Article: Cache-collision side-channel analysis and attacks against AES-GCM Journal: International Journal of Big Data Intelligence (IJBDI) 2020 Vol.7 No.4 pp.211 - 217 Abstract: Data security is an important issue in big data applications. The sheer data volume provides way more opportunities for a potential attacker to observe and identify patterns in computation and data. In this paper, we reveal that the data/computation patterns derived from the observation of large volume of data can be associated with the key used in the AES-GCM algorithm, one of the foundation algorithms in data security. The paper presents a software-based cache-collision timing attack against the well known authenticated encryption scheme AES-GCM. The attack can be successful if enough data (plaintext-ciphertext pairs) are processed and the hash key H used for generating look-up tables in software implementation. We present an attack model and an implementation of the attack based on OpenSSL, a widely used library that provides security-related functions for many applications. In most cases, our attack methodology is able to converge and extract the hidden key. Inderscience Publishers - linking academia, business and industry through research

Title: Cache-collision side-channel analysis and attacks against AES-GCM

Authors: James Huang; Xiaoming Li

Addresses: Department of Electrical and Computer Engineering, University of Delaware, USA ' Department of Electrical and Computer Engineering, University of Delaware, USA

Abstract: Data security is an important issue in big data applications. The sheer data volume provides way more opportunities for a potential attacker to observe and identify patterns in computation and data. In this paper, we reveal that the data/computation patterns derived from the observation of large volume of data can be associated with the key used in the AES-GCM algorithm, one of the foundation algorithms in data security. The paper presents a software-based cache-collision timing attack against the well known authenticated encryption scheme AES-GCM. The attack can be successful if enough data (plaintext-ciphertext pairs) are processed and the hash key H used for generating look-up tables in software implementation. We present an attack model and an implementation of the attack based on OpenSSL, a widely used library that provides security-related functions for many applications. In most cases, our attack methodology is able to converge and extract the hidden key.

Keywords: data-pattern; cache-collision; AES-GCM.

DOI: 10.1504/IJBDI.2020.113875

International Journal of Big Data Intelligence, 2020 Vol.7 No.4, pp.211 - 217

Received: 09 Apr 2020
Accepted: 06 Sep 2020
Published online: 31 Mar 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Cache-collision side-channel analysis and attacks against AES-GCM

Keep up-to-date