Firstly, this paper displays an access driven Cache timing attack model, proposes non-elimination and elimination two general methods to analyze Cache information leakage during AES encryption, and builds the Cache information leakage model. Next, it uses quantitative analysis to attack a sample with the above elimination analysis method, and provides some solutions for the potential problems of a real attack. Finally, this paper describes 12 local and remote attacks on AES in OpenSSL v.0.9.Sa, v.0.9.Sj. Experiment results demonstrate that:the access driven Cache timing attack has strong applicability in both local and remote environments; the AES lookup table and Cache structure decide that AES is vulnerable to this type of attack, the least sample size required to recover a full AES key is about 13; the last round A.ES implementation in OpenSSL v.0.9.Sj, which abandoned the T4 lookup table, cannot secure itself from the access driven Cache timing attack; the attack results strongly verify the correctness of the quantitative Cache information leakage theory and key analysis methods above.%首先给出了访问驱动Cache计时攻击的模型,提出了该模型下直接分析、排除分析两种通用的AES加密泄漏Cache信息分析方法;然后建立了AES加密Cache信息泄露模型,并在此基础上对排除分析攻击所需样本量进行了定量分析,给出了攻击中可能遇到问题的解决方案;最后结合OpenSSL v.0.9.8a,v.0.9.8j中两种典型的AES实现在Windows环境下进行了本地和远程攻击共12个实验.实验结果表明,访问驱动Cache计时攻击在本地和远程均具有良好的可行性;AES查找表和Cache结构本身决定了AES易遭受访问驱动Cache计时攻击威胁,攻击最小样本量仅为13;去除T4表的OpenSSL v.0.9.8j中AES最后一轮实现并不能防御该攻击;实验结果多次验证了AES加密Cache信息泄露和密钥分析理论的正确性.
展开▼
