Next Article in Journal
A 60-GHz Ultra-Thin and Flexible Metasurface for Frequency-Selective Wireless Applications
Next Article in Special Issue
Chaos-Based Physical Unclonable Functions
Previous Article in Journal
Microstructure and Mechanical Properties of Cement Mortar Containing Phase Change Materials
Previous Article in Special Issue
Machine-Learning-Based Side-Channel Evaluation of Elliptic-Curve Cryptographic FPGA Processor

Cache Misses and the Recovery of the Full AES 256 Key

Integrated Systems Lab, Universidad Politécnica de Madrid, ETSI Telecomunicación, 28040 Madrid, Spain
Center for Computational Simulation, Universidad Politécnica de Madrid, Campus de Montegancedo, 28660 Madrid, Spain
Authors to whom correspondence should be addressed.
Appl. Sci. 2019, 9(5), 944;
Received: 8 February 2019 / Revised: 24 February 2019 / Accepted: 27 February 2019 / Published: 6 March 2019
(This article belongs to the Special Issue Side Channel Attacks)
The CPU cache is a hardware element that leaks significant information about the software running on the CPU. Particularly, any application performing sequences of memory access that depend on sensitive information, such as private keys, is susceptible to suffer a cache attack, which would reveal this information. In most cases, side-channel cache attacks do not require any specific permission and just need access to a shared cache. This fact, combined with the spread of cloud computing, where the infrastructure is shared between different customers, has made these attacks quite popular. Traditionally, cache attacks against AES use the information about the victim to access an address. In contrast, we show that using non-access provides much more information and demonstrate that the power of cache attacks has been underestimated during these last years. This novel approach is applicable to existing attacks: Prime+Probe, Flush+Reload, Flush+Flush and Prime+Abort. In all cases, using cache misses as source of information, we could retrieve the 128-bit AES key with a reduction in the number of samples of between 93% and 98% compared to the traditional approach. Further, this attack was adapted and extended in what we call the encryption-by-decryption cache attack (EBD), to obtain a 256-bit AES key. In the best scenario, our approach obtained the 256 bits of the key of the OpenSSL AES T-table-based implementation using fewer than 10,000 samples, i.e., 135 milliseconds, proving that AES-256 is only about three times more complex to attack than AES-128 via cache attacks. Additionally, the proposed approach was successfully tested in a cross-VM scenario. View Full-Text
Keywords: side-channel cache attacks; cache misses; AES; cloud computing side-channel cache attacks; cache misses; AES; cloud computing
Show Figures

Figure 1

MDPI and ACS Style

Briongos, S.; Malagón, P.; de Goyeneche, J.-M.; Moya, J.M. Cache Misses and the Recovery of the Full AES 256 Key. Appl. Sci. 2019, 9, 944.

AMA Style

Briongos S, Malagón P, de Goyeneche J-M, Moya JM. Cache Misses and the Recovery of the Full AES 256 Key. Applied Sciences. 2019; 9(5):944.

Chicago/Turabian Style

Briongos, Samira, Pedro Malagón, Juan-Mariano de Goyeneche, and Jose M. Moya 2019. "Cache Misses and the Recovery of the Full AES 256 Key" Applied Sciences 9, no. 5: 944.

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

Back to TopTop