摘要： AES加密快速实现中利用了查表操作，查表的索引值会影响Cache命中率和加密时间，而查表的索引值和密钥存在密切关系。通过分析AES最后一轮加密过程中查表索引值与密文和最后一轮子密钥的关系，以及它们对Cache命中与否和加密时间长短的影响，提出一种利用Cache hit信息作为旁路信息对AES进行旁路攻击的技术，在Intel Celeron 1.99 GHz和Pentium4 3.6 GHz CPU的环境中，分别在221和225个随机明文样本的条件下，在5 min内恢复了OpenSSL v.0.9.8(a)库中AES的128 bit密钥，并介绍防御这种攻击途径的手段。

关键词: 旁路攻击, Cache 命中, AES算法

Abstract: The AES software implementes in the way of looking up tables, while the indices affect the Cache hit and miss, and then the time of the AES encryption, however, the indices have a close connection with the secret key. After analyzing the relationship between the indices, and the ciphertext, and final round sub key in the AES final round encryption, it proposes a novel attack against AES by using the Cache hit information, and validates its feasibility with experiments on Intel Celeron 1.99 GHz and Pentium4 3.6 GHz CPU, recovers the 128 bit AES key in 221 and 225 random plaintexts in 5 min separately, and introduces several countermeasures for protecting the AES.

Key words: Side Channel Attacks(SCA), Cache hit, AES

中图分类号: 

• TN918