Access Driven Cache Timing Attack Against AES

Abstract

PDF HTML阅读 XML下载 导出引用 引用提醒 AES 访问驱动Cache 计时攻击 DOI: 10.3724/SP.J.1001.2011.03802 作者: 作者单位: 作者简介: 通讯作者: 中图分类号: 基金项目: 国家自然科学基金(60772082); 河北省自然科学基金(08M010) Access Driven Cache Timing Attack Against AES Author: Affiliation: Fund Project: 摘要 | 图/表 | 访问统计 | 参考文献 | 相似文献 | 引证文献 | 资源附件 | 文章评论 摘要:首先给出了访问驱动Cache 计时攻击的模型,提出了该模型下直接分析、排除分析两种通用的AES 加密泄漏Cache 信息分析方法;然后建立了AES 加密Cache 信息泄露模型,并在此基础上对排除分析攻击所需样本量进行了定量分析,给出了攻击中可能遇到问题的解决方案;最后结合OpenSSL v.0.9.8a,v.0.9.8j 中两种典型的AES 实现在Windows 环境下进行了本地和远程攻击共12 个实验.实验结果表明,访问驱动Cache 计时攻击在本地和远程均具有良好的可行性;AES 查找表和Cache 结构本身决定了AES 易遭受访问驱动Cache 计时攻击威胁,攻击最小样本量仅为13;去除T4 表的OpenSSL v.0.9.8j 中AES 最后一轮实现并不能防御该攻击;实验结果多次验证了AES 加密Cache 信息泄露和密钥分析理论的正确性. Abstract:Firstly, this paper displays an access driven Cache timing attack model, proposes non-elimination and elimination two general methods to analyze Cache information leakage during AES encryption, and builds the Cache information leakage model. Next, it uses quantitative analysis to attack a sample with the above elimination analysis method, and provides some solutions for the potential problems of a real attack. Finally, this paper describes 12 local and remote attacks on AES in OpenSSL v.0.9.8a, v.0.9.8j. Experiment results demonstrate that: the access driven Cache timing attack has strong applicability in both local and remote environments; the AES lookup table and Cache structure decide that AES is vulnerable to this type of attack, the least sample size required to recover a full AES key is about 13; the last round AES implementation in OpenSSL v.0.9.8j, which abandoned the T4 lookup table, cannot secure itself from the access driven Cache timing attack; the attack results strongly verify the correctness of the quantitative Cache information leakage theory and key analysis methods above. 参考文献 相似文献 引证文献