Computer Science

Computer Science ›› 2020, Vol. 47 ›› Issue (6A): 375-380.doi: 10.11896/JsJkx.190900157

• Information Security • Previous Articles     Next Articles

L3 Cache Attack Against Last Round of Encryption AES Table Lookup Method

LU Yao, CHEN Kai-yan, WANG Yin-long and SHANG Qian-yi   

  1. Army Engineering University of PLA,ShiJiazhuang 050000,China
  • Published:2020-07-07
  • About author:LU Yao, born in 1987.His main research interests include computer hardware security, and side-channel attacks.

PDF (PC)

1279

Abstract: According to the research status of Cache Side-Channel attacks,on machines equipped with Intel i5-4590 four-core,3.3GHz CPU processor,flush +flush timing attack is carried out on AES fast encryption method(AESFastEngine.Java) of Bouncy Castle JDK1.0 library in Linux system virtual environment.When the encryption process continues to execute,flush+flush method is used to traverse the shared main memory address to detect the active address set (s-box address),and then the S-box offsets is found to monitor table entries in the s-box offset.Select ciphertext value corresponding to shorter flush+flush time from all ciphertexts,and restore the last round key value with the table entry value of S box,that is,the key value used in the last round can be restored by determining the usage of entries in S-box.This method needs a large number of known ciphertext,and can accurately calculate the offsets of S-box and the last round key values.

Key words: AES table look-up method, Cache timing attack, flush+flush attack, RiJndael algorithm, S-box offsets

CLC Number: 

  • TP309.7
[1] VISCAROLA P,MASON W.实用技术Windows NT 和Windows 2000设备驱动及开发.北京:电子工业出版社,2000.
[2] ART B,JERRY L.Windows 2000 设备驱动程序设计指南.施诺,译.北京:机械工业出版社,2001.
[3] 刘鸿雁,袁平,吴恒柏.RiJndael 算法实现方案的设计策略研究.计算机工程与设计,2008(23):38-41.
[4] The Legion of the Bouncy Castle.JDK 1.0-lcrypto-Jdk10-133.zip \src\org\bouncycastle\crypto\engines \ AESFastEngine.Java.http://www.bouncycastle.org /latest_releases.html.
[5] YAROM Y,FALKNER K.FLUSH+RELOAD:a high resolution,low noise,L3 cache side-channel attack//23rd {USENIX} Security Symposium ({USENIX} Security 14).2014:719-732.
[6] ZHANG Y,JUELS A,REITER M K,et al.Cross-VM side channels and their use to extract private keys//Proceedings of the 2012 ACM Conference on Computer and Communications Security.ACM,2012:305-316.
[7] RISTENPART T,TROMER E,SHACHAM H,et al.Hey, you,get off of my cloud:exploring information leakage in third-party compute clouds//Proceedings of the 16th ACM Conference on Computer and Communications Security.ACM,2009:199-212.
[8] APECECHEA G I,INCI M S,EISENBARTH T,et al.Fine grain Cross-VM Attacks on Xen and VMware are possible!.IACR Cryptology ePrint Archive,2014,2014:248.
[9] IRAZOQUI G,INCI M S,EISENBARTH T,et al.Wait a minute! A fast,Cross-VM attack on AES//International Workshop on Recent Advances in Intrusion Detection.Springer,Cham,2014:299-319.
[10] GRUSS D,MAURICE C,WAGNER K,et al.Flush+Flush:a fast and stealthy cache attack//International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment.Springer,Cham,2016:279-299.
[11] OSVIK D A,SHAMIR A,TROMER E.Cache attacks and countermeasures:the case of AES//Cryptographers’ Track at the RSA Conference.Springer,Berlin,Heidelberg,2006:1-20.
[12] GULLASCH D,BANGERTER E,KRENN S.Cache GamesBringing Access-Based Cache Attacks on AES to Practice//IEEE Symposium on Security and Privacy.2011:490-505.
[1] . Improved Data-Cache Timing Attack on Cryptography Adopting Sliding [J]. Computer Science, 2013, 40(3): 201-205.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.