一种带掩码AES算法的高阶差分功耗分析攻击方案

doi:10.3969/j.issn.1000-3428.2017.10.021

计算机工程

一种带掩码AES算法的高阶差分功耗分析攻击方案

段晓毅,王思翔,崔琦,孙渴望

(北京电子科技学院电子信息工程系,北京 100070)

收稿日期:2016-08-18 出版日期:2017-10-15 发布日期:2017-10-15
作者简介:段晓毅(1979—),男,讲师、博士,主研方向为密码学、计算机检测技术;王思翔、崔琦、孙渴望,硕士研究生。
基金资助:
北京市自然科学基金(4163076,4152048);北京电子科技学院基金(328201505,328201508)。

A High-order Differential Power Analysis Attack Scheme with Masked AES Algorithm

DUAN Xiaoyi,WANG Sixiang,CUI Qi,SUN Kewang

(Department of Electronics and Information Engineering,Beijing Electronic Science and Technology Institute,Beijing 100070,China)

Received:2016-08-18 Online:2017-10-15 Published:2017-10-15

摘要/Abstract

摘要：

鉴于能量分析攻击对密码芯片安全性的严重威胁,对掩码技术进行研究,提出一种通过使用预处理函数对固定值掩码进行攻击的高阶差分功耗分析(HODPA)方案。利用功耗曲线上2个信息点的联合分布绕过掩码对加密系统的保护。开发以MEGA16单片机为核心的侧信道攻击平台,并在该平台上进行实验验证,结果表明,在不明确掩码具体数值的情况下,一阶DPA无法恢复出正确密钥,HODPA方案仅需约500条功耗曲线即可得到正确密钥,且正误密钥之间区分度高,具有较强的实用性。

关键词: 掩码技术, 预处理函数, 差分功耗分析, 功耗曲线, AES算法

Abstract:

In view of the serious threats that power analysis attacks causes on the security of the cipher chip,based on the in-depth study of masked technology,this paper proposes a High Order Differential Power Analysis(HODPA) scheme which attacks the fixed value mask through the use of preprocessing function.By using the joint distribution of the two points on the power curve,this method successfully bypasses the mask’s protection of the system.It develops a side channel attack platform based on MEGA16 and carries out the experimental verification.Experimental result shows that,without knowing the specific masked value,the ordinary first order DPA cannot recover the correct key,but HODPA only needs about 500 power curves to get the correct key,and discrimination between correct key and wrong keys is high,fully proves the validity and practicability of the scheme.

Key words: masked technology, preprocessing function, Differential Power Analysis(DPA), power curve, AES algorithm

中图分类号:

TP309

段晓毅,王思翔,崔琦,孙渴望. 一种带掩码AES算法的高阶差分功耗分析攻击方案[J]. 计算机工程, doi: 10.3969/j.issn.1000-3428.2017.10.021.

DUAN Xiaoyi,WANG Sixiang,CUI Qi,SUN Kewang. A High-order Differential Power Analysis Attack Scheme with Masked AES Algorithm[J]. Computer Engineering, doi: 10.3969/j.issn.1000-3428.2017.10.021.

http://www.ecice06.com/CN/Y2017/V43/I10/120

参考文献

参考文献［1］谭锐能,卢元元,田椒陵.抗侧信道攻击的SM4多路径乘法掩码方法［J］.计算机工程,2014,40(5):103-108. ［2］CHAIR S,JUTLA C S,RAO J R,et al.Towards Sound Approaches to Counteract Power-analysis Attacks［C］//Proceedings of IEEE CRYPTO’99.Washington D.C.,USA:IEEE Press,1999:398-412. ［3］JOVAN D.TYMEN C.Multiplicative Masking and Power Analysis of AES［C］//Proceedings of Inter-national Workshop on Cryptographic Hardware and Embedded Systems.Berlin,Germany:Springer-Verlag,2002:31-47. ［4］徐佩,傅鹂.防止差分功耗分析攻击的软件掩码方案［J］.计算机应用研究,2016(1):245-248. ［5］MESSERGES T S.Using Second-order Power Analysis to Attack DPA Resistant Software［C］//Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems.Berlin,Germany:Springer-Verlag,2000:238-251. ［6］AKKAR M L,GOUBIN L.A Generic Protection Against High-order Differential Power Analysis［C］//Proceedings of International Workshop on Fast Software Encryption.Washington D.C.,USA:IEEE Press,2003:192-205. ［7］JOYE M,PAILLIER P,SCHOENMAKERS B.On Second-order Differential Power Analysis［C］//Proceedings of International Workshop on Cryptographic Hardware & Embedded Systems.Washington D.C.,USA:IEEE Press,2005:293-308. ［8］Herbst C,Oswald E,Mangard S.An AES Smart Card Implementation Resistant to Power Analysis Attacks［C］// Proceedings of International Conference on Applied Cryptography and Network Security.Berlin,Germany:Springer-Verlag,2006:194-206. ［9］OSEALD E,MANGARD S,HERBST C,et al.Practical Second-order DPA Attacks for Masked Smart Card Implementations of Block Ciphers［M］.Berlin,Germany:Springer-Verlag,1970. ［10］YOO H S,HERBST C,MANGARD S,et al.Investigations of Power Analysis Attacks and Counter-measures for ARIA［J］.Lecture Notes in Computer Science,2007,4298:160-172. ［11］DING A A,ZHANG L,FEI Y,et al.A Statistical Model for Higher Order DPA on Masked Devices［C］//Proceedings of CHES’14.Berlin,Germany:Springer-Verlag,2014:147-169. ［12］DURVAUX F,STANDAERT F X.Efficient Selection of Time Samples for Higher-order DPA with Projection Pursuits［M］.Berlin,Germany:Springer-Verlag,2015. ［13］IYOH K,TAKENAKA M,TORII N.DPA Counter-measure Based on the “Masking Method”［C］//Proceedings of International Conference Seoul on Info-rmation Security & Cryptology.Washington D.C.,USA:IEEE Press,2001:440-456. ［14］WADDLE J,WAGNER D.Towards Efficient Second-order Power Analysis［J］.Lecture Notes in Computer Science,2004,3156:1-15. ［15］赵东艳,何军.针对密码算法的高阶DPA攻击方法研究［J］.电子技术应用,2013,39(10):56-58. 编辑索书志

[1]	胡子杰,张帆,沈继忠,赵新杰. 针对民用无人机的遥控数据保护方法[J]. 计算机工程, 2019, 45(4): 100-107.
[2]	李新超,钟卫东,刘明明,李栋. 基于秘密共享的SM4算法S盒实现方案[J]. 计算机工程, 2018, 44(11): 148-153.
[3]	邬可可,李慧云,闫立军. 一种防御差分功耗分析的ECC同种映射模型[J]. 计算机工程, 2017, 43(10): 115-119,125.
[4]	陶文卿,顾星远,李菁. 基于数据加密标准掩码的功耗分析方法[J]. 计算机工程, 2015, 41(5): 133-138.
[5]	孙慧盈，陆继承，魏长征，俞军. 基于Walsh谱变换的S盒算法[J]. 计算机工程, 2014, 40(7): 18-22.
[6]	王秋艳，金晨辉. LEX算法的相关密钥攻击[J]. 计算机工程, 2014, 40(4): 141-145,150.
[7]	李菁, 李林森. IC卡芯片DES加密差分功耗分析方法[J]. 计算机工程, 2013, 39(7): 200-204.
[8]	李爱国, 冯国松. 一种安全的USB2.0设备控制器设计[J]. 计算机工程, 2012, 38(24): 288-290.
[9]	张翌维, 龚冰冰, 刘烈恩, 唐有. 抵御侧信道分析的AES双路径掩码方法[J]. 计算机工程, 2012, 38(13): 108-111.
[10]	曾永红;叶旭鸣. 抗差分功耗分析攻击的AES S盒电路设计[J]. 计算机工程, 2010, 36(9): 20-22.
[11]	崔亚磊;戴紫彬. 面向分组密码的NCL电路处理模型[J]. 计算机工程, 2010, 36(4): 128-130.
[12]	杜之波;陈运;吴震;陈俊;周俐莎. 防范边信道攻击的逆伪操作实现算法[J]. 计算机工程, 2010, 36(3): 131-133.
[13]	崔亚磊;唐为民;戴紫彬. 异步128位AES算法的硬件设计[J]. 计算机工程, 2009, 35(8): 195-197.
[14]	郁　滨;李颖川. 一种蓝牙传输加密方案的设计与实现[J]. 计算机工程, 2009, 35(6): 183-185.
[15]	刘连浩;沈增晖;刘上力;段绍华. S盒抗DPA能力与非线性度的关系[J]. 计算机工程, 2008, 34(20): 193-195.

选择文件类型/文献管理软件名称

选择包含的内容

一种带掩码AES算法的高阶差分功耗分析攻击方案

A High-order Differential Power Analysis Attack Scheme with Masked AES Algorithm

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

一种带掩码AES算法的高阶差分功耗分析攻击方案

A High-order Differential Power Analysis Attack Scheme with Masked AES Algorithm

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

本文评价