Graduation date: 2007
Cryptographic devices leak timing and power consumption information that is easily measurable, radiation of various levels, and more. Such devices also have additional inputs, other than plaintext and keys, like voltage, which can be modified to force the device to produce certain faulty outputs that can be used to reveal the secret key. Side-channel cryptanalysis uses the information that leaks through one or more side channels of a cryptographic system to obtain secret information.
The initial focus of side-channel research was on smart card security. There are two main reasons why smart cards were the first type of devices that was analyzed extensively from the side-channel point of view. Smart cards store secret values inside the card and they are especially designed to protect and process these secret values. Therefore, there is a serious financial gain involved in cracking
smart cards, as well as, analyzing them and developing more secure smart card technologies. The recent promises from Trusted Computing community indicate
the security assurance of storing such secret values in PC platforms, c.f. [99].
These promises have made the side-channel analysis of PC platforms as desirable as that of smart cards.
The second reason of the high attention to side-channel analysis of smart cards is due to the ease of applying such attacks to them. The measurements of side-channel information on smart cards are almost “noiseless”, which makes such attacks very practical. On the other hand, there are many factors that affect such measurements on real commodity computer systems. These factors create noise, and therefore it is much more difficult to develop and perform successful attacks on such “real” computers within our daily life. Thus, until very recently the vulnerability of systems even running on servers was not “really” considered to be harmful by such side-channel attacks. This was changed with the work of Brumley and Boneh, c.f. [21], who demonstrated a remote timing attack over a local network.
Because of the above reasons, we have seen an increased research effort on the security analysis of the daily life PC platforms from the side-channel point of view. Here, it has been especially shown that the functionality of the common components of processor architectures creates an indisputable security risk, c.f. [1, 2, 5, 14, 73, 80], which comes in different forms.
In this thesis, we focus on side-channel cryptanalysis of cryptosystems on commodity computer platforms. Especially, we analyze two main CPU components, cache and branch prediction unit, from side-channel point of view. We show that the functionalities of these two components create very serious security risks in software systems, especially in software based cryptosystems.