CN101887397B - Improved hardware structure capable of resisting time drive cache attacks - Google Patents
Improved hardware structure capable of resisting time drive cache attacks Download PDFInfo
- Publication number
- CN101887397B CN101887397B CN2010101916483A CN201010191648A CN101887397B CN 101887397 B CN101887397 B CN 101887397B CN 2010101916483 A CN2010101916483 A CN 2010101916483A CN 201010191648 A CN201010191648 A CN 201010191648A CN 101887397 B CN101887397 B CN 101887397B
- Authority
- CN
- China
- Prior art keywords
- cache
- module
- disappearance
- data
- output
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention belongs to the technical field of information safety and relates to an improved hardware structure capable of resisting time drive cache attacks. The improved hardware structure maintains a raw data cache structure of a processor and is only provided with a plurality of parts, which comprise a cache missing data real-time detection module, a data pre-fetching module, a multi-route selector, an induced pseudo miss-rate generation module and two AND gate and arbitration modules, on the periphery of the raw data cache structure of the processor, so that the improved hardware structure can resist the time drive cache attacks aiming at advanced encryption standard (AES). The improved cache scheme provided by the invention is implemented based on an MIPS 4kc processor and a field programmable gate array (FPGA) test proves that the improved hardware structure can effectively resist all kinds of time drive cache attacks. In the scheme, hardware consumption is low, and the operating performance loss of the AES standard encryption and decryption algorithm does not reach 10 percent.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to hardware defense schemes and modular design that the anti-time drive cache of a kind of energy is attacked.
Background technology
(Advanced Encryption Standard AES) is the symmetric cryptographic algorithm a kind of commonly used that is proposed by NIST (National Institute ofStandards and Technology) to advanced cryptographic algorithm.Adopt the crypto chip of this algorithm to be widely used in fields such as smart card, ecommerce, Web bank, greatly guaranteed the safety of system.But recent years, a class obtains lie information and analyzes the attack that obtains sensitive information by shared hardware resource to have attracted numerous researchers, and is referred to as the lie attack of analyzing based on the processor microarchitecture.Especially, it is practical that the multiple aes algorithm that utilizes metadata cache to attack and realize among the Openssl has been studied proof, and have multiple attack method to propose.
Timing attack (Cache Based Timing Attack based on buffer memory, CBTA) fundamentally based on the following fact: the access speed of performance of processors lifting and internal memory is inconsistent in the development of semiconductor process techniques, and processor performance is increasing faster than primary memory and performance wide gap between the two.In order to solve this contradiction, the processor architecture researcher has introduced buffer memory between processor and primary memory, the room and time locality elevator system performance in the time of can utilizing program to carry out like this.Because buffer memory capacity is limited, primary memory copying data in buffer memory can be replaced out buffer memory owing to conflict, so processor cache miss and cache hit can occur when carrying out accessing operation.Data will read from primary memory by system bus after cache miss takes place, and will be general, and this is with having tens even the speed difference of hundred times between cache hit.So there is inconsistency in time in the processor accessing operation, and this species diversity can be measured.
The software of AES is realized the look-up table that extensively adopts avoiding complicated finite field operations, thereby obtains higher travelling speed.As mentioned above, the AES table lookup operation does not have time consistency, researchs and analyses to show that this time inconsistency depends on the AES key value strongly.So the assailant can be by the anti-key value of releasing of temporal information that obtains, and this deduction can be undertaken by byte, significantly reduced assailant's cipher key search space.CBTA at AES can be divided three classes: visit drives attacks, and track driving attack and time drive attacks.Timing attack drives at first to be measured the whole AES encryption and decryption time and obtains sampled data, then by making correlation analysis with the data of assailant's conjecture.Relevant peaks can appear in correct conjecture, and the assailant can obtain key value in view of the above.The attack that the time that the present invention is directed to drives has proposed the relevant hardware scheme, and the miss rate that utilizes the IPMG technology dynamically to adjust buffer memory has shielded the time fluctuation of AES encryption and decryption inherence, thereby reaches the defence purpose.Simultaneously, IPMG belongs to cache miss rate fine setting technology, so can not introduce very big performance loss.Owing to need not to change the immanent structure of original buffer memory, realization is simple and hardware costs is little.
Summary of the invention
The objective of the invention is to propose a kind of hardware configuration that can measure the cache miss rate in real time and produce the anti-time drive cache attack of pseudo-disappearance, make the AES encryption and decryption time can not present the inconsistency that causes by the miss rate fluctuation, make by measuring the encryption and decryption time and infer that key is no longer feasible, and the performance loss that defense schemes is introduced is as far as possible little.
The hardware configuration that the anti-time drive cache that the present invention proposes is attacked, with original buffer memory overall architecture as shown in Figure 2.Former metadata cache is kept original structure and be need not to change, but some parts have been added in its periphery, comprise the real-time detection module of cache miss number, data pre-fetching module, MUX, IPMG (Induced Pseudo Miss-rate Generation, pseudo-disappearance stress generate) module, two and door and arbitration modules.Wherein:
The real-time detection module of cache miss number, it is input as cache-hit signal, is a counter, and when disappearance took place buffer memory, Counter Value just increased by one.
Data pre-fetching module 1 is seen among Fig. 2 shown in the frame of broken lines.The data working area of look ahead control module and 4 cache line size is used for depositing the data of looking ahead in this module.Look ahead and triggered by cache miss, next four cache lines of disappearance row for taking place in prefetch address.Prefetch mechanisms can root a tree name application demand open and close.
The IPMG module is a corn module of the present invention, this module mainly is input as the output of internal storage access signal and the real-time detection module of disappearance number, according to current cache miss rate, this module produces pressure disappearance signal according to the threshold value and the current miss rate of historical statistics gained.This signal is kept high level under normal conditions, can not influence the hiting signal of metadata cache and pre-fetch unit.When IPMG produced pseudo-disappearance, output dragged down and makes two to be output as lowly with door 3, has shielded the signal of pre-fetch unit and metadata cache like this.Regardless of this time visit result.Processor will receive the cache miss signal.The pre-fetch unit work that will be triggered simultaneously goes in the internal memory read access capable.When finishing when looking ahead, IPMG draws high output, will accept the signal of metadata cache and pre-fetch unit with door 3 and judge output.
Among the present invention IPMG inside modules structure as shown in Figure 3, this module be input as current disappearance number and visit sum, according to formula (1), this module generates output feedback signal.And this module averages the primary system meter in order to estimate to adjust threshold value to the history buffer miss rate, makes m as if the cache miss rate of an AES computing is remembered, and regards the scarce rate data of the buffer memory of several times AES computing as a statistic unit piece.The threshold value of current statistic unit piece AES computing is a last statistic unit piece mean value.
The statistic unit block size can be configured to 2 integer power power according to application demand, does like this to help hardware realization division arithmetic.In the counting statistics cell block, can realize arithmetic mean by shift operation during data mean value to sample.Threshold register is used for depositing in order to threshold value relatively.The judgement formula is as follows:
Because division is realized influencing system performance at hardware, so as above the formula adjustment realizes judgement with multiplicaton addition unit:
Adjust threshold value * internal storage access number-cache miss number>0 (1)
Miss rate summation in this statistic unit piece that the cache miss rate has been sued for peace register holds, when this statistic unit piece is finished, counter output saturation signal, threshold register is upgraded in the zero clearing of miss rate summation register simultaneously.
The present invention utilize hardware module measure in real time be concerned about the cache miss rate of section, by producing pseudo-disappearance, make the AES cryptographic calculation of not isolog input present the identical encryption and decryption time with threshold ratio.Do not having under this hardware defense mechanism, the miss rate of AES encryption and decryption computing is near normal distribution, if under this defense mechanism, and the basicly stable upper limit level under the unprotect pattern of the miss rate of AES computing.
According to the fusion architecture of hardware configuration of the present invention and original buffer memory, its essential characteristic is: the inner structure of (1) original buffer memory need not to change, and the hardware defense schemes that is proposed realizes at former caching peripheral.(2) original cache-hit signal logic changes, but prefetch hit and cache hit all in the mission signal effective, simultaneously this two signal can by with logic by IPMG module output shielding.
IPMG module among the present invention can the average miss rate of statistical history, and carries out the puppet disappearance according to current miss rate level and produce judgement.The generation of threshold value is based on that the statistic unit piece carries out, and promptly a blocks of data is in the past carried out statistical average.Pseudo-disappearance produces in the signal has used multiplicaton addition unit, thereby avoids having used divider.The statistic unit block size can be set by the programming personnel according to application demand.
Description of drawings
Fig. 1 has cache miss rate distribution plan under protection and the unprotect situation.
Fig. 2 safety buffer memory integrated stand composition.
Fig. 3 IPMG modular structure figure.
Fig. 4 program realizes synoptic diagram.
Correlation analysis result under Fig. 5 unprotect situation.
Fig. 6 has correlation analysis result under the protection situation.
Fig. 7 performance is histogram relatively.
Number in the figure: 1 is the data pre-fetching module, and 2 is MUX, and 3 is logical AND gate, and 4 is arbitration modules, and 5 is the real-time detection module of cache miss number, and 6 is the IPMG module, and 7 is former metadata cache.
Embodiment
The present invention strengthens the safety of processor data buffer memory, does not need former buffer memory is carried out the modification of any inner structure during the integrated security module, and concrete integrated approach is as follows.
Central Plains of the present invention buffer memory changes moderator and system bus interface into to system bus interface, and the bus interface of former buffer memory inputs to moderator with the bus interface of the pre-fetch unit that is added.
During access memory, the virtual address of processor core output need input to the pre-fetch unit of former buffer memory and interpolation simultaneously.The data of the data of buffer memory output and pre-fetch unit output need select to export to processor core through MUX.Cache-hit signal no longer is former metadata cache hiting signal, but through the module after the security module processing.
The scheme that proposes among the present invention realizes on MIPS 4kc processor; for the program that does not need safeguard protection is not exerted an influence; the programming personnel can the configuration data buffer memory mode of operation, so processor need increase by two instruction CacheProEnter and CacheProLeave.In order to support the configurability of statistic unit piece, need processor to support cached configuration instruction CacheConfig simultaneously.
Carry out CacheProEnter director data buffer memory and enter secure operating mode and the zero clearing of disappearance counting number module, promptly begin once new measurement count.
Execution CacheProLeave director data buffer memory leaves secure operating mode and enters normal mode of operation, and this moment, IPMG module count device increased one, shows that promptly this time measurement finishes.If the counter value of reaching capacity shows the statistic unit block end, this counter O reset this moment begins the block count of next round statistic unit.
Carrying out the CacheConfig instruction can be configured the statistics block size, and the IPMG module is supported following 2 integer power power size: 2,4,8,16,32,64,128.
Concrete programming as shown in Figure 4, the 1 record current time of code line stabs, code line 2 is opened the buffer memory secure operating mode, code line 3 is carried out AES encryption and decryption program, the buffer memory secure operating mode is finished to close in code line 4 encryption and decryption critical sections, and the 5 record current time of code line stab and calculate the encryption and decryption time.
The safety approach that proposes among the present invention realizes that back checking on the FPGA development board realizes that the FPGA development board of use is Altera Stratix II EP2S180F1020C3.Before the safety approach of not implementing to propose among the present invention, produce the forms data piece at random expressly, and measure 2,000,000 time samples of encryption time acquisition.By time driving correlation analysis, can obtain relevant peaks as shown in Figure 5.
After adding defensive measure, measure and obtain 2,000,000 time samples equally.Attack method analysis by same can obtain Fig. 6.Relevant peaks among Fig. 5 is covered in other key conjectures are worthwhile, can not obtain by observation.
The miss rate adjustment technology belongs to the fine setting technology among the present invention, so procedural loss of energy is very little after entering safe mode, Fig. 7 has provided performance comparison histogram under different cached configuration.Generally speaking, performance loss is less than 10%.
Claims (1)
1. improved hardware structure that anti-time drive cache is attacked, it is characterized in that, add some parts in that metadata cache is peripheral, comprising: the real-time detection module of cache miss number, data pre-fetching module, MUX, pseudo-disappearance stress generation modules, two with door and arbitration modules; Wherein:
The real-time detection module of cache miss number, it is input as cache-hit signal, is a counter, and when disappearance took place buffer memory, Counter Value just increased by one;
Data pre-fetching module, this module contain the data working area of look ahead control module and 4 cache line size, are used for depositing the data of looking ahead, and look ahead and are triggered by cache miss, and prefetch address is for next four cache lines of disappearance row take place; Prefetch mechanisms root a tree name application demand opens and closes;
MUX, it is input as the output of former metadata cache and the output of data pre-fetching module;
Pseudo-disappearance stress generation module, and it is input as the output of internal storage access signal and the real-time detection module of disappearance number; According to current cache miss rate, this module produces pressure disappearance signal according to the threshold value and the current miss rate of historical statistics gained; When producing pseudo-disappearance, this module output drag down make two with door be output as low, with the signal of shadow data prefetch module and metadata cache; The data pre-fetching module work that is triggered simultaneously goes in the internal memory read access capable; When finishing when looking ahead, this module is drawn high output, accepts the signal of metadata cache and data pre-fetching module with goalkeeper and judges output;
Arbitration modules is used to solve metadata cache and data pre-fetching module collision scenario;
Wherein, described pseudo-disappearance stress the generation module generation force the method for disappearance signal as follows:
The history buffer miss rate is averaged the primary system meter in order to estimate to adjust threshold value, the cache miss rate of AES computing note is made m, the cache miss rate data of several times AES computing are regarded as a statistic unit piece, and the threshold value of current statistic unit piece AES computing is as a last statistic unit piece mean value;
Wherein, the statistic unit block size is configured to 2 integer power power, realizes arithmetic mean to sample threshold register being set by shift operation during data mean value in the counting statistics cell block, is used for depositing in order to threshold value relatively; The judgement formula is as follows:
Adjust threshold value * internal storage access number-cache miss number>0 (1)
Miss rate summation in this statistic unit piece that the cache miss rate has been sued for peace register holds, when this statistic unit piece is finished, counter output saturation signal, threshold register is upgraded in the zero clearing of miss rate summation register simultaneously.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010101916483A CN101887397B (en) | 2010-06-03 | 2010-06-03 | Improved hardware structure capable of resisting time drive cache attacks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010101916483A CN101887397B (en) | 2010-06-03 | 2010-06-03 | Improved hardware structure capable of resisting time drive cache attacks |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101887397A CN101887397A (en) | 2010-11-17 |
CN101887397B true CN101887397B (en) | 2011-12-28 |
Family
ID=43073325
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010101916483A Expired - Fee Related CN101887397B (en) | 2010-06-03 | 2010-06-03 | Improved hardware structure capable of resisting time drive cache attacks |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101887397B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103020004B (en) * | 2012-12-14 | 2015-09-09 | 杭州华为数字技术有限公司 | The access method of the asymmetric consistance internal storage access system of high-speed cache and device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4701166B2 (en) * | 2004-04-26 | 2011-06-15 | パナソニック株式会社 | Computer system and computer program for encryption or decryption |
-
2010
- 2010-06-03 CN CN2010101916483A patent/CN101887397B/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
CN101887397A (en) | 2010-11-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Vila et al. | Theory and practice of finding eviction sets | |
Pakalapati et al. | Bouquet of instruction pointers: Instruction pointer classifier-based spatial hardware prefetching | |
Liu et al. | Random fill cache architecture | |
Tan et al. | PhantomCache: Obfuscating Cache Conflicts with Localized Randomization. | |
Demme et al. | Side-channel vulnerability factor: A metric for measuring information leakage | |
US20150082434A1 (en) | Systems and methods to counter side channels attacks | |
Gallais et al. | Improved trace-driven cache-collision attacks against embedded AES implementations | |
Zhang et al. | Side channel vulnerability metrics: the promise and the pitfalls | |
Kadam et al. | Rcoal: mitigating gpu timing attack via subwarp-based randomized coalescing techniques | |
Jiang et al. | A novel cache bank timing attack | |
Yu et al. | Detecting vms co-residency in cloud: Using cache-based side channel attacks | |
Ahn et al. | Trident: A hybrid correlation-collision GPU cache timing attack for AES key recovery | |
Zankl et al. | Side-channel attacks in the Internet of Things: threats and challenges | |
Jiang et al. | Exploiting bank conflict-based side-channel timing leakage of gpus | |
CN101887397B (en) | Improved hardware structure capable of resisting time drive cache attacks | |
Ahmadi et al. | Side-channel attacks on risc-v processors: Current progress, challenges, and opportunities | |
Tong et al. | Cache side-channel attacks detection based on machine learning | |
Liang et al. | Memcloak: Practical access obfuscation for untrusted memory | |
Yu et al. | Using hardware performance counters to detect control hijacking attacks | |
Lashgar et al. | Inter-warp instruction temporal locality in deep-multithreaded GPUs | |
Wan et al. | Volcano: Stateless cache side-channel attack by exploiting mesh interconnect | |
Tang et al. | SecFlush: A Hardware/Software Collaborative Design for Real-Time Detection and Defense Against Flush-Based Cache Attacks | |
Ramkrishnan et al. | New attacks and defenses for randomized caches | |
Younis Younis et al. | Cache side-channel attacks in cloud computing | |
Hou et al. | Efficient encryption-authentication of shared bus-memory in SMP system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111228 Termination date: 20170603 |
|
CF01 | Termination of patent right due to non-payment of annual fee |