Authors: James Huang; Xiaoming Li
Addresses: Department of Electrical and Computer Engineering, University of Delaware, USA ' Department of Electrical and Computer Engineering, University of Delaware, USA
Abstract: Data security is an important issue in big data applications. The sheer data volume provides way more opportunities for a potential attacker to observe and identify patterns in computation and data. In this paper, we reveal that the data/computation patterns derived from the observation of large volume of data can be associated with the key used in the AES-GCM algorithm, one of the foundation algorithms in data security. The paper presents a software-based cache-collision timing attack against the well known authenticated encryption scheme AES-GCM. The attack can be successful if enough data (plaintext-ciphertext pairs) are processed and the hash key H used for generating look-up tables in software implementation. We present an attack model and an implementation of the attack based on OpenSSL, a widely used library that provides security-related functions for many applications. In most cases, our attack methodology is able to converge and extract the hidden key.
Keywords: data-pattern; cache-collision; AES-GCM.
International Journal of Big Data Intelligence, 2020 Vol.7 No.4, pp.211 - 217
Received: 09 Apr 2020
Accepted: 06 Sep 2020
Published online: 15 Mar 2021 *