计算机工程 ›› 2018, Vol. 44 ›› Issue (12): 163-167.doi: 10.19678/j.issn.1000-3428.0049471

• 安全技术 • 上一篇    下一篇

基于Flush+Reload的DES算法Cache计时攻击

程志炜a,陈财森b,邱雪欢a   

  1. 陆军装甲兵学院 a.信息工程系; b.科研学术处,北京 100072
  • 收稿日期:2017-11-28 出版日期:2018-12-15 发布日期:2018-12-15
  • 作者简介:程志炜(1993—),男,硕士研究生,主研方向为信息安全;陈财森,讲师、博士;邱雪欢,硕士研究生
  • 基金项目:

    国家自然科学基金(61402528)

Cache Timing Attack on DES Algorithm Based on Flush+Reload

CHENG Zhiwei a,CHEN Caisen b,QIU Xuehuan a   

  1. a.Department of Information Engineering;b.Department of Academic Research, Academy of Army Armored Force,Beijing 100072,China
  • Received:2017-11-28 Online:2018-12-15 Published:2018-12-15

摘要:

在数据加密标准(DES)算法上使用Flush+Reload方法的Cache计时攻击,存在难以确定S盒元素行偏移位的问题。为此,利用S盒在Cache中会发生不对齐分布的特征,提出一种偏移位确定方法。采用clflush指令刷新Cache地址行,以驱逐Cache中DES算法的S盒信息,确定S盒元素的位置信息。利用密码算法在查询S盒时泄露的Cache计时信息获取明文与密钥异或后的中间态值,并通过该值和已知明文的相关性恢复密钥。实验结果表明,该方法能够有效确定S盒元素的行偏移位,提高针对DES算法Cache计时攻击的效率。

关键词: 数据加密标准算法, Flush+Reload攻击, Cache计时攻击, S盒, 行偏移

Abstract:

Aiming at the problem that it is difficult to determine the row offset of the S-box elements for the Cache timing attack using the Flush+Reload method on Data Encryption Standard(DES) algorithm,a method is proposed to determine the row offset by using the property that S-box will be misaligned in the Cache.To evict S-box information of the DES algorithm from the Cache,the attack uses the clflush instruction to flush cache line.When the DES algorithm queries the S-box,it leaks the information of Cache timing.The intermediate state value which equals the plaintext and key XOR is recovered by utilizing this leaked information.Utilizing the value and the known plaintext,the key of DES is recovered.Experimental results show that this method can determine the row offset of S-box elements and improve the efficiency of Cache timing attack against DES algorithm.

Key words: Data Encryption Standard(DES) algorithm, Flush+Reload attack, Cache timing attack, S-box, row offset

中图分类号: