Analysis on the Parameter Selection Method for FLUSH+RELOAD Based Cache Timing Attack on RSA  被引量：2

作　　者：ZHOU Ping WANG Tao LI Guang ZHANG Fan ZHAO Xinjie 

机构地区：[1]Department of Information Engineering,Ordnance Engineering College [2]The Institute of North Electronic Equipment [3]Department of Information Science & Electrical Engineering,Zhejiang University

出　　处：《China Communications》2015年第6期33-45,共13页中国通信（英文版）

基　　金：supported by National Natural Science Foundation of China (No.61472357,No.61309021,No.61272491, No.61173191);the Major State Basic Research Development Program(973 Plan) of China under the grant 2013CB338004

摘　　要：FLUSH+RELOAD attack is recently proposed as a new type of Cache timing attacks.There are three essential factors in this attack,which are monitored instructions.threshold and waiting interval.However,existing literature seldom exploit how and why they could affect the system.This paper aims to study the impacts of these three parameters,and the method of how to choose optimal values.The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed.How to select the optimal threshold based on Bayesian binary signal detection principal is also proposed.Meanwhile,the time sequence model of monitoring is constructed and the calculation of the optimal waiting interval is specified.Extensive experiments are conducted on RSA implemented with binary square-and-multiply algorithm.The results show that the average success rate of full RSA key recovery is89.67%.FLUSH＋RELOAD attack is recent- ly proposed as a new type of Cache timing attacks. There are three essential factors in this attack, which are monitored instructions, threshold and waiting interval. However, ex- isting literature seldom exploit how and why they could affect the system. This paper aims to study the impacts of these three parameters, and the method of how to choose optimal values. The complete rules for choosing the monitored instructions based on necessary and sufficient condition are proposed. How to select the optimal threshold based on Bayesian binary signal detection principal is also pro- posed. Meanwhile, the time sequence model of monitoring is constructed and the calculation of the optimal waiting interval is specified. Extensive experiments are conducted on RSA implemented with binary square-and-multiply algorithm. The results show that the aver- age success rate of full RSA key recovery is 89.67%.

关 键 词：side channel attack Cache timingattack RSA square-multiply algorithm expo-nentiation 

分 类 号：TN918.4[电子电信—通信与信息系统]