Cache-collision side-channel analysis and attacks against AES-GCM Online publication date: Wed, 31-Mar-2021
by James Huang; Xiaoming Li
International Journal of Big Data Intelligence (IJBDI), Vol. 7, No. 4, 2020
Abstract: Data security is an important issue in big data applications. The sheer data volume provides way more opportunities for a potential attacker to observe and identify patterns in computation and data. In this paper, we reveal that the data/computation patterns derived from the observation of large volume of data can be associated with the key used in the AES-GCM algorithm, one of the foundation algorithms in data security. The paper presents a software-based cache-collision timing attack against the well known authenticated encryption scheme AES-GCM. The attack can be successful if enough data (plaintext-ciphertext pairs) are processed and the hash key H used for generating look-up tables in software implementation. We present an attack model and an implementation of the attack based on OpenSSL, a widely used library that provides security-related functions for many applications. In most cases, our attack methodology is able to converge and extract the hidden key.
Online publication date: Wed, 31-Mar-2021
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Big Data Intelligence (IJBDI):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email firstname.lastname@example.org