摘要： 基于时间的缓存攻击是指通过分析处理器中算法的不同执行时间来恢复密钥的攻击。该文分析针对AES的时间驱动缓存攻击，给出一种改进的攻击，它可以应用于大多数的AES实现软件。在PentiumⅢ, OpenSSL v.0.9.8.(a)和Miracl环境下的实验发现，只需要224个时间信息就可以恢复出密钥，少于原攻击的228个时间信息数据。给出抵抗这种攻击的对策。

关键词: 边信道, AES算法, S盒, 缓存攻击, 缓存未命中

Abstract: Time-based cache attacks analyzes the time difference in the execution of algorithm over a processor, and recovers the secret key. This paper investigates such an attack on AES. A modified version of this attack is shown. It can be applied in most AES software, and implemented against OpenSSL v.0.9.8(a) and Miracl running on PentiumⅢ. The attack is shown under optimal conditions to recover a full 128-bit AES key with 224 timing samples, less than 228 of the previously attack. It gives several countermeasures of such attack.

Key words: side channel, AES algorithm, S-boxes, cache attack, cache-miss

中图分类号: 

• TP309