Cache计时攻击是旁路攻击领域的研究热点.针对滑动窗口算法实现模幂运算的RSA算法,分析了RSA算法访问驱动Cache计时攻击的难点,建立了踪迹驱动数据Cache计时攻击模型.在攻击模型与原有踪迹驱动计时攻击算法的基础上,利用幂指数与操作序列的相关性、窗口大小特征和预计算表索引值与窗口值的映射关系,提出了一种改进的幂指数分析算法,并给出了利用幂指数犱狆和犱狇的部分离散位恢复出私钥犱的格攻击过程.利用处理器的同步多线程能力实现了间谍进程与密码进程的同步执行,针对OpenSSLv0.9.8b中的RSA算法,在真实环境下执行攻击实验.实验结果表明:新的分析算法大约能够获取512位幂指数中的340位,比原有算法进一步降低了密钥恢复的复杂度;同时对实际攻击中的关键技术以及可能遇到的困难进行分析,给出相应的解决方案,进一步提高了攻击的可行性.%Cache timing attack is one of research fields of side channel attack.Against the RSA algorithm which uses the sliding window algorithm for modular exponentiation,this paper analyzesthe difficulty of access driven Cache timing attack,and builds a trace-driven Data Cache timingattack model.Based on the trace driven attack model and the previous trace driven timing attackalgorithm,we propose a new analysis algorithm of the power exponent,by analyzing the correla-tivity between the power exponent bits and the operation sequence,using the characteristic of thewindow size and the correspondence relationship between the of the precomputed table indexesand the window values.We further advance a lattice reduction method which can get the wholeprivate key d using partial discrete known bits of dp and dq.Finally,we implement the spyprocess and cipher process run in parallel using a simultaneous multithreading processor,andrealize the Cache timing attack against the RSA algorithm of Open SSL v0.9.8b under the practical environment.The experiment results show that:the proposed analysis algorithm can obtainapproximately 340bits out of each 512-bit exponent,further reduce the search space of the bits of the private key than the former.We also analyze the key techniques and the potential difficulty during the practical attack,and provide the corresponding solutions,to further improve the feasibility of Cache timing attack.
展开▼
