Research On Differential F_LUSH+R_ELOAD Cache Based Side-channel Attacks

In cryptography,encryption is the convention of information from a readable state to apparent nonsense,in order to prevent unauthorized access.The security of applied encryption not only depends on the scheme design itself,but also the management of the secret key and the implementation of the encryption algorithm.Side-channel attacks,which utilize the information leakage of the inadvertent influence of the environment in a secret-dependent way,can break the modern encryption algorithms which are not feasible with traditional cryptanalysis.Cache side-channel attacks leverage the timing difference caused through microarchitectural optimizations,which can be performed without physical access to the victim devices,and no extra measuring instruments are required to leak the information,posing a great threat to the crypto devices.Cache side-channel attacks are usually categorized into three generic techniques: E_VICT+T_IME,P_RIME+P_ROBE and F_LUSH+R_ELOAD,with F_LUSH+R_ELOAD considered to be the most powerful one.F_LUSH+R_ELOAD detects memory access in single cache line granularity,and does not require knowledge about virtual to physical memory mapping.However,F_LUSH+R_ELOAD cannot detect the access sequence of memory addresses,thus it cannot be applied to the scenarios where every memory address is accessed and only the access sequence might reveal the secret information.In this thesis,1.differential F_LUSH+R_ELOAD is proposed to detect the access sequence of a pair of memory addresses.By flushing multiple memory addresses during the encryption,the memory access sequence might be revealed from the final cache state.The methodology of evaluation is given in full detail,and experiment is carried out to verify the proposal.2.to combine multiple pairs of memory access sequence,a “count sort” algorithm is given to limit a single pair of wrong sequence to be transitted across the whole sequence,and a duplicated access detection algorithm is given to match recovered access sequence to the encryption implementation.Experiment to recover AES round key is given to validate the effectiveness of differential F_LUSH+R_ELOAD in real life attack scenarios.