Helsinki University of Technology
Cache-timing attacks are a serious threat to security-critical software. The authors show that the combination of vector quantization and hidden Markov model cryptanalysis is a powerful tool for automated analysis of cache-timing data; it can be used to recover critical algorithm state such as key material. They demonstrate its effectiveness by running an attack on the elliptic curve portion of OpenSSL (0.9.8k and under). This involves automated lattice attacks leading to key recovery within hours. They carry out the attack on live cache-timing data without simulating the side channel, showing these attacks are practical and realistic.