Template Attack of AES Algorithm Based on Euclidean Distance

doi:10.3778/j.issn.1002-8331.2104-0066

Abstract

Abstract: Aiming at the problem that the Flush+Reload attack model will trigger a large number of cache failures when attacking the AES algorithm and is easily detected by the hardware counter, a template attack method of utilizing the Flush+Flush attack model based on Euclidean distance is proposed to reduce the number of cache failures. This model can make the attack more covert. Firstly, it exploits Flush+Flush attack model to obtain mapped location of AES algorithm in memory. Then the template for each key is established by using the known clear-text attack which will trigger password process continuously. Finally, it utilizes the Flush+Flush attack model to obtain the Cache timing information under real conditions and predict the key by calculating the Euclidean distance between the timing information and each key template. Through experimental verification, with taking the AES algorithm fast implementation in openSSL algorithm library as the object of attack, the attack model can accurately obtain the AES algorithm key. Compared with the Flush+Reload attack model, the number of Cache failures triggered by the Flush+Flush attack model is only 17% of the Flush+Reload attack model.

Key words: Flush+Flush attack model, template attack, AES algorithm, Cache, Euclidean distance

摘要： 针对AES算法Cache计时模板攻击时会触发大量的Cache失效，容易被硬件计数器检测出来的问题，基于Flush+Flush攻击模型，提出一种基于欧氏距离的AES算法模板攻击方法，以减少触发Cache失效的次数，使攻击更加隐蔽。使用Flush+Flush攻击模型获取AES算法在内存中映射的位置；利用已知明文攻击不断地触发密码进程，通过该模型建立每一个密钥的模板；利用Flush+Flush攻击模型获取真实情况下的Cache计时信息，通过计算计时信息与每一个密钥模板之间的欧式距离推算密钥。通过实验验证，以OpenSSL库中的AES算法快速实现为攻击对象，攻击模型能准确地获取AES算法密钥，并与Flush+Reload攻击模型相比较，触发的Cache失效次数仅为Flush+Reload攻击模型的17%。

关键词: Flush+Flush攻击模型, 模板攻击, AES算法, Cache, 欧氏距离

LI Zhiming, TANG Yongzhong. Template Attack of AES Algorithm Based on Euclidean Distance[J]. Computer Engineering and Applications, 2022, 58(2): 110-115.

李志明, 唐永中. 基于欧式距离的AES算法模板攻击[J]. 计算机工程与应用, 2022, 58(2): 110-115.

References

[1] LIPP M，SCHWARZ M，GRUSS D，et al.Meltdown[EB/OL].[2021-04-05].https：//meltdownattack.com/meltdown.pdf.
[2] KOCHER P，HORN J，FOGH A，et al.Spectre attacks：exploiting speculative execution[J].Communications of the ACM，2020，63（7）：93-101.
[3] SCHWARZL M，SCHUSTER T，SCHWARZ M，et al.Speculative dereferencing of registers：reviving foreshadow[J].arXiv：2008.02307，2020.
[4] YAROM Y，FALKNER K.FLUSH+RELOAD：a high resolution，low noise，L3 cache side-channel attack[C]//Proceedings of USENIX Security Symposium，2014：719-732.
[5] MARTIN D P，O’CONNELL J F，OSWALD E，et al.Counting keys in parallel after a side channel attack[C]//Proceedings of Advances in Cryptology，2015：313-337.
[6] 崔国华，唐国富，洪帆.AES算法的实现研究[J].计算机应用研究，2004，21（8）：99-101.
CUI G H，TANG G F，HONG F.Research of AES’s implementation technique[J].Application Research of Computers，2004，21（8）：99-101.
[7] CHEN C S，WANG T，KOU Y Z，et al.Improvement of trace-driven I-Cache timing attack on the RSA algorithm[J].The Journal of Systems and Software，2013，86（1）：100-107.
[8] MOGHIMI A，IRAZOQUI G，EISENBARTH T.CacheZoom：how SGX amplifies the power of cache attacks[C]//Proceeding of Cryptographic Hardware and Embedded Systems，2017：69-90.
[9] SCHWARZ M，CANELLA C，GINER L，et al.Store-to-leak forwarding：leaking data on meltdown-resistant CPUs[J].arXiv：1905.05725，2019.
[10] SCHWARZ M，LIPP M，MOGHIMI D，et al.ZombieLoad：cross-privilege-boundary data sampling[C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security，2019：753-768.
[11] 樊昊鹏，袁庆军，王向宇，等.针对AES-128算法的密钥优势模板攻击[J].电子学报，2020，48（10）：2003-2008.
FAN H P，YUAN Q J，WANG X Y，et al.Key advantage template attack against AES-128 algorithm[J].Acta Electronica Sinica，2020，48（10）：2003-2008.
[12] LUO Y L.Cryptanalysis of a chaotic block cryptographic system against template attacks[J].International Journal of Bifurcation and Chaos，2020，30（15）：205-223.
[13] STALLINGS W，彭蔓蔓，吴强.计算机组成与体系结构性能设计[M].北京：机械工业出版社，2011.
STALLINGS W，PENG M M，WU Q.Computer composition and architecture performance design[M].Beijing：China Machine Press，2011.
[14] CHRISTOF P，JAN P.深入浅出密码学[M].马小婷，译.北京：清华大学出版社，2012.
CHRISTOF P，JAN P.Introducing cryptography in simple language[M].Beijing：Tsinghua University Press，2012.
[15] 道格拉斯.密码学原理与实践[M].冯登国，译.北京：电子工业出版社，2016.
DOUGLAS R S.Principles and practice of cryptography[M].Beijing：Publishing House of Electronics Industry，2016.
[16] 赵新杰，王韬，郭世泽，等.AES访问驱动Cache计时攻击[J].软件学报，2011，22（3）：572-591.
ZHAO X J，WANG T，GUO S Z，et al.Access driven Cache timing attack against AES[J].Journal of Software，2011，22（3）：572-591.
[17] APECECHEA G I，INCI M S，EISENBARTH T，et al.Fine grain cross-VM attacks on Xen and VMware[C]//Proceedings of IEEE Fourth International Conference on Big Data and Cloud Computing，2014：737-744.