Abstract
This paper presents a new attack against a software implementation of the Advanced Encryption Standard. The attack aims at flushing elements of the SBOX from the cache, thus inducing a cache miss during the encryption phase. The power trace is then used to detect when the cache miss occurs; if the miss happens in the first round of the AES then the information can be used to recover part of the secret key. The attack has been simulated using the Wattch simulation framework and a simple software implementation of AES (using a single table for the SBOX). The attack can be easily extended to more sophisticated versions of AES with more than one table. Eventually, we present a simple countermeasure which does not require randomization.
Gianluca Palermo
Full Professor
Gianluca Palermo received the M.Sc. degree in Electronic Engineering in 2002, and the Ph.D degree in Computer Engineering in 2006 from Politecnico di Milano. He is currently an associate professor at Department of Electronics and Information Technology in the same University. Previously he was also consultant engineer in the Low Power Design Group of AST – STMicroelectronics working on network on-chip and research assistant at the Advanced Learning and Research Institute (ALaRI) of the Università della Svizzera italiana (Switzerland). His research interests include design methodologies and architectures for embedded and HPC systems, focusing on AutoTuning aspects.
Vittorio Zaccaria
Associate Professor
I am an associate professor at Politecnico di Milano and I have worked in embedded processor architecture R&D for one of the top semiconductor companies in the world. My group is currently working on topics related to embedded systems (hardware and software), security, cryptography, operating systems.