Research On Memory System-based Efficient Side Channel Attacks On Cryptographic Algorithms

Memory system-based side channel attack makes use of the information leaked from the access to memory resources(Cache,Memory)during the execution of the cryptographic algorithm program to crack the secret key.This kind of attack does not require additional tools to monitor the target system during execution,and it can perform cross-platform,cross-CPU core,cross-VM,and even cross-authority remote attacks,which is highly stealthy,easily implemented,and strongly threatening.In recent years,researches on such side channel attacks grow vigorously.However,the current researches on memory system-based side channel attack have significant challenges in both theoretical and practical implementations.For example,(1)Controlledchannel attacks have major limitations in analysis complexity,lack of side channel information and stealthiness of attacks.The currently proposed methods all require attackers to accurately analyze the target program binary in advance,and carefully design page fault sequence to decrypt sensitive information after determining the control flow pattern,which greatly increases the analysis complexity.(2)Cache side channel attacks have different limitations for different types of attacks,where outcome-based attacks collect coarse-grained side channel leakage with a lot of interfering information,making the analysis extremely complicated;runtime-based attacks suffer from harsh limitations,which are difficult to implement on conventional computers with fast processing speed of cryptographic algorithm programs.In this thesis,we propose an automated controlled-channel attack and an effective framework for cache side channel analysis on Feistel ciphers,which break through the limitations of practical attack scenarios.The automated controlled-channel attack greatly reduces the analysis complexity,as well as has improved algorithm universality and attack stealthiness;the efficient framework combines the advantages of different types of Cache side channel attacks,filters out the interfering information from the collected coarse-grained side channel leakage,and reduces the analysis complexity as much as possible to analyze the cracked keys.In addition,we study the automated detection method for controlled-channel vulnerability,and extend the analysis to scenarios of Cache side channel attacks,including cross-process and cross-VM attack models.The experimental results show that for some algorithm implementations of cryptographic libraries,our proposed automated controlled-channel attack can deduce more than 99% of the secret bits.Compared to previous work,our attack has lower analysis complexity,better algorithm universality and attack stealthiness.Our proposed efficient framework for Cache side channel analysis successfully cracks the secret key of SM4 with 100% success rate and very short attack time.