| 基于iRAM的抗物理内存泄露攻击密码算法轻量化实现 |
| |
| 引用本文: | 李彦初,荆继武,雷灵光,王跃武,王平建.基于iRAM的抗物理内存泄露攻击密码算法轻量化实现[J].北京大学学报(自然科学版),2022,58(6):1023-1034. |
| |
| 作者姓名: | 李彦初 荆继武 雷灵光 王跃武 王平建 |
| |
| 作者单位: | 1. 中国科学院大学计算机科学与技术学院, 北京 100049
2. 中国科学院大学密码学院, 北京 100049
3. 北京大学软件与微电子学院, 北京 100871
4. 中国科学院信息工程研究所信息安全国家重点实验室, 北京 100093
5. 中国科学院大学网络空间安全学院, 北京 100049 |
| |
| 基金项目: | 国家自然科学基金(61802398)资助 |
| |
| 摘 要: | 提出一种基于iRAM的轻量安全密码算法实现方案, 可以在不影响系统中需要iRAM辅助的正常功能情况下, 实现多个密码算法的并发执行。该方案将密码算法实现中的敏感数据限制在单个可加载段中, 同时分离该段中的非敏感数据, 并通过修改可信应用的加载方式、仅将包含敏感数据的段分配到iRAM空间等方法, 尽量减少密码运算对iRAM的占用。在真实设备上实现国内外具有代表性的一系列密码算法, 实验结果表明, 所有算法的性能开销均小于4.3%, iRAM使用量皆少于4.5 KB, 比现有方案节省78%以上, 能够支持方案在所有主流平台上部署。
|
| 关 键 词: | ,密码算法,TrustZone,iRAM,物理内存泄露攻击, |
| 收稿时间: | 2022-01-10 |
An iRAM-based Light-Weight Cryptographic Algorithm ImplementationScheme against Physical Memory Disclosure Attacks |
| |
| LI Yanchu,JING Jiwu,LEI Lingguang,WANG Yuewu,WANG Pingjian.An iRAM-based Light-Weight Cryptographic Algorithm ImplementationScheme against Physical Memory Disclosure Attacks[J].Acta Scientiarum Naturalium Universitatis Pekinensis,2022,58(6):1023-1034. |
| |
| Authors: | LI Yanchu JING Jiwu LEI Lingguang WANG Yuewu WANG Pingjian |
| |
| Institution: | 1. School of Computer Science and Technology, University of Chinese Academy of Sciences, Beijing 100049
2. School of Cryptography, University of Chinese Academy of Science, Beijing 100049
3. School of Software and Microelectronics, Peking University, Beijing 100871
4. State Key Laboratory of Information Security, Institute of Information Engineering, CAS, Beijing 100093
5. School of Cyber Security, University of Chinese Academy of Science, Beijing 100049 |
| |
| Abstract: | An iRAM-based light-weight secure cryptographic algorithm implementation scheme is proposed, which can execute multiple cryptographic algorithms concurrently without affecting the iRAM-assisted functions of the system. The scheme restricts the sensitive data in the cryptographic algorithm implementation to a single loadable segment, separates the non-sensitive data from this segment, and modifies the loading procedure of the trusted applications to allocate only the segment containing sensitive data to the iRAM space. It can minimize the occupation of iRAM by cryptographic operations. A series of representative cryptographic algorithms are implemented on the real device. The experimental results show that the performance overhead of all cryptographic algorithms is less than 4.3%, and each algorithm’s demand for iRAM is less than 4.5 KB, saving more than 78% compared with existing schemes, which supports the deployment of the scheme on all mainstream platforms. |
| |
| Keywords: | cryptographic algorithm TrustZone iRAM physical memory disclosure attacks |
|
| 点击此处可从《北京大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《北京大学学报(自然科学版)》下载免费的PDF全文 |
|
