摘要
Flush+Reload攻击是以Cache结构构建隐蔽信道,在加密算法执行路径上进行指令攻击,针对OpenSSL0.9.8.b中AES加密代码实现,分析了其加密实现的薄弱点在于一次加密只使用一次Te4表,提出了一种针对AES最后一轮加密实施Flush+Reload攻击的方法;实验结果表明:当收集280×103的AES加密密文和计时数据后,通过表项值与密文值的异或运算,找到最多的共有解可得到最后一轮加密的密钥值,并结合4个Te表值恢复全部的轮密钥。
Flush+Reload attacks build a hidden channel using the Cache structure,and hasinstruction attack on the execution path of encryption algorithm.We analyzed security of AES encryption source code of OpenSSL0.9.8b in view of cache time attack to find its weakness.The weak point of encryption implementation is that the encryption only uses Te4 table once,and then proposes a method of“Flush+Reload”attack against the last round of AES encryption.Experiments show,when collects 280×103 ciphertext and timing data,with the xor entry of table value with ciphertext value,we find the most same solution,and it’s the secret key value of last round of encryption,then all rounds secret keys can be recovered by 4 Te table values and last round key values.
作者
陆垚
陈开颜
王寅龙
LU Yao;CHEN Kaiyan;WANG Yinlong(Simulation Center of Army Engineering University, Shijiazhuang 050000, China)
出处
《兵器装备工程学报》
CAS
北大核心
2020年第6期149-154,共6页
Journal of Ordnance Equipment Engineering
基金
国家自然科学基金项目(57377170,61602505,61271152)。
