{"quality_controlled":0,"year":"2011","acknowledgement":"This work was in part funded by the European Community’s Seventh Framework Programme (FP7) under grant agreement no. 216499 and the Swiss Hasler Foundation.\nAn extended abstract was also accepted for COSADE 2011.","date_published":"2011-01-01T00:00:00Z","extern":1,"author":[{"full_name":"Gullasch, David","last_name":"Gullasch","first_name":"David"},{"last_name":"Bangerter","full_name":"Bangerter, Endre","first_name":"Endre"},{"last_name":"Krenn","full_name":"Stephan Krenn","first_name":"Stephan","id":"329FCCF0-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0003-2835-9093"}],"abstract":[{"lang":"eng","text":"Side channel attacks on cryptographic systems exploit information\ngained from physical implementations rather than theoretical\nweaknesses of a scheme. In recent years, major achievements were made\nfor the class of so called access-driven cache attacks. Such attacks\nexploit the leakage of the memory locations accessed by a victim\nprocess.\n\nIn this paper we consider the AES block cipher and present an attack\nwhich is capable of recovering the full secret key in almost realtime\nfor AES-128, requiring only a very limited number of observed\nencryptions. Unlike previous attacks, we do not require any\ninformation about the plaintext (such as its distribution, etc.).\nMoreover, for the first time, we also show how the plaintext can be\nrecovered without having access to the ciphertext at all. It is the\nfirst working attack on AES implementations using compressed\ntables. There, no efficient techniques to identify the beginning\nof AES rounds is known, which is the fundamental assumption underlying previous\nattacks.\n\nWe have a fully working implementation of our attack which is able to\nrecover AES keys after observing as little as 100 encryptions. It\nworks against the OpenSSL 0.9.8n implementation of AES on Linux\nsystems. Our spy process does not require any special privileges\nbeyond those of a standard Linux user. A contribution of probably\nindependent interest is a denial of service attack on the task scheduler of\ncurrent Linux systems (CFS), which allows one to observe (on average)\nevery single memory access of a victim process."}],"citation":{"mla":"Gullasch, David, et al. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. IEEE, 2011, pp. 490–505, doi:10.1109/SP.2011.22.","short":"D. Gullasch, E. Bangerter, S. Krenn, in:, IEEE, 2011, pp. 490–505.","ama":"Gullasch D, Bangerter E, Krenn S. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. In: IEEE; 2011:490-505. doi:10.1109/SP.2011.22","ieee":"D. Gullasch, E. Bangerter, and S. Krenn, “Cache Games - Bringing Access-Based Cache Attacks on AES to Practice,” presented at the S&P: IEEE Symposium on Security and Privacy, 2011, pp. 490–505.","ista":"Gullasch D, Bangerter E, Krenn S. 2011. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. S&P: IEEE Symposium on Security and Privacy, 490–505.","chicago":"Gullasch, David, Endre Bangerter, and Stephan Krenn. “Cache Games - Bringing Access-Based Cache Attacks on AES to Practice,” 490–505. IEEE, 2011. https://doi.org/10.1109/SP.2011.22.","apa":"Gullasch, D., Bangerter, E., & Krenn, S. (2011). Cache Games - Bringing Access-Based Cache Attacks on AES to Practice (pp. 490–505). Presented at the S&P: IEEE Symposium on Security and Privacy, IEEE. https://doi.org/10.1109/SP.2011.22"},"publist_id":"3727","_id":"2976","type":"conference","conference":{"name":"S&P: IEEE Symposium on Security and Privacy"},"date_created":"2018-12-11T12:00:39Z","publisher":"IEEE","title":"Cache Games - Bringing Access-Based Cache Attacks on AES to Practice","month":"01","date_updated":"2021-01-12T07:40:11Z","day":"01","publication_status":"published","main_file_link":[{"open_access":"0","url":"http://eprint.iacr.org/2010/594.pdf"}],"status":"public","doi":"10.1109/SP.2011.22","page":"490 - 505"}