Attacking AES using Bernstein's attack on modern processors

Abstract

The Advanced Encryption Standard (AES) was selected by NIST due to its heavy resistance against classical cryptanalysis like differential and linear cryptanalysis. Even after the appearance of the modern side-channel attacks like timing and power consumption side-channel attacks, NIST claimed that AES is not vulnerable to timing attacks. In 2005, Bernstein [6] has successfully attacked the OpenSSL AES implementation on a Pentium III processor and completely retrieved the full AES key using his cache timing side-channel attack. This paper reproduces Bernstein's attack on Pentium Dual-Core and Core 2 Duo processors. We have successfully attacked the AES implemented in the latest OpenSSL release 1.0.1c using the most recent GCC compiler 4.7.0 running on both Windows and Linux in some seconds by sending 222 plaintexts at most. We improved Bernstein's first round attack by using 2 way measurements. Instead of using only the above average timing information, we added the above minimum timing information which significantly improved the results. © 2013 Springer-Verlag Berlin Heidelberg.