Wikipedia

Advanced Encryption Standard: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
AnomieBOT (talk | contribs)
Bots
6,859,741 edits
m Dating maintenance tags: {{Cn}}
Line 165:
In October 2005, Dag Arne Osvik, [[Adi Shamir]] and Eran Tromer presented a paper demonstrating several cache-timing attacks against the implementations in AES found in OpenSSL and Linux's <code>dm-crypt</code> partition encryption function.<ref>{{cite journal |url=http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf |work=The Cryptographer's Track at RSA Conference 2006 |title=Cache Attacks and Countermeasures: the Case of AES |date=2005-11-20 |author=Dag Arne Osvik |author2=Adi Shamir |author3=Eran Tromer |access-date=2008-11-02 |doi=10.1007/11605805_1 |url-status=live |archive-url=https://web.archive.org/web/20060619221046/http://www.wisdom.weizmann.ac.il/%7Etromer/papers/cache.pdf |archive-date=2006-06-19}}</ref> One attack was able to obtain an entire AES key after only 800&nbsp;operations triggering encryptions, in a total of 65&nbsp;milliseconds. This attack requires the attacker to be able to run programs on the same system or platform that is performing AES.
 
In December 2009 an attack on some hardware implementations was published that used [[differential fault analysis]] and allows recovery of a key with a complexity of 2<sup>32</sup>.<ref>{{cite journal |url=http://eprint.iacr.org/2009/581.pdf |title=A Diagonal Fault Attack on the Advanced Encryption Standard |author=Dhiman Saha |author2=Debdeep Mukhopadhyay |author3=Dipanwita RoyChowdhury|author3-link=Dipanwita Roy Chowdhury |access-date=2009-12-08 |journal=IACR Cryptology ePrint Archive |archive-url=https://web.archive.org/web/20091222070135/http://eprint.iacr.org/2009/581.pdf |archive-date=22 December 2009 |url-status=live}}</ref>
 
In November 2010 Endre Bangerter, David Gullasch and Stephan Krenn published a paper which described a practical approach to a "near real time" recovery of secret keys from AES-128 without the need for either cipher text or plaintext. The approach also works on AES-128 implementations that use compression tables, such as OpenSSL.<ref>{{cite journal |url=http://eprint.iacr.org/2010/594.pdf |title=Cache Games – Bringing Access-Based Cache Attacks on AES to Practice |author=Endre Bangerter |author2=David Gullasch |author3=Stephan Krenn |name-list-style=amp |date=2010 |journal=IACR Cryptology ePrint Archive |url-status=live |archive-url=https://web.archive.org/web/20101214092512/http://eprint.iacr.org/2010/594.pdf |archive-date=2010-12-14}}</ref> Like some earlier attacks, this one requires the ability to run unprivileged code on the system performing the AES encryption, which may be achieved by malware infection far more easily than commandeering the root account.<ref>{{cite web |url=http://news.ycombinator.com/item?id=1937902 |title=Breaking AES-128 in realtime, no ciphertext required |publisher=Hacker News |access-date=2012-12-23 |url-status=live |archive-url=https://web.archive.org/web/20111003193004/http://news.ycombinator.com/item?id=1937902 |archive-date=2011-10-03}}</ref>
Retrieved from "https://en.wikipedia.org/wiki/Advanced_Encryption_Standard"