基于iRAM的抗物理内存泄露攻击密码算法轻量化实现

doi:10.13209/j.0479-8023.2022.095

北京大学学报自然科学版 ›› 2022, Vol. 58 ›› Issue (6): 1023-1034.DOI: 10.13209/j.0479-8023.2022.095

基于iRAM的抗物理内存泄露攻击密码算法轻量化实现

李彦初¹, 荆继武^2,3, 雷灵光^4,5,†, 王跃武^4,5, 王平建^4,5

1. 中国科学院大学计算机科学与技术学院, 北京 100049 2. 中国科学院大学密码学院, 北京 100049 3. 北京大学软件与微电子学院, 北京 100871 4. 中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093 5. 中国科学院大学网络空间安全学院, 北京 100049

收稿日期:2022-01-10 修回日期:2022-03-22 出版日期:2022-11-20 发布日期:2022-11-20
通讯作者: 雷灵光, E-mail: leilingguang(at)iie.ac.cn
基金资助:
国家自然科学基金(61802398)资助

An iRAM-based Light-Weight Cryptographic Algorithm Implementation Scheme against Physical Memory Disclosure Attacks

LI Yanchu¹, JING Jiwu^2,3, LEI Lingguang^4,5,†, WANG Yuewu^4,5, WANG Pingjian^4,5

1. School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049 2. School of Cryptography, University of Chinese Academy of Science, Beijing 100049 3. School of Software and Microelectronics, Peking University, Beijing 100871 4. State Key Laboratory of Information Security, Institute of Information Engineering, CAS, Beijing 100093 5. School of Cyber Security, University of Chinese Academy of Science, Beijing 100049

Received:2022-01-10 Revised:2022-03-22 Online:2022-11-20 Published:2022-11-20
Contact: LEI Lingguang, E-mail: leilingguang(at)iie.ac.cn

摘要/Abstract

摘要：

提出一种基于iRAM的轻量安全密码算法实现方案, 可以在不影响系统中需要iRAM辅助的正常功能情况下, 实现多个密码算法的并发执行。该方案将密码算法实现中的敏感数据限制在单个可加载段中, 同时分离该段中的非敏感数据, 并通过修改可信应用的加载方式、仅将包含敏感数据的段分配到iRAM空间等方法, 尽量减少密码运算对iRAM的占用。在真实设备上实现国内外具有代表性的一系列密码算法, 实验结果表明, 所有算法的性能开销均小于4.3%, iRAM使用量皆少于4.5 KB, 比现有方案节省78%以上, 能够支持方案在所有主流平台上部署。

关键词: 密码算法, TrustZone, iRAM, 物理内存泄露攻击

Abstract:

An iRAM-based light-weight secure cryptographic algorithm implementation scheme is proposed, which can execute multiple cryptographic algorithms concurrently without affecting the iRAM-assisted functions of the system. The scheme restricts the sensitive data in the cryptographic algorithm implementation to a single loadable segment, separates the non-sensitive data from this segment, and modifies the loading procedure of the trusted applications to allocate only the segment containing sensitive data to the iRAM space. It can minimize the occupation of iRAM by cryptographic operations. A series of representative cryptographic algorithms are implemented on the real device. The experimental results show that the performance overhead of all cryptographic algorithms is less than 4.3%, and each algorithm’s demand for iRAM is less than 4.5 KB, saving more than 78% compared with existing schemes, which supports the deployment of the scheme on all mainstream platforms.

Key words: cryptographic algorithm, TrustZone, iRAM, physical memory disclosure attacks

李彦初, 荆继武, 雷灵光, 王跃武, 王平建. 基于iRAM的抗物理内存泄露攻击密码算法轻量化实现[J]. 北京大学学报自然科学版, 2022, 58(6): 1023-1034.

LI Yanchu, JING Jiwu, LEI Lingguang, WANG Yuewu, WANG Pingjian.

An iRAM-based Light-Weight Cryptographic Algorithm Implementation Scheme against Physical Memory Disclosure Attacks

[J]. Acta Scientiarum Naturalium Universitatis Pekinensis, 2022, 58(6): 1023-1034.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://xbna.pku.edu.cn/CN/10.13209/j.0479-8023.2022.095

https://xbna.pku.edu.cn/CN/Y2022/V58/I6/1023

基于iRAM的抗物理内存泄露攻击密码算法轻量化实现

An iRAM-based Light-Weight Cryptographic Algorithm Implementation Scheme against Physical Memory Disclosure Attacks

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

编辑推荐

Metrics

留言