{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T11:01:32Z","timestamp":1777806092751,"version":"3.51.4"},"reference-count":64,"publisher":"SAGE Publications","issue":"5","license":[{"start":{"date-parts":[[2019,7,17]],"date-time":"2019-07-17T00:00:00Z","timestamp":1563321600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2019,9,17]]},"abstract":"Cache timing side channels allow a remote attacker to disclose the cryptographic keys, by repeatedly invoking the encryption\/decryption functions and measuring the execution time. Warm and Delay are two algorithm-independent and implementation-transparent countermeasures against remote cache-based timing side channels for block ciphers. They destroy the relationship between the execution time and the cache misses\/hits which are determined by the secret key, but bring remarkable performance overhead. In this paper, we investigate the performance of cryptographic functions protected by Warm and Delay, and attempt to find the best strategy to integrate these two countermeasures with the optimal performance while effectively eliminate remote cache timing side channels for block ciphers implementations with lookup tables. To the best of our knowledge, this work is the first to systematically analyze the performance of integrating Warm and Delay against cache side channels.We derive the optimal scheme to integrate Warm and Delay, and apply it to AES. It is proven that the integration scheme achieves the optimal performance with the least extra operations on commodity systems. Finally, we implement it on Linux with Intel CPUs. Experimental results confirm that, ( a) the execution time does not leak information on cache access, ( b) the scheme outperforms other integration strategies of Warm and Delay, and ( c) the implementation works without any privileged operations on the computer.<\/jats:p>","DOI":"10.3233\/jcs-191296","type":"journal-article","created":{"date-parts":[[2019,7,19]],"date-time":"2019-07-19T10:41:56Z","timestamp":1563532916000},"page":"547-580","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":1,"title":["Towards the optimal performance of integrating\n Warm<\/scp>\n and\n Delay<\/scp>\n against remote cache timing side channels on block ciphers"],"prefix":"10.1177","volume":"27","author":[{"given":"Ziqiang","family":"Ma","sequence":"first","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, China. E-mails:\u00a0,\u00a0,\u00a0"},{"name":"Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Quanwei","family":"Cai","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, China. E-mails:\u00a0,\u00a0,\u00a0"},{"name":"Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jingqiang","family":"Lin","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, China. E-mails:\u00a0,\u00a0,\u00a0"},{"name":"Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China"},{"name":"School of Cyber Security, University of Chinese Academy of Sciences, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"Luo","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering and Computer Science, University of Kansas, USA. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiwu","family":"Jing","sequence":"additional","affiliation":[{"name":"Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, China"},{"name":"School of Computer Science, University of Chinese Academy of Sciences, China. E-mail:\u00a0"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"179","published-online":{"date-parts":[[2019,7,17]]},"reference":[{"key":"ref001","doi-asserted-by":"crossref","unstructured":"O.\u00a0Ac\u0131i\u00e7mez, Yet another MicroArchitectural attack: Exploiting I-cache, in: ACM Workshop on Computer Security Architecture, 2007.","DOI":"10.1145\/1314466.1314469"},{"key":"ref002","doi-asserted-by":"crossref","unstructured":"O.\u00a0Ac\u0131i\u00e7mez and \u00c7.K.\u00a0Ko\u00e7, Trace-driven cache attacks on AES, in: ICICS, 2006.","DOI":"10.1007\/11935308_9"},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"O.\u00a0Ac\u0131i\u00e7mez, W.\u00a0Schindler and \u00c7.K.\u00a0Ko\u00e7, Improving Brumley and Boneh timing attack on unprotected SSL implementations, in: ACM CCS, 2005.","DOI":"10.1145\/1102120.1102140"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"O.\u00a0Ac\u0131i\u00e7mez, W.\u00a0Schindler and \u00c7.K.\u00a0Ko\u00e7, Cache based remote timing attack on the AES, in: CT-RSA, 2007.","DOI":"10.1007\/11967668_18"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"C.\u00a0Adams, IETF RFC 2144: The CAST-128 Encryption Algorithm, 1997.","DOI":"10.17487\/rfc2144"},{"key":"ref006","doi-asserted-by":"crossref","unstructured":"A.\u00a0Askarov, D.\u00a0Zhang and A.C.\u00a0Myers, Predictive black-box mitigation of timing channels, in: ACM CCS, 2010.","DOI":"10.1145\/1866307.1866341"},{"key":"ref007","unstructured":"A.C.\u00a0Atici, C.\u00a0Yilmaz and E.\u00a0Savas, Remote cache-timing attack without learning phase,\n IACR Cryptology ePrint Archive\n (2016)."},{"key":"ref008","unstructured":"B.\u00a0Gras, K.\u00a0Razavi, H.\u00a0Bos and C.\u00a0Giuffrida, Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks, in: USENIX Security, 2018."},{"key":"ref009","unstructured":"D.J.\u00a0Bernstein, Cache-Timing Attacks on AES, 2005, http:\/\/cr.yp.to\/antiforgery\/cachetiming-20050414.pdf."},{"key":"ref010","doi-asserted-by":"crossref","unstructured":"G.\u00a0Bertoni, V.\u00a0Zaccaria, L.\u00a0Breveglieri, M.\u00a0Monchiero and G.\u00a0Palermo, AES power attack based on induced cache miss and countermeasure, in: ITCC, 2005.","DOI":"10.1109\/ITCC.2005.62"},{"key":"ref011","unstructured":"bitcoin-core\/ctaes: Simple constant-time AES implementation, Simple constant-time AES implementation, https:\/\/github.com\/bitcoin-core\/ctaes\/."},{"key":"ref012","doi-asserted-by":"crossref","unstructured":"J.\u00a0Bl\u00f6mer, J.\u00a0Guajardo and V.\u00a0Krummel, Provably secure masking of AES, in: SAC, 2004.","DOI":"10.1007\/978-3-540-30564-4_5"},{"key":"ref013","unstructured":"J.\u00a0Bl\u00f6mer and V.\u00a0Krummel, Analysis of countermeasures against access driven cache attacks on AES, in: SAC, 2007."},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"J.\u00a0Bonneau and I.\u00a0Mironov, Cache-collision timing attacks against AES, in: CHES, 2006.","DOI":"10.1007\/11894063_16"},{"key":"ref015","unstructured":"B.A.\u00a0Braun, S.\u00a0Jana and D.\u00a0Boneh, Robust and efficient elimination of cache and timing side channels, 2015, arXiv:1506.00189."},{"key":"ref016","unstructured":"E.\u00a0Brickell, G.\u00a0Graunke, M.\u00a0Neve and J.P.\u00a0Seifert, Software mitigations to hedge AES against cache-based software side channel vulnerabilities,\n IACR Cryptology ePrint Archive\n (2006)."},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"B.B.\u00a0Brumley and N.\u00a0Tuveri, Remote timing attacks are still practical, in: ESORICS, 2011.","DOI":"10.1007\/978-3-642-23822-2_20"},{"key":"ref018","doi-asserted-by":"crossref","unstructured":"D.\u00a0Brumley and D.\u00a0Boneh, Remote timing attacks are practical,\n Computer Networks\n 48\n (5) (2005). doi:10.1016\/j.comnet.2005.01.010.","DOI":"10.1016\/j.comnet.2005.01.010"},{"key":"ref019","unstructured":"A.\u00a0Canteaut, C.\u00a0Lauradoux and A.\u00a0Seznec, Understanding cache attacks, PhD thesis, INRIA, 2006."},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"J.V.\u00a0Cleemput, B.\u00a0Coppens and B.\u00a0De Sutter, Compiler mitigations for time attacks on modern \u00d786 processors,\n TACO\n (2012).","DOI":"10.1145\/2086696.2086702"},{"key":"ref021","doi-asserted-by":"crossref","unstructured":"D.\u00a0Cock, Q.\u00a0Ge, T.\u00a0Murray and G.\u00a0Heiser, The last mile: An empirical study of some timing channels on seL4, in: ACM CCS, 2014.","DOI":"10.1145\/2660267.2660294"},{"key":"ref022","doi-asserted-by":"crossref","unstructured":"B.\u00a0Coppens, I.\u00a0Verbauwhede, K.D.\u00a0Bosschere and B.D.\u00a0Sutter, Practical mitigations for timing-based side-channel attacks on modern X86 processors, in: IEEE S&P, 2009.","DOI":"10.1109\/SP.2009.19"},{"key":"ref023","doi-asserted-by":"crossref","unstructured":"S.\u00a0Crane, A.\u00a0Homescu, S.\u00a0Brunthaler, P.\u00a0Larsen and M.\u00a0Franz, Thwarting cache side-channel attacks through dynamic software diversity, in: NDSS, 2015.","DOI":"10.14722\/ndss.2015.23264"},{"key":"ref024","unstructured":"J.\u00a0Daemen and V.\u00a0Rijmen, The Design of Rijndael: AES \u2013 the Advanced Encryption Standard, Springer Science & Business Media, 2013."},{"key":"ref025","unstructured":"D.\u00a0Gruss, J.\u00a0Lettner, F.\u00a0Schuster, O.\u00a0Ohrimenko, I.\u00a0Haller and M.\u00a0Costa, Strong and efficient cache side-channel protection using hardware transactional memory, in: USENIX Security, 2017."},{"key":"ref026","unstructured":"C.\u00a0Disselkoen, D.\u00a0Kohlbrenner, L.\u00a0Porter and D.\u00a0Tullsen, Prime+ Abort: A timer-free high-precision L 3 cache attack using Intel TSX, in: USENIX Security, 2017."},{"key":"ref027","unstructured":"U.\u00a0Drepper, What every programmer should know about memory, Technical Report, Red Hat, 2007."},{"key":"ref028","unstructured":"C.\u00a0Ferdinand, Worst case execution time prediction by static program analysis, in: IPDPS, 2004."},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"D.\u00a0Genkin, L.\u00a0Pachmanov, I.\u00a0Pipman and E.\u00a0Tromer, Stealing keys from PCs by radio: Cheap electromagnetic attacks on windowed exponentiation, in: CHES, 2015.","DOI":"10.1007\/978-3-662-48324-4_11"},{"key":"ref030","doi-asserted-by":"crossref","unstructured":"D.\u00a0Genkin, I.\u00a0Pipman and E.\u00a0Tromer, Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs, in: CHES, 2014.","DOI":"10.1007\/978-3-662-44709-3_14"},{"key":"ref031","doi-asserted-by":"crossref","unstructured":"D.\u00a0Genkin, A.\u00a0Shamir and E.\u00a0Tromer, RSA key extraction via low-bandwidth acoustic cryptanalysis, in: CRYPTO, 2014.","DOI":"10.1007\/978-3-662-44371-2_25"},{"key":"ref032","doi-asserted-by":"crossref","unstructured":"D.\u00a0Gruss, C.\u00a0Maurice, K.\u00a0Wagner and S.\u00a0Mangard, Flush+ Flush: A fast and stealthy cache attack, in: DIMVA, 2016.","DOI":"10.1007\/978-3-319-40667-1_14"},{"key":"ref033","doi-asserted-by":"crossref","unstructured":"L.\u00a0Guan, J.\u00a0Lin, B.\u00a0Luo and J.\u00a0Jing, Copker: Computing with private keys without RAM, in: NDSS, 2014.","DOI":"10.14722\/ndss.2014.23125"},{"key":"ref034","doi-asserted-by":"crossref","unstructured":"D.\u00a0Gullasch, E.\u00a0Bangerter and S.\u00a0Krenn, Cache games: Bringing access-based cache attacks on AES to practice, in: IEEE S&P, 2011.","DOI":"10.1109\/SP.2011.22"},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"E.\u00a0K\u00e4sper and P.\u00a0Schwabe, Faster and timing-attack resistant AES-GCM, in: CHES, 2009.","DOI":"10.1007\/978-3-642-04138-9_1"},{"key":"ref036","unstructured":"T.\u00a0Kim, M.\u00a0Peinado and G.\u00a0Mainar-Ruiz, STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud, in: USENIX Security, 2012."},{"key":"ref037","doi-asserted-by":"crossref","unstructured":"P.C.\u00a0Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, in: CRYPTO, 1996.","DOI":"10.1007\/3-540-68697-5_9"},{"key":"ref038","doi-asserted-by":"crossref","unstructured":"J.\u00a0Kong, O.\u00a0Ac\u0131i\u00e7mez, J.P.\u00a0Seifert and H.\u00a0Zhou, Hardware-software integrated approaches to defend against software cache-based side channel attacks, in: HPCA, 2009.","DOI":"10.1109\/HPCA.2009.4798277"},{"key":"ref039","unstructured":"R.\u00a0K\u00f6nighofer, A fast and cache-timing resistant implementation of the AES, in: CT-RSA, 2008."},{"key":"ref040","doi-asserted-by":"crossref","unstructured":"B.\u00a0Kopf and M.\u00a0Durmuth, A provably secure and efficient countermeasure against timing attacks, in: CSF, 2009.","DOI":"10.1109\/CSF.2009.21"},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"P.\u00a0Li, D.\u00a0Gao and M.K.\u00a0Reiter, Mitigating access-driven timing channels in clouds using StopWatch, in: DSN, 2013.","DOI":"10.1109\/DSN.2013.6575299"},{"key":"ref042","unstructured":"SSL Library mbed TLS\/PolarSSL, https:\/\/tls.mbed.org\/."},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"F.\u00a0Liu, Q.\u00a0Ge, Y.\u00a0Yarom, F.\u00a0Mckeen, C.\u00a0Rozas, G.\u00a0Heiser and R.B.\u00a0Lee, CATalyst: Defeating last-level cache side channel attacks in cloud computing, in: HPCA, 2016.","DOI":"10.1109\/HPCA.2016.7446082"},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"F.\u00a0Liu, Y.\u00a0Yarom, Q.\u00a0Ge, G.\u00a0Heiser and R.B.\u00a0Lee, Last-level cache side-channel attacks are practical, in: IEEE S&P, 2015.","DOI":"10.1109\/SP.2015.43"},{"key":"ref045","doi-asserted-by":"crossref","unstructured":"R.\u00a0Martin, J.\u00a0Demme and S.\u00a0Sethumadhavan, TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks, in: ISCA, 2012.","DOI":"10.1109\/ISCA.2012.6237011"},{"key":"ref046","doi-asserted-by":"crossref","unstructured":"M.\u00a0Neve, J.P.\u00a0Seifert and Z.\u00a0Wang, A refined look at Bernstein\u2019s AES side-channel analysis, in: ACM AsiaCCS, 2006.","DOI":"10.1145\/1128817.1128887"},{"key":"ref047","unstructured":"OpenSSH, http:\/\/www.openssh.com\/."},{"key":"ref048","unstructured":"OpenSSL: Cryptography and SSL\/TLS Toolkit, https:\/\/www.openssl.org\/."},{"key":"ref049","unstructured":"Y.\u00a0Oren and A.\u00a0Shamir, How not to protect PCs from power analysis, in: Rump Session, CRYPTO, 2006."},{"key":"ref050","doi-asserted-by":"crossref","unstructured":"D.A.\u00a0Osvik, A.\u00a0Shamir and E.\u00a0Tromer, Cache attacks and countermeasures: The case of AES, in: CT-RSA, 2006.","DOI":"10.1007\/11605805_1"},{"key":"ref051","doi-asserted-by":"crossref","unstructured":"D.\u00a0Page, Defending against cache-based side-channel attacks, Information Security Technical Report, 2003.","DOI":"10.1016\/S1363-4127(03)00104-3"},{"key":"ref052","doi-asserted-by":"crossref","unstructured":"T.\u00a0Ristenpart, E.\u00a0Tromer, H.\u00a0Shacham and S.\u00a0Savage, Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds, in: ACM CCS, 2009.","DOI":"10.1145\/1653662.1653687"},{"key":"ref053","doi-asserted-by":"crossref","unstructured":"V.\u00a0Saraswat, D.\u00a0Feldman, D.F.\u00a0Kune and S.\u00a0Das, Remote cache-timing attacks against AES, in: CS2 Workshop, 2014.","DOI":"10.1145\/2556315.2556322"},{"key":"ref054","doi-asserted-by":"crossref","unstructured":"B.\u00a0Schneier, Description of a new variable-length key, 64-bit block cipher (Blowfish), in: FSE, 1993.","DOI":"10.1007\/3-540-58108-1_24"},{"key":"ref055","doi-asserted-by":"crossref","unstructured":"D.\u00a0Stefan, P.\u00a0Buiras, E.Z.\u00a0Yang, A.\u00a0Levy, D.\u00a0Terei, A.\u00a0Russo and D.\u00a0Mazi\u00e8res, Eliminating cache-based timing attacks with instruction-based scheduling, in: ESORICS, 2013.","DOI":"10.1007\/978-3-642-40203-6_40"},{"key":"ref056","unstructured":"Y.H.\u00a0Taha, S.M.\u00a0Abdulh, N.A.\u00a0Sadalla and H.\u00a0Elshoush, Cache-timing attack against AES crypto system \u2013 countermeasures review, 2014."},{"key":"ref057","doi-asserted-by":"crossref","unstructured":"E.\u00a0Tromer, D.A.\u00a0Osvik and A.\u00a0Shamir, Efficient cache attacks on AES, and countermeasures,\n Journal of Cryptology\n (2010).","DOI":"10.1007\/s00145-009-9049-y"},{"key":"ref058","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Tsunoo, T.\u00a0Saito, T.\u00a0Suzaki, M.\u00a0Shigeri and H.\u00a0Miyauchi, Cryptanalysis of DES implemented on computers with cache, in: CHES, 2003.","DOI":"10.1007\/978-3-540-45238-6_6"},{"key":"ref059","unstructured":"V.\u00a0Varadarajan, T.\u00a0Ristenpart and M.M.\u00a0Swift, Scheduler-based defenses against cross-VM side-channels, in: USENIX Security, 2014."},{"key":"ref060","doi-asserted-by":"crossref","unstructured":"Z.\u00a0Wang and R.B.\u00a0Lee, New cache designs for thwarting software cache-based side channel attacks, in: ISCA, 2007.","DOI":"10.1145\/1250662.1250723"},{"key":"ref061","unstructured":"Y.\u00a0Yarom and K.\u00a0Falkner, Flush+Reload: A high resolution, low noise, L 3 cache side-channel attack, in: USENIX Security, 2014."},{"key":"ref062","doi-asserted-by":"crossref","unstructured":"D.\u00a0Zhang, A.\u00a0Askarov and A.C.\u00a0Myers, Predictive mitigation of timing channels in interactive systems, in: ACM CCS, 2011.","DOI":"10.1145\/2046707.2046772"},{"key":"ref063","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Zhang, A.\u00a0Juels, M.K.\u00a0Reiter and T.\u00a0Ristenpart, Cross-VM side channels and their use to extract private keys, in: ACM CCS, 2012.","DOI":"10.1145\/2382196.2382230"},{"key":"ref064","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Zhang and M.K.\u00a0Reiter, D\u00fcppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud, in: ACM CCS, 2013.","DOI":"10.1145\/2508859.2516741"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191296","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-191296","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-191296","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:45:20Z","timestamp":1777495520000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-191296"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,7,17]]},"references-count":64,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2019,9,17]]}},"alternative-id":["10.3233\/JCS-191296"],"URL":"https:\/\/doi.org\/10.3233\/jcs-191296","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,7,17]]}}}