Are AES x86 cache timing attacks still feasible?

Abstract

We argue that five recent software and hardware developments - the AES-NI instructions, multicore processors with per-core caches, complex modern software, sophisticated prefetchers, and physically tagged caches - combine to make it substantially more difficult to mount data-cache side-channel attacks on AES than previously realized. We propose ways in which some of the challenges posed by these developments might be overcome. We also consider scenarios where side-channel attacks are attractive, and whether our proposed workarounds might be applicable to these scenarios.