计算机科学 ›› 2020, Vol. 47 ›› Issue (6A): 375-380.doi: 10.11896/JsJkx.190900157
陆垚, 陈开颜, 王寅龙, 尚倩伊
LU Yao, CHEN Kai-yan, WANG Yin-long and SHANG Qian-yi
摘要: 文中对Cache最新的攻击方法进行了研究,在配置Intel i5-4590四核心、3.3GHz CPU处理器的机器上,对Linux系统虚拟环境下Bouncy Castle JDK1.0库中的AES快速加密法—AESFastEngine.Java进行flush+flush计时攻击。在加密进程持续执行时,使用flush+flush方法遍历共享主存地址来检测活动地址集(S盒地址),然后找到S盒偏移位,对S盒偏移位中的表项进行监控,从密文数据中筛选对应flush+flush时间较短的密文值,再利用S盒中的表项值恢复最后一轮密钥值,即通过确定监测S盒中固定范围的表项的使用情况来恢复最后一轮加密使用的密钥值,这种方法需要大量的已知密文,并且能够精确地计算出S盒的偏移和最后一轮的密钥值。
中图分类号:
[1] VISCAROLA P,MASON W.实用技术Windows NT 和Windows 2000设备驱动及开发.北京:电子工业出版社,2000. [2] ART B,JERRY L.Windows 2000 设备驱动程序设计指南.施诺,译.北京:机械工业出版社,2001. [3] 刘鸿雁,袁平,吴恒柏.RiJndael 算法实现方案的设计策略研究.计算机工程与设计,2008(23):38-41. [4] The Legion of the Bouncy Castle.JDK 1.0-lcrypto-Jdk10-133.zip \src\org\bouncycastle\crypto\engines \ AESFastEngine.Java.http://www.bouncycastle.org /latest_releases.html. [5] YAROM Y,FALKNER K.FLUSH+RELOAD:a high resolution,low noise,L3 cache side-channel attack//23rd {USENIX} Security Symposium ({USENIX} Security 14).2014:719-732. [6] ZHANG Y,JUELS A,REITER M K,et al.Cross-VM side channels and their use to extract private keys//Proceedings of the 2012 ACM Conference on Computer and Communications Security.ACM,2012:305-316. [7] RISTENPART T,TROMER E,SHACHAM H,et al.Hey, you,get off of my cloud:exploring information leakage in third-party compute clouds//Proceedings of the 16th ACM Conference on Computer and Communications Security.ACM,2009:199-212. [8] APECECHEA G I,INCI M S,EISENBARTH T,et al.Fine grain Cross-VM Attacks on Xen and VMware are possible!.IACR Cryptology ePrint Archive,2014,2014:248. [9] IRAZOQUI G,INCI M S,EISENBARTH T,et al.Wait a minute! A fast,Cross-VM attack on AES//International Workshop on Recent Advances in Intrusion Detection.Springer,Cham,2014:299-319. [10] GRUSS D,MAURICE C,WAGNER K,et al.Flush+Flush:a fast and stealthy cache attack//International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment.Springer,Cham,2016:279-299. [11] OSVIK D A,SHAMIR A,TROMER E.Cache attacks and countermeasures:the case of AES//Cryptographers’ Track at the RSA Conference.Springer,Berlin,Heidelberg,2006:1-20. [12] GULLASCH D,BANGERTER E,KRENN S.Cache GamesBringing Access-Based Cache Attacks on AES to Practice//IEEE Symposium on Security and Privacy.2011:490-505. |
[1] | 周平,寇应展,王韬,赵新杰,刘会英. 一种改进的针对滑动窗口模幂运算实现的密码数据Cache计时攻击 Improved Data-Cache Timing Attack on Cryptography Adopting Sliding 计算机科学, 2013, 40(3): 201-205. |
|