Side channels are unintended communication channels of programs, e.g., the program's running time or power consumption. There is a multitude of attacks that exploit such channels to obtain secret information, e.g., cryptographic keys.
This talk presents systematic approaches to the detection and quantification of side channels, using program analysis. The focus of the talk is on a systematic study of cache side channels across AES implementations:
While the AES algorithm is regarded as secure, many implementations of AES are prone to cache-side-channel attacks. The lookup tables traditionally used in AES implementations for storing precomputed results provide speedup for encryption and decryption. How such lookup tables are used is known to affect the vulnerability to side channels, but the concrete effects in actual AES implementations are not yet sufficiently well understood. In our study, we analyze and compare multiple off-the-shelf AES implementations wrt. their vulnerability to cache-side-channel attacks. By applying quantitative program analysis techniques in a systematic fashion, we shed light on the influence of implementation techniques for AES on cache-side-channel leakage bounds.