作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2019, Vol. 45 ›› Issue (9): 112-118. doi: 10.19678/j.issn.1000-3428.0051692

• 安全技术 • 上一篇    下一篇

针对AES密钥扩展的电压故障注入攻击

段晓毅, 田丽娜, 张磊, 王建新, 李秀滢, 张恺健   

  1. 北京电子科技学院 电子信息工程系, 北京 100070
  • 收稿日期:2018-05-29 修回日期:2018-09-04 出版日期:2019-09-15 发布日期:2019-09-03
  • 作者简介:段晓毅(1979-),男,讲师,主研方向为信息安全;田丽娜,硕士研究生;张恺健,硕士研究生;张磊(通信作者)、王建新、李秀滢,副教授
  • 基金资助:
    国家自然科学基金(61701008);中央高校基本科研业务费专项资金(2017LG05,2017CL-HSM)。

Voltage Fault Injection Attack on Key Expansion of AES

DUAN Xiaoyi, TIAN Lina, ZHANG Lei, WANG Jianxin, LI Xiuying, ZHANG Kaijian   

  1. Department of Electronics and Information Engineering, Beijing Electronic Science and Technology Institute, Beijing 100070, China
  • Received:2018-05-29 Revised:2018-09-04 Online:2019-09-15 Published:2019-09-03

摘要: 针对高级加密标准(AES)算法,提出一种简单高效的故障注入攻击方法。通过瞬时降低密码芯片供电电压产生低压毛刺,使芯片在密钥扩展函数中进行密钥赋值时跳过赋值循环语句,造成密钥赋值错误,从而缩短参与运算密钥的未知字节长度。结合注入故障后输出的错误密文,可通过穷举猜测的方式恢复初始密钥未知字节。攻击测试结果表明,通过该方法执行一次有效故障注入攻击能得到4字节长度初始密钥,即对于128位AES算法,攻击者仅需猜测4×232次就能到初始密钥。

关键词: 故障注入, 电压, 密钥扩展, 循环语句, 密文

Abstract: Aiming at the Advanced Encryption Standard(AES) algorithm,this paper proposes a simple and efficient method of fault injection attack.By instantaneously reducing the voltage of the cipher chip power supply,the low voltage burr is generated,which causes the chip to skip the assignment cycle sentence when the key is assigned in the key expansion function,resulting in a key assignment error,thereby reducing the length of the unknown byte participating in the operation key.Combined with the error ciphertext output after the injection of the fault,the exhaustive guess can be use to recover the initial key unknown byte.Attack test results indicates that an effective fault injection attack can get a 4-byte length initial key.That is,for the 128-bit AES algorithm,the attacker can recover the initial key only by guessing 4×232 times.

Key words: fault injection, voltage, key expansion, cycle sentence, ciphertext

中图分类号: