Detection Of Cache Side Channel Attack Based On Performance Counter

The security of the cryptography system depends not only on the mathematical security of the cryptographic algoritlhm itself,but also on the physical security of the cryptography system.Cache side channel attack is an attack method for the specific implementation of the cryptographic system.From the actual attack effect,Cache side channel attack is far stronger than the traditional crypt-analysis.Cache side channel attack has the advantages of short attack time,high attack efficiency,easy to implement and difficult to detect,which has been proved to be a real threat to the implementation of cryptographic algorithm.At present,the research of Cache side channel attack pays more attention to the implementation and defense of attack.However,the research on Cache side channel attack detection has just been paid much attention in recent two years,and the research results are relatively few.Designing and implementing a real-time Cache side channel attack detection system can detect and handle attacks before the attack is over,and it is very important to protect the sensitive information of the operating system.The paper researches the characteristics and detection of Cache side channel attack.The main contents and innovations are as follows:First,analyze the implementation of different types of Cache side channel attack,and three characteristic indexes of Cache side channel attack are proposed according to the access process to Cache and TLB table when CPU accesses to data.Three characteristic indexes of Cache side channel attack proposed by this paper are:Cache miss rate,dTLB miss rate and page fault.Second,the Linux operating system-level performance profiling tool-Performance Counter is used for program characteristic data acquisition.The algorithm based on Performance Counter is designed and achieved to collect the characteristic data of the program.The characteristic data of different types of Cache side channel attack and non-Cache side channel attack has been collected in this paper.By comparing the eigenvalues of the two groups of programs,the characteristic indexes of Cache side channel attack are determined.Third,the Performance Counter is used in the Cache side channel attack detection.A characteristics-based Cache side channel attack detection scheme is designed using Performance Counter,and the detection of Cache side channel attack is implemented under the Linux operating system.Attack detection system can scan the Linux operating system in real time,respond to Cache side channel attacks quickly,issue a system warning and handle attacks.Fourth,analyze the influence of the threshold selection of the characteristic indexes on the detection rate of the attack detection system,and analyze the performance of the Cache side channel attack detection system.Experimental results show that the attack detection system occupies a very small amount of system resources,and can quickly respond to Cache side channel attack and handle attack without affecting the operating system performance.