Wikipedia

Advanced Encryption Standard: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m Known attacks: take away generic author name
m Side-channel attacks: that one is a conference paper, so it should use {{cite conference}}
Line 169:
In November 2010 Endre Bangerter, David Gullasch and Stephan Krenn published a paper which described a practical approach to a "near real time" recovery of secret keys from AES-128 without the need for either cipher text or plaintext. The approach also works on AES-128 implementations that use compression tables, such as OpenSSL.<ref>{{cite journal |url=http://eprint.iacr.org/2010/594.pdf |title=Cache Games – Bringing Access-Based Cache Attacks on AES to Practice |author=Endre Bangerter |author2=David Gullasch |author3=Stephan Krenn |name-list-style=amp |date=2010 |journal=IACR Cryptology ePrint Archive |url-status=live |archive-url=https://web.archive.org/web/20101214092512/http://eprint.iacr.org/2010/594.pdf |archive-date=2010-12-14}}</ref> Like some earlier attacks, this one requires the ability to run unprivileged code on the system performing the AES encryption, which may be achieved by malware infection far more easily than commandeering the root account.<ref>{{cite web |url=http://news.ycombinator.com/item?id=1937902 |title=Breaking AES-128 in realtime, no ciphertext required |publisher=Hacker News |access-date=2012-12-23 |url-status=live |archive-url=https://web.archive.org/web/20111003193004/http://news.ycombinator.com/item?id=1937902 |archive-date=2011-10-03}}</ref>
 
In March 2016, Ashokkumar C. Ashokkumar, Ravi Prakash Giri and Bernard Menezes presented a side-channel attack on AES implementations that can recover the complete 128-bit AES key in just 6–7 blocks of plaintext/ciphertext, which is a substantial improvement over previous works that require between 100 and a million encryptions.<ref>{{citeCite bookconference |yeartitle=2016Highly |author1=AshokkumarEfficient C.Algorithms for AES Key Retrieval in Cache Access Attacks |titleconference=2016 IEEE European Symposium on Security and Privacy (EuroS&P) |last=Ashokkumar |first=C. |pages=261–275261-275 |author2last2=Giri |first2=Ravi Prakash Giri|last3=Menezes |author3first3=Bernard Menezes|___location=Saarbruecken, Germany |doi=10.1109/EuroSP.2016.29 |isbn=978-1-5090-1751-5 |s2cid=11251391}}</ref> The proposed attack requires standard user privilege and key-retrieval algorithms run under a minute.
 
Many modern CPUs have built-in [[AES instruction set|hardware instructions for AES]], which protect against timing-related side-channel attacks.<ref>{{cite conference |last1=Mowery |first1=Keaton |last2=Keelveedhi |first2=Sriram |last3=Shacham |first3=Hovav |conference=CCS'12: the ACM Conference on Computer and Communications Security |date=19 October 2012 |___location=Raleigh, North Carolina, USA |pages=19-24 |title=Are AES x86 cache timing attacks still feasible? |url=https://cseweb.ucsd.edu/~kmowery/papers/aes-cache-timing.pdf |archive-url=https://web.archive.org/web/20170809152309/http://cseweb.ucsd.edu/~kmowery/papers/aes-cache-timing.pdf |archive-date=2017-08-09 |doi=10.1145/2381913.2381917}}</ref><ref>{{cite web |url=https://www.intel.in/content/dam/doc/white-paper/enterprise-security-aes-ni-white-paper.pdf |title=Securing the Enterprise with Intel AES-NI |access-date=2017-07-26 |url-status=live |archive-url=https://web.archive.org/web/20130331041411/http://www.intel.in/content/dam/doc/white-paper/enterprise-security-aes-ni-white-paper.pdf |archive-date=2013-03-31 |website=[[Intel Corporation]]}}</ref>
Retrieved from "https://en.wikipedia.org/wiki/Advanced_Encryption_Standard"