Cache-collision timing attacks against AES-GCM

Abstract

Side-channel attacks that utilize timing, power consumption, and electromagnetic radiation to gain information about an encryption/decryption implementation have been demonstrated experimentally to be an effective attack against a variety of cryptographic systems. We define a general attack strategy against AES-GCM using a simplified model of the cache to predict timing variation due to cache-collisions in the sequence of lookups performed by the encryption. The attacks presented should be applicable to most high-speed software AES-GCM implementations and computing platforms, we have implemented them against Openssl-1.0.0-beta3 running on Intel(R) Xeon(R) CPU 5110 and Intel(R) Xeon(R) CPU 5520. This is the first time in publication to successfully attack the AES-GCM algorithm. While the task of defending AES-GCM against all timing attacks is challenging, a small patch can significantly reduce the vulnerability to these specific attacks with no performance penalty.