Method for implementing public key cryptography for resisting cold boot attack

Abstract

The invention discloses a method for implementing public key cryptography for resisting a cold boot attack. The method comprises the following steps that: support of a system for streaming single instruction multiple data (Simd) extensions (SSE) and advanced vector extensions (AVX) is disabled, and contents in a YMM register group are prevented from being exchanged into a memory by a system kernel during process switching; only registers of a central processing unit (CPU) instead of a memory is used to implement a public key encryption algorithm; system call is increased for setting a secret key, encrypting a private key, allocating resources and recycling resources; a function of recycling public key cryptography calculation resources which are allocated to a process is added at a position where an operating system recycles the resources when the process exits; and a user space process calls the system call to implement a public key cryptography algorithm which can resist a side channel attack aiming at the memory. By the method, the capability of resisting the side channel attack aiming at the memory can be increased for the public key cryptography algorithm on a computer which uses an X86-64 CPU hardware platform under the condition that additional hardware is not added, so that in the running process of a cryptosystem, the private key of the system cannot be leaked due to the side channel attack aiming at the memory.

Description

Technical field [0001] The invention belongs to the technical field of information security, and specifically relates to a method for implementing public key cryptography against cold start attacks. Background technique [0002] In theory, attacks on cryptographic systems are generally carried out through two methods: analysis of weaknesses in cryptographic algorithms and brute force cracking of keys. Because the security of mainstream cryptographic algorithms is often fully tested by academic research and industrial practice, and the length of the key used is often long enough, a successful attack often requires a lot of time and computing resources, and its cost is much greater than what is possible. The income of the password system is guaranteed. [0003] However, for the actual deployment of a cryptographic system, its security is not only related to the security of the algorithm itself, but also depends on the specific implementation of the algorithm and the software and har...

AI Technical Summary

Problems solved by technology

However, compared with the simple and efficient symmetric cryptographic algorithm, the public key cryptographic algorithm often has complex calculations and long keys, and requires larger storage space and higher technical requirements for implementation. At present, there is no effective method in both academia and industry. Methods against cold-boot attacks against public-key cryptography

The public key cryptography algorithm is an important basis for various key exchange protocols, signature authentication protocols and other security frameworks, and has a wide range of applications. If the cold start attack against the public key cryptography system cannot be effectively solved, it will be for those who rely on these protocols. Information exchange in all walks of life poses serious security risks

Images