【作者】 李波； 胡予濮； 钟名富；

【Author】 Li Bo Hu Yupu Zhong Mingfu Key Laboratory of Computer Networks & Information Security of Ministry of Education,Xidian University,Xian,710071

【机构】 西安电子科技大学计算机网络与信息安全教育部重点实验室；

【摘要】 高级密码加密标准(AES),可以抵抗诸如差分、线性等传统攻击。在实现 AES 的大多数软件中都不约而同地使用了 S 盒真值表,现实中在有限的 CPU 缓存中使用这些真值表时会泄漏时间信息。时间驱动的缓存攻击是指通过分析处理器中算法执行时间的不同来恢复密钥的攻击。本文分析了针对 AES 的时间驱动缓存攻击,并给出了一种攻击的改进版本,最后分析了缓存攻击的优点及抵抗这种攻击的对策。更多还原

【Abstract】 The Advanced Encryption Standard(AES)has been designed to have very strong resistance against the classical approximation attacks,such as linear cryptanalysis,differential cryptanalysis etc。Typically software implementations of AES involve manipulation of large arrays acting as S-boxes。The use of these large arrays along with the limited cache has been proven to leak timing information。Tune-driven cache-based attacks analyze the time difference in the execution of algorithm over a processor,and recovery the secret key。This paper introduces the concept and the principle of time-driven cache-based attacks and investigates such an attack on AES.A modified version of this attack is also shown in this paper。Finally,we describe the advance and several countermeasures of such attack。更多还原