Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis

Ben Lapid; Avishai Wool

doi:https://doi.org/10.1007/978-3-030-10970-7_11

Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis

Ben Lapid, Avishai Wool

School of Electrical Engineering

Tel Aviv University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The ARM TrustZone is a security extension which is used in recent Samsung flagship smartphones to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes (Trustlets). The Samsung TEE includes cryptographic key storage and functions inside the Keymaster trustlet. The secret key used by the Keymaster trustlet is derived by a hardware device and is inaccessible to the Android OS. However, the ARM32 AES implementation used by the Keymaster is vulnerable to side channel cache-attacks. The Keymaster trustlet uses AES-256 in GCM mode, which makes mounting a cache attack against this target much harder. In this paper we show that it is possible to perform a successful cache attack against this AES implementation, in AES-256/GCM mode, using widely available hardware. Using a laptop’s GPU to parallelize the analysis, we are able to extract a raw AES-256 key with 7Â min of measurements and under a minute of analysis time and an AES-256/GCM key with 40Â min of measurements and 30Â min of analysis.

Original language	English
Title of host publication	Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers
Editors	Carlos Cid, Michael J. Jacobson
Pages	235-256
Number of pages	22
DOIs	https://doi.org/10.1007/978-3-030-10970-7_11
State	Published - 2019
Event	25th International Conference on Selected Areas in Cryptography, SAC 2018 - Calgary, Canada Duration: 15 Aug 2018 → 17 Aug 2018

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11349 LNCS

Conference

Conference	25th International Conference on Selected Areas in Cryptography, SAC 2018
Country/Territory	Canada
City	Calgary
Period	15/08/18 → 17/08/18

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

https://doi.org/10.1007/978-3-030-10970-7_11

Cite this

Lapid, B., & Wool, A. (2019). Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis. In C. Cid, & M. J. Jacobson (Eds.), Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers (pp. 235-256). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11349 LNCS). https://doi.org/10.1007/978-3-030-10970-7_11

Lapid, Ben ; Wool, Avishai. / Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis. Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers. editor / Carlos Cid ; Michael J. Jacobson. 2019. pp. 235-256 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{c713e8552788472ba1d34ce85ff10435,

title = "Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis",

abstract = "The ARM TrustZone is a security extension which is used in recent Samsung flagship smartphones to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes (Trustlets). The Samsung TEE includes cryptographic key storage and functions inside the Keymaster trustlet. The secret key used by the Keymaster trustlet is derived by a hardware device and is inaccessible to the Android OS. However, the ARM32 AES implementation used by the Keymaster is vulnerable to side channel cache-attacks. The Keymaster trustlet uses AES-256 in GCM mode, which makes mounting a cache attack against this target much harder. In this paper we show that it is possible to perform a successful cache attack against this AES implementation, in AES-256/GCM mode, using widely available hardware. Using a laptop{\textquoteright}s GPU to parallelize the analysis, we are able to extract a raw AES-256 key with 7{\^A} min of measurements and under a minute of analysis time and an AES-256/GCM key with 40{\^A} min of measurements and 30{\^A} min of analysis.",

author = "Ben Lapid and Avishai Wool",

note = "Publisher Copyright: {\textcopyright} 2019, Springer Nature Switzerland AG.; 25th International Conference on Selected Areas in Cryptography, SAC 2018 ; Conference date: 15-08-2018 Through 17-08-2018",

year = "2019",

doi = "https://doi.org/10.1007/978-3-030-10970-7_11",

language = "الإنجليزيّة",

isbn = "9783030109691",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "235--256",

editor = "Carlos Cid and Jacobson, {Michael J.}",

booktitle = "Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers",

}

Lapid, B & Wool, A 2019, Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis. in C Cid & MJ Jacobson (eds), Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11349 LNCS, pp. 235-256, 25th International Conference on Selected Areas in Cryptography, SAC 2018, Calgary, Canada, 15/08/18. https://doi.org/10.1007/978-3-030-10970-7_11

Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis. / Lapid, Ben; Wool, Avishai.
Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers. ed. / Carlos Cid; Michael J. Jacobson. 2019. p. 235-256 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11349 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis

AU - Lapid, Ben

AU - Wool, Avishai

PY - 2019

Y1 - 2019

N2 - The ARM TrustZone is a security extension which is used in recent Samsung flagship smartphones to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes (Trustlets). The Samsung TEE includes cryptographic key storage and functions inside the Keymaster trustlet. The secret key used by the Keymaster trustlet is derived by a hardware device and is inaccessible to the Android OS. However, the ARM32 AES implementation used by the Keymaster is vulnerable to side channel cache-attacks. The Keymaster trustlet uses AES-256 in GCM mode, which makes mounting a cache attack against this target much harder. In this paper we show that it is possible to perform a successful cache attack against this AES implementation, in AES-256/GCM mode, using widely available hardware. Using a laptop’s GPU to parallelize the analysis, we are able to extract a raw AES-256 key with 7Â min of measurements and under a minute of analysis time and an AES-256/GCM key with 40Â min of measurements and 30Â min of analysis.

AB - The ARM TrustZone is a security extension which is used in recent Samsung flagship smartphones to create a Trusted Execution Environment (TEE) called a Secure World, which runs secure processes (Trustlets). The Samsung TEE includes cryptographic key storage and functions inside the Keymaster trustlet. The secret key used by the Keymaster trustlet is derived by a hardware device and is inaccessible to the Android OS. However, the ARM32 AES implementation used by the Keymaster is vulnerable to side channel cache-attacks. The Keymaster trustlet uses AES-256 in GCM mode, which makes mounting a cache attack against this target much harder. In this paper we show that it is possible to perform a successful cache attack against this AES implementation, in AES-256/GCM mode, using widely available hardware. Using a laptop’s GPU to parallelize the analysis, we are able to extract a raw AES-256 key with 7Â min of measurements and under a minute of analysis time and an AES-256/GCM key with 40Â min of measurements and 30Â min of analysis.

UR - http://www.scopus.com/inward/record.url?scp=85060684173&partnerID=8YFLogxK

U2 - https://doi.org/10.1007/978-3-030-10970-7_11

DO - https://doi.org/10.1007/978-3-030-10970-7_11

M3 - منشور من مؤتمر

SN - 9783030109691

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 235

EP - 256

BT - Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers

A2 - Cid, Carlos

A2 - Jacobson, Michael J.

T2 - 25th International Conference on Selected Areas in Cryptography, SAC 2018

Y2 - 15 August 2018 through 17 August 2018

ER -

Lapid B, Wool A. Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis. In Cid C, Jacobson MJ, editors, Selected Areas in Cryptography – SAC 2018 - 25th International Conference, Revised Selected Papers. 2019. p. 235-256. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: https://doi.org/10.1007/978-3-030-10970-7_11

Cache-Attacks on the ARM TrustZone Implementations of AES-256 and AES-256-GCM via GPU-Based Analysis

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this