 (600, 800) byte packets to the simulated server using the study program from another x86 system.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
40
Cache-timing Attack on AES - Preparation of Attack - II
04/18/23 Cache-timing Attack on AES - Sukesh Jain
41
Cache-timing Attack on AES - Carrying out the attack - I
• Runs the server program with secret key (/dev/urandom).
• Collects the timing information using the study program by sending random number of 400 (600, 800) byte packets.
• Correlate the two timing informations to find the offset of the possible keys k[i] , there by revealing the key k[i].
04/18/23 Cache-timing Attack on AES - Sukesh Jain
42
Cache-timing Attack on AES - Carrying out the attack - II
04/18/23 Cache-timing Attack on AES - Sukesh Jain
43
Reference timing data for each xi Timing data from a target machine
for the plaintext byte pi
The target machine’s timing data is exactly ki offset apart from the reference timing data and thereby revealing the secret key.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
44
Prevention of Attack
• Constant time AES software– Table lookup should be independent of the input and key.
– Table lookup should be replaced by the short bitwise operations like XOR.
Would result in constant time.
Would take longer time compared to the table lookup.
• How to find whether given AES software takes constant time.– Collect timing information for different inputs and see if it all
takes constant time.• Even this cannot guarantee that AES software takes constant
time.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
45
Problem: Cache is faster than DRAM
• Advice for AES Implementers
– AES S-boxes should be in the cache throughout the AES
computation
– S-boxes can be kicked out of the cache by AES
computation itself or by other process running on the
system.
• Advice for CPU Designers
– Should provide a constant time S-box lookup instruction
solving the problem not only for AES but also for all those
processes making use of table lookups.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
46
Problem: L1 cache is faster than L2 cache
• Advice for AES Implementers– AES S-boxes should be in the L1 cache
throughout the AES computation– S-boxes can be kicked out of the L1 cache to
make room for other AES computation itself or other processes or interrupts etc.
• Advice for CPU Designers– Should provide an L1 table lookup instruction
which ensures that entire table is in L1 cache and also takes constant time to load a selected table entry.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
47
Problem: Cache associativity is limited
• Most of CPU has 2-way associative L1 cache.• Each memory line can be placed in 2
locations of the cache.• But if there are more than two memory lines
with the same address modulo then any one has to be kicked out of L1 cache and hence this may leak timing information.– Advice for AES Implementers
• Place all the variables, input, key and the table into the cache, then they won’t kick each other out of the cache.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
48
Problem: Code can be interrupted
• Assuming that all the S-box are already in the L1 cache and no other AES computation kicks S-box out of the L1 cache.
• Even then constant time cannot be guaranteed.– Interrupt like CPU timer.– Hyper threading etc.
• Advice for AES Implementers– Hyper threading feature should be disabled.– Implement AES as a part of the operating system kernel.
• Advice for CPU Designers– If AES is not implemented in the kernel then, this
unprivileged code can not disable all the interrupts. In that case the CPU should provide the facility of loading the original table back into the cache after the interrupt is processed but before AES processing starts back.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
49
Summary
• The input dependent table lookup of AES result in the timing attack revealing the secret key.
Difficult to simulate exact copy of the target server.
This method also requires the knowledge of plaintext and its timing information.
There should be sufficient randomness in the plaintext.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
50
References - I
1. AES Page available via http://www.nist.gov/CryptoToolkit/2. Federal Register: January 2, 1997 (Volume 62, Number 93),
available at [1].3. Federal Register: September 12, 1997 (Volume 62, Number 177),
available at [1].4. James Nechvatal, Elaine Barker, Lawrence Bassham, William Burr,
Morris Dworkin, James Foti, Edward Roback, “Report on the Development of the Advanced Encryption Standard (AES)”, October 2, 2000.
5. Journal of Research of the National Institute of Standards and Technology, “Report on the Development of the Advanced Encryption Standard (AES)” Volume 106, Number 3, May-June 2001.
6. Advance Encryption Standard, Federal Information Processing Standards (FIPS), publication 197, Computer Security Resource Center, National Institute for Standards and Technology (NIST), November 2001; http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
04/18/23 Cache-timing Attack on AES - Sukesh Jain
51
References - II
7. WolframMathWorld, “Field”, http://mathworld.wolfram.com/Field.html.
8. J. Daemen and V. Rijmen, “AES Proposal: Rijndael, AES Algorithm” Submission, September 3, 1999, available at [1].
9. Daniel J. Bernstein, “Cache-timing attacks on AES”, 2005. http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
10.Definition of Side Channel Attacks - “Introduction to Side Channel Attacks” http://www.discretix.com/PDF/Introduction%20to%20Side%20Channel%20Attacks.pdf.
11.Definition of Side Channel Attacks from Wikipedia, http://en.wikipedia.org/wiki/Side_channel_attack.
12.D.A. Osvik, A. Shamir and E. Tromer. “Cache attacks and Counter-measures: the Case of AES”. In Cryptology ePrint Archive, Report 2005/271, 2005. http://citeseer.ist.psu.edu/osvik05cache.html
13.Joseph Bonneau and Ilya Mironov, “Cache-Collision Timing Attacks Against AES” , (Extended Version) revised 2005-11-20, www.stanford.edu/~jbonneau/AES_timing.pdf