基于Pearson相关系数的Cache计时模板攻击方法
|
摘要
针对Cache计时模板攻击所采集数据噪声较多的问题,提出一种利用访问地址Cache命中率建立计时模板的方法,并根据Pearson相关系数对输入值进行判断。通过Flush+Reload攻击方法对计算机的键盘输入进行攻击,获取每个地址的Cache命中率,将Cache命中率高的地址转换为模板矩阵,利用该模板矩阵计算Pearson相关系数并根据系数大小判断输入值。实验结果表明,与均方误差法相比,该方法能够提高对输入值的判断准确率。
Aiming at the problem that the data collected by Cache timing template attack is noisy,a method of establishing timing template by using the Cache hit rate of access address is proposed,and the input value is judged by Pearson correlation coefficient.The Flush+Reload attack method is used to attack the computer keyboard input.The Cache hit rate of each address is obtained and the address with high Cache hit rate is converted into a template matrix,which is used to calculate the Pearson correlation coefficient,and then the input value is judged according to the size of the coefficient.Experimental results show that this method can improve the accuracy of judging input values compared with the mean square error method.
Aiming at the problem that the data collected by Cache timing template attack is noisy,a method of establishing timing template by using the Cache hit rate of access address is proposed,and the input value is judged by Pearson correlation coefficient.The Flush+Reload attack method is used to attack the computer keyboard input.The Cache hit rate of each address is obtained and the address with high Cache hit rate is converted into a template matrix,which is used to calculate the Pearson correlation coefficient,and then the input value is judged according to the size of the coefficient.Experimental results show that this method can improve the accuracy of judging input values compared with the mean square error method.
引文
[1] SCHINDLER W.Cache based remote timing attack on the AES[C]//Proceedings of the 7th Cryptographers’Track at the RSA Conference on Topics in Cryptology.Berlin,Germany:Springer,2007:271-286.
[2] GULMEZOGLU B,INCI M,IRAZOKI G,et al.Cross-VM cache attacks on AES[J].IEEE Transactions on Multi-scale Computing Systems,2017,2(3):211-222.
[3] LIPP M,GRUSS D,SPREITZER R,et al.ARMageddon:last-level Cache attacks on mobile devices[J].Mundo Electrónico,2015,6(1):60-65.
[4] 陈财森,王韬,郭世泽,等.针对RSA算法的踪迹驱动数据Cache计时攻击研究[J].计算机学报,2014,37(5):1039-1051.
[5] KIZHVATOV I,TUNSTALL M.Improved trace-driven Cache-collision attacks against embedded AES imple-mentations[C]//Proceedings of International Conference on Information Security Applications.Berlin,Germany:Springer,2010:243-257.
[6] 赵新杰,王韬,郭世泽,等.AES访问驱动Cache计时攻击[J].软件学报,2011,22(3):572-591.
[7] OSVIK D A,SHAMIR A,TROMER E.Cache attacks and countermeasures:the case of AES[C]//Proceedings of CT-RSA’06.Berlin,Germany:Springer,2006:1-20.
[8] GULLASCH D,BANGERTER E,KRENN S.Cache games-bringing access-based Cache attacks on AES to practice[C]//Proceedings of 2011 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2011:490-505.
[9] IRAZOQUI G,INCI M S,EISENBARTH T,et al.Wait a minute!a fast,Cross-VM attack on AES[M]//STOLFO S J,STAVROU A,WRIGHT C V.Research in attacks,intrusions and defenses.Berlin,Germany:Springer,2014.
[10] ZHOU Ping,WANG Tao,LOU Xiaoxuan,et al.Efficient Flush-Reload Cache attack on scalar multi-plication based signature algorithm[J].Science China(Information Sciences),2018,61(3):039102.
[11] GRUSS D,SPREITZER R,MANGARD S.Cache template attacks:automating attacks on inclusive last-level Caches[C]//Proceedings of Usenix Conference on Security Symposium.San Diego,USA:USENIX Association,2015:897-912.
[12] GRUSS D,MAURICE C,WAGNER K.Flush+Flush:a stealthier last-level Cache attack[EB/OL].[2018-03-20].https://arxiv.org/pdf/1511.04594.pdf.
[13] LIPP M,SCHWARZ M,GRUSS D,et al.Meltdown:reading kernel memory from user space[EB/OL].[2018-03-20].https://meltdownattack.com/meltdown.pdf.
[14] KOCHER P,GENKIN D,GRUSS D,et al.Spectre attacks:exploiting speculative execution[EB/OL].[2018-03-20].https://arxiv.org/pdf/1801.01203.pdf.
[15] LIU Fangfei,YAROM Y,GE Qian,et al.Last-level Cache side-channel attacks are practical[EB/OL].[2018-03-20].http://palms.ee.princeton.edu/system/files/SP_vfinal.pdf.
[16] 程志炜,陈财森,邱雪欢.基于Flush+Reload的DES算法Cache计时攻击[J].计算机工程,2018,44(12):169-173.
[2] GULMEZOGLU B,INCI M,IRAZOKI G,et al.Cross-VM cache attacks on AES[J].IEEE Transactions on Multi-scale Computing Systems,2017,2(3):211-222.
[3] LIPP M,GRUSS D,SPREITZER R,et al.ARMageddon:last-level Cache attacks on mobile devices[J].Mundo Electrónico,2015,6(1):60-65.
[4] 陈财森,王韬,郭世泽,等.针对RSA算法的踪迹驱动数据Cache计时攻击研究[J].计算机学报,2014,37(5):1039-1051.
[5] KIZHVATOV I,TUNSTALL M.Improved trace-driven Cache-collision attacks against embedded AES imple-mentations[C]//Proceedings of International Conference on Information Security Applications.Berlin,Germany:Springer,2010:243-257.
[6] 赵新杰,王韬,郭世泽,等.AES访问驱动Cache计时攻击[J].软件学报,2011,22(3):572-591.
[7] OSVIK D A,SHAMIR A,TROMER E.Cache attacks and countermeasures:the case of AES[C]//Proceedings of CT-RSA’06.Berlin,Germany:Springer,2006:1-20.
[8] GULLASCH D,BANGERTER E,KRENN S.Cache games-bringing access-based Cache attacks on AES to practice[C]//Proceedings of 2011 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2011:490-505.
[9] IRAZOQUI G,INCI M S,EISENBARTH T,et al.Wait a minute!a fast,Cross-VM attack on AES[M]//STOLFO S J,STAVROU A,WRIGHT C V.Research in attacks,intrusions and defenses.Berlin,Germany:Springer,2014.
[10] ZHOU Ping,WANG Tao,LOU Xiaoxuan,et al.Efficient Flush-Reload Cache attack on scalar multi-plication based signature algorithm[J].Science China(Information Sciences),2018,61(3):039102.
[11] GRUSS D,SPREITZER R,MANGARD S.Cache template attacks:automating attacks on inclusive last-level Caches[C]//Proceedings of Usenix Conference on Security Symposium.San Diego,USA:USENIX Association,2015:897-912.
[12] GRUSS D,MAURICE C,WAGNER K.Flush+Flush:a stealthier last-level Cache attack[EB/OL].[2018-03-20].https://arxiv.org/pdf/1511.04594.pdf.
[13] LIPP M,SCHWARZ M,GRUSS D,et al.Meltdown:reading kernel memory from user space[EB/OL].[2018-03-20].https://meltdownattack.com/meltdown.pdf.
[14] KOCHER P,GENKIN D,GRUSS D,et al.Spectre attacks:exploiting speculative execution[EB/OL].[2018-03-20].https://arxiv.org/pdf/1801.01203.pdf.
[15] LIU Fangfei,YAROM Y,GE Qian,et al.Last-level Cache side-channel attacks are practical[EB/OL].[2018-03-20].http://palms.ee.princeton.edu/system/files/SP_vfinal.pdf.
[16] 程志炜,陈财森,邱雪欢.基于Flush+Reload的DES算法Cache计时攻击[J].计算机工程,2018,44(12):169-173.