针对重用掩码AES算法的随机明文碰撞攻击

doi:10.19678/j.issn.1000-3428.0061797

摘要/Abstract

摘要： 侧信道攻击是密码学研究的热点方向，碰撞攻击作为侧信道攻击的重要分支，可从泄露能量中有效提取中间值信息，根据中间值信息检测不同S盒之间的碰撞，并利用碰撞建立不同密钥字节之间的线性关系，缩小密钥候选值的空间。针对使用重用掩码的高级加密标准（AES）算法，自适应选择明文碰撞攻击方法需要预先建立攻击模板，并且实施攻击所需的前提条件较多。提出一种高效的随机明文碰撞攻击方法，基于2个不同S盒输入值的汉明距离及其对应能量迹的欧氏距离之间的关系，从256个密钥异或值中找出正确的密钥异或值。通过理论分析得出该方法无需预先确定碰撞阈值及建立攻击模板，即可有效利用能量迹中未发生碰撞的信息，并且所加密的明文是随机的，能在没有目标设备的情况下实施攻击。实验结果表明，与自适应选择明文碰撞攻击、改进型相关性碰撞攻击等方法相比，该方法减少了实现碰撞攻击所需的前提条件，并且扩大了攻击范围。

关键词: 侧信道攻击, 碰撞攻击, 汉明距离, 欧氏距离, 高级加密标准

Abstract: The topic of side-channel attacks is popular in cryptographic research. As an important branch of side-channel attacks, collision attacks can effectively extract information related to intermediate values from energy leakage. The attacker can detect collisions between two different S-boxes through an analysis of intermediate-value information, whereby a linear relationship between the different key bytes can be established through the collisions. These linear relationships can reduce the key candidate space. For the Advanced Encryption Standard(AES) algorithm with reused masks, an adaptive chosen-plaintext collision attack is proposed, requiring a pre-established attack template and high conditions to launch the attack. To address this problem, this study proposes an efficient random plaintext collision attack method. Based on the relationship between the Hamming distance of two different S-box input values and the Euclidean distance of the corresponding energy trace, the method determines the correct key XOR value from 256 key XOR values. Theoretical analysis is offered to prove that the method utilizes the information in power traces that do not collide while requiring neither a pre-established template nor a pre-determined suitable collision threshold in advance. In addition, this method is a known plaintext attack; therefore, it can be implemented when the attacker is unable to operate the target devices. The experimental results show that, compared with the adaptive chosen-plaintext collision attack, the Improved Collision-Correlation Attack(ICCA), and other methods, this method reduces the conditions to launch the attack, expanding the attack ranges.

Key words: side-channel attack, collision attack, Hamming distance, Euclidean distance, Advanced Encryption Standard(AES)

中图分类号:

TP309

赵秉宇, 王柳生, 张美玲, 郑东. 针对重用掩码AES算法的随机明文碰撞攻击[J]. 计算机工程, 2022, 48(6): 139-145,153.

ZHAO Bingyu, WANG Liusheng, ZHANG Meiling, ZHENG Dong. Random Plaintext Collision Attack Against AES Algorithm with Reused Masks[J]. Computer Engineering, 2022, 48(6): 139-145,153.

http://www.ecice06.com/CN/Y2022/V48/I6/139

图/表 17

20220625175036

20220625175040

20220625175044

20220625175047

20220625175051

20220625175055

20220625175059

20220625175102

20220625175107

20220625175110

20220625175114

20220625175118

20220625175122

20220625175125

20220625175130

20220625175135

20220625175139

参考文献

[1] KOCHER P C.Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C]//Proceedings of International Cryptology Conference on Advances in Cryptology.Berlin, Germany:Springer, 1996:104-113.
[2] KOCHER P, JAFFE J, JUN B.Differential power analysis[C]//Proceedings of International Cryptology Conference on Advances in Cryptology.Berlin, Germany:Springer, 1999:388-397.
[3] SCHRAMM K, WOLLINGER T, PAAR C.A new class of collision attacks and its application to DES[M].Berlin, Germany:Springer, 2003.
[4] BRIER E, CLAVIER C, OLIVIER F.Correlation power analysis with a leakage model[C]//Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems.Berlin, Germany:Springer, 2004:16-29.
[5] CHARI S, RAO J R, ROHATGI P.Template attacks[C]//Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems.Berlin, Germany:Springer, 2002:13-28.
[6] 戴立, 胡红钢.免触发信号的侧信道加解密区间定位方法[J].信息网络安全, 2019, 19(3):43-51. DAI L, HU H G.Encryption and decryption interval locating method for non-trigger side-channel analysis[J].Netinfo Security, 2019, 19(3):43-51.(in Chinese)
[7] 王恺, 郭朋飞, 周聪, 等.基于t检验的侧信道信息泄漏评估方法研究[J].信息网络安全, 2020, 20(10):57-66. WANG K, GUO P F, ZHOU C, et al.Research on the assessment method of side channel information leakage based on t-test[J].Netinfo Security, 2020, 20(10):57-66.(in Chinese)
[8] 凌杭, 吴震, 杜之波, 等.基于汉明重的EPCBC代数侧信道攻击[J].计算机工程, 2017, 43(8):156-160, 168. LING H, WU Z, DU Z B, et al.Algebraic side channel attack against EPCBC based on hamming weight[J].Computer Engineering, 2017, 43(8):156-160, 168.(in Chinese)
[9] SCHRAMM K, LEANDER G, FELKE P, et al.A collision-attack on AES[C]//Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems.Berlin, Germany:Springer, 2004:163-175.
[10] BOGDANOV A.Improved side-channel collision attacks on AES[C]//Proceedings of International Workshop on Selected Areas in Cryptography.Berlin, Germany:Springer, 2007:84-95.
[11] MESSERGES T S.Securing the AES finalists against power analysis attacks[C]//Proceedings of International Workshop on Fast Software Encryption.Berlin, Germany:Springer, 2000:150-164.
[12] HERBST C, OSWALD E, MANGARD S.An AES smart card implementation resistant to power analysis attacks[C]//Proceedings of International Conference on Applied Cryptography and Network Security.Berlin, Germany:Springer, 2006:239-252.
[13] AKKAR M L, GIRAUD C.An implementation of DES and AES, secure against some attacks[C]//Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems.Berlin, Germany:Springer, 2001:309-318.
[14] HUANG H, LIU L B, HUANG Q H, et al.Low area-overhead Low-Entropy Masking Scheme(LEMS) against correlation power analysis attack[J].IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2019, 38(2):208-219.
[15] 谭锐能, 卢元元, 田椒陵.抗侧信道攻击的SM4多路径乘法掩码方法[J].计算机工程, 2014, 40(5):103-108, 114. TAN R N, LU Y Y, TIAN J L.SM4 multi-path multiplicative masking method against side-channel attack[J].Computer Engineering, 2014, 40(5):103-108, 114.(in Chinese)
[16] 张翌维, 龚冰冰, 刘烈恩, 等.抵御侧信道分析的AES双路径掩码方法[J].计算机工程, 2012, 38(13):108-111. ZHANG Y W, GONG B B, LIU L E, et al.AES dual-path masking method for resisting side-channel analysis[J].Computer Engineering, 2012, 38(13):108-111.(in Chinese)
[17] MORADI A, MISCHKE O, EISENBARTH T.Correlation-enhanced power analysis collision attack[C]//Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems.Berlin, Germany:Springer, 2010:125-139.
[18] CLAVIER C, FEIX B, GAGNEROT G, et al.Improved collision-correlation power analysis on first order protected AES[C]//Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems.Berlin, Germany:Springer, 2011:49-62.
[19] BOGDANOV A, KIZHVATOV I.Beyond the limits of DPA:combined side-channel collision attacks[J].IEEE Transactions on Computers, 2012, 61(8):1153-1164.
[20] NIU Y C, ZHANG J W, WANG A, et al.An efficient collision power attack on AES encryption in edge computing[J].IEEE Access, 2019, 7:18734-18748.
[21] DING Y L, SHI Y, WANG A, et al.Adaptive chosen-plaintext collision attack on masked AES in edge computing[J].IEEE Access, 2019, 7:63217-63229.
[22] ZHENG D, JIA X, ZHANG M L.Hypothesis testing based side-channel collision analysis[J].IEEE Access, 2019, 7:104218-104227.
[23] O'FLYNN C, CHEN Z.ChipWhisperer:an open-source platform for hardware embedded security research[C]//Proceedings of International Workshop on Constructive Side-Channel Analysis and Secure Design.Berlin, Germany:Springer, 2014:243-260.

选择文件类型/文献管理软件名称

选择包含的内容