Cache-timing attack against aes crypto system - countermeasures review

Abstract

Side channel attacks are based on side channel information, which is information that is leaked from encryption systems. Implementing side channel attacks is possible if and only if an attacker has access to a cryptosystem (victim) or can interact with cryptosystem remotely to compute time statistics of information that collected from targeted system. Cache timing attack is a special type of side channel attack. Here, timing information caused by cache effect is collected and analyzed by an attacker to guess sensitive information such as encryption key or plaintext. Cache timing attack against AES was known theoretically until Bernstein carry out a real implementation of the attack. Fortunately, this attack can be a success only by exploiting bad implementation in software or hardware, not for algorithm structure weaknesses, and that means attack could be prevented if proper implementation has been used. For that reason, modification in software and hardware has been proposed as countermeasures. This paper reviews the technique applied in this attack, surveys the countermeasures against it, and evaluates the feasibility and usability of each countermeasure. We made comparison between these countermeasure based on certain aspect furthermore.