Timing-based side-channels play an important role in exposing the state of a process execution on underlying hardware by revealing information about timing and access patterns. Side-channel attacks (SCAs) are powerful cryptanalysis techniques that focus on the underlying implementation of cryptographic ciphers during execution rather than attacking the structure of cryptographic functions. This paper reviews cache-based software side-channel attacks, mitigation and detection techniques that target various cryptosystems, particularly RSA, proposed over the last decade (2007–2018). It provides a detailed taxonomy of attacks on RSA cryptosystems and discusses their strengths and weaknesses while attacking different algorithmic implementations of RSA. A threat model is presented based on the cache features that are being leveraged for such attacks across cache hierarchy in computing architectures. The paper also provides a classification of these attacks based on the source of information leakage. It then undertakes a qualitative analysis of secret key retrieval efficiency, complexity, and the features being exploited on target cryptosystems in these attacks. The paper also discusses the mitigation and detection techniques proposed against such attacks and classifies them based on their effectiveness at various levels in caching hardware and leveraged features. Finally, the paper discusses recent trends in attacks, the challenges involved in their mitigation, and future research directions needed to deal with side-channel information leakage.

通过显示有关时序和访问模式的信息，基于时序的辅助通道在公开底层硬件上的进程执行状态时起着重要作用。旁通道攻击（SCA）是强大的密码分析技术，专注于基础实现在执行期间加密密码，而不是攻击加密功能的结构。本文回顾了过去十年（2007年至2018年）提出的针对各种密码系统（尤其是RSA）的基于缓存的软件侧通道攻击，缓解和检测技术。它提供了对RSA密码系统的攻击的详细分类法，并讨论了在攻击RSA的不同算法实现时的优点和缺点。基于高速缓存功能提出了一种威胁模型，该高速缓存功能可用于计算体系结构中跨高速缓存层次结构的此类攻击。本文还根据信息泄漏的来源对这些攻击进行了分类。然后对秘密密钥的检索效率，复杂性，以及在这些攻击中目标密码系统所利用的功能。本文还讨论了针对此类攻击的缓解和检测技术，并根据其在缓存硬件和杠杆功能方面各个级别的有效性将其分类。最后，本文讨论了攻击的最新趋势，缓解攻击所涉及的挑战以及应对侧信道信息泄漏所需的未来研究方向。