基于Zend虚拟机的Hash碰撞及DoS攻击分析

由于服务器或应用程序中Hash碰撞漏洞的存在，攻击者可能会利用该漏洞向服务器注入大量无用数据．致使CPU进程停留在碰撞数据的处理操作上，从而实现DoS攻击的目的。针对此M题，本文提出一种在Zend虚拟机中原始键值Key在完全碰撞和完全不碰撞2种情况下，程序执行效率与原始键值数量n的关系分析算法。通过DJBX33A算法和存储碰撞数据的双向链表结构，构造PHP中2n（n∈[3，31]）个元素的数组并以之为测试对象，得到2种情况下程序运行时间与n的关系，结果表明：当n≤16时，2种情况下程序执行时间均随n的增长而增长；当n〉16时，只有第2种情况下程序执行时间会随n的增长而增长。并对Zend虚拟机中DoS攻击进行了分析。

Analysis of Hash Collsion and DoS Attack in Zend Virtual Machine

Because the Hash collision loophole exists in server or application, with the loophole an attacker could inject a large a- mount of useless data to a server and lead to the CPU process stopover in handling collision data so as to achieve the purpose of the DoS attack. Aiming at such problems, in this essay a simulation algorithm is presented for the relationship of efficiency and the number of original key about complete collision and no collision in Zend virtual machine. By DJBX33A algorithm and the structure of two-way linked list for storage collision data, an array containing 2n （n ∈[ 3,31 ] ） elements is created as the test ob- ject in PHP, it came to a conclusion about the relationship between the time of program execution and n in two cases, the results indicated that in two cases, the time of program execution would increase with the n when n ≤ 16, and When n 〉 16, so did only the second cases. At the same time, the Zend virtual machine DoS attacks are analyzed.