Enhanced cache attack on AES applicable on ARM-based devices with new operating systems

Abstract

There are several key challenges in performing cache-based attacks on ARM-based devices. Lipp et al. introduced various techniques to tackle these challenges and applied successfully different cache-based attacks on ARM-based mobile devices. In the cache-based attacks proposed by Lipp et al. it is assumed that the attacker has access to the mapping of virtual addresses to physical addresses through/proc/self/pagemap which is an important limiting factor in Linux and newer versions of Android operating systems. To access this mapping, the attacker must know the root of the operating system. In this paper, we introduce an Evict+Reload attack on the T-table-based implementation of AES which applies to ARM-based devices in which root access is required to use the mapping of virtual addresses to physical addresses. The attack consists of two phases. The profiling is a preprocessing phase to profile all the timing characteristics when AES is executed with a known key. In this phase, the attacker can identify specific bits of the physical addresses of the AES T-table elements without having root access. In the exploitation phase, full key bytes are retrieved by a conventional Evict+Reload attack. To verify the theoretical model of our technique, we implemented the described attack on AES.