Say you have a web application that's performing AES encryption. What sorts of side channel attacks should one keep an eye out for?
Timing attacks affect RSA more than symmetric ciphers in-so-far as I know.
Any ideas?
Asked
Active
Viewed 981 times
1
-
3This section on Wiki describes all side-channel attacks I know of (mostly cache timing and fault injection). But all of them kinda require the ability to run a program on the same machine or otherwise have some control over the machine (e.g. for fault injection). But if this is relevant to you, depends on your application/server. Some speculation: There was some nifty side-channel attack based on an RSA implementation based on the noise of the processor. Maybe no one has looked into that for AES ;) – tylo Oct 07 '14 at 15:54
1 Answers
2
In my limited understanding, cache attacks should be consider the most. In AES encryption, one need to subBytes using S-Box. So, for data that has been used and saved in cache, it will takes less time to subBytes. So, Mallory can learn about the pattern of plaintext.
dtyfulghjgu
- 21
- 2
-
1In addition, I would say "cache" behavior is not easily predictable. There can be a lot of interactions between processes because of multitasking, meaning cache lines may be erased depending on current processes. Cache "strategy" also depends on the inner-CPU architecture so "cache attack" may be difficult to "extrapolate". This is without taking into account AES dedicated instructions on modern processors. In a paper published in 2013 ("Cache Timing Attacks on AES", Wei Liu & al.), authors showed that core i5 were "immuned" somehow. Nonetheless, this should be considered as a serious threat. – Jérémy Métairie Apr 30 '18 at 12:36