Modified cache template attack on AES

Abstract

CPU caches are powerful sources of information leakage. To develop practical cache-based attacks, the need for automation of the process of finding exploitable cachebased side-channels in computer systems is felt more than ever. Cache template attack is a generic technique that utilizes Flush+Reload attack in order to automatically exploit cache vulnerability of Intel platforms. Cache template attack on the T-table-based AES implementation consists of two phases including the profiling phase and key exploitation phase. Profiling is a preprocessing phase to monitor dependencies between the secret key and behavior of the cache memory. In addition, the addresses of T-tables can be obtained automatically. At the key exploitation phase, Most Significant Bits (MSBs) of the secret key bytes are retrieved by monitoring the exploitable addresses. This study proposed a simple yet effective searching technique, which accelerates the profiling phase by a factor of utmost 64. In order to verify the theoretical model of our technique, the mentioned attack on AES was implemented. The experimental results revealed that the profiling phase runtime of the cache template attack was approximately 10 minutes, while the proposed method could speed up the running of this phase up to almost 9 seconds.