基于iRAM的抗物理内存泄露攻击密码算法轻量化实现  被引量：1

作　　者：李彦初 荆继武 雷灵光[4,5] 王跃武 王平建[4,5] LI Yanchu;JING Jiwu;LEI Lingguang;WANG Yuewu;WANG Pingjian(School of Computer Science and Technology,University of Chinese Academy of Sciences,Beijing 100049;School of Cryptography,University of Chinese Academy of Science,Beijing 100049;School of Software and Microelectronics,Peking University,Beijing 100871;State Key Laboratory of Information Security,Institute of Information Engineering,CAS,Beijing 100093;School of Cyber Security,University of Chinese Academy of Science,Beijing 100049)

机构地区：[1]中国科学院大学计算机科学与技术学院,北京100049 [2]中国科学院大学密码学院,北京100049 [3]北京大学软件与微电子学院,北京100871 [4]中国科学院信息工程研究所信息安全国家重点实验室,北京100093 [5]中国科学院大学网络空间安全学院,北京100049

出　　处：《北京大学学报（自然科学版）》2022年第6期1023-1034,共12页Acta Scientiarum Naturalium Universitatis Pekinensis

基　　金：国家自然科学基金(61802398)资助。

摘　　要：提出一种基于iRAM的轻量安全密码算法实现方案,可以在不影响系统中需要iRAM辅助的正常功能情况下,实现多个密码算法的并发执行。该方案将密码算法实现中的敏感数据限制在单个可加载段中,同时分离该段中的非敏感数据,并通过修改可信应用的加载方式、仅将包含敏感数据的段分配到iRAM空间等方法,尽量减少密码运算对iRAM的占用。在真实设备上实现国内外具有代表性的一系列密码算法,实验结果表明,所有算法的性能开销均小于4.3%,iRAM使用量皆少于4.5 KB,比现有方案节省78%以上,能够支持方案在所有主流平台上部署。An iRAM-based light-weight secure cryptographic algorithm implementation scheme is proposed,which can execute multiple cryptographic algorithms concurrently without affecting the iRAM-assisted functions of the system.The scheme restricts the sensitive data in the cryptographic algorithm implementation to a single loadable segment,separates the non-sensitive data from this segment,and modifies the loading procedure of the trusted applications to allocate only the segment containing sensitive data to the iRAM space.It can minimize the occupation of iRAM by cryptographic operations.A series of representative cryptographic algorithms are implemented on the real device.The experimental results show that the performance overhead of all cryptographic algorithms is less than 4.3%,and each algorithm’s demand for iRAM is less than 4.5 KB,saving more than 78%compared with existing schemes,which supports the deployment of the scheme on all mainstream platforms.

关 键 词：密码算法 TRUSTZONE IRAM 物理内存泄露攻击 

分 类 号：TN918.4[电子电信—通信与信息系统]