A Comprehensive FPGA-Based Assessment on Fault-Resistant AES against Correlation Power Analysis Attack

The secret key used in a cryptosystem can be retrieved by physical attacks such as side-channel analysis (SCA) and fault analysis (FA) attacks. Traditionally, countermeasures for different physical attacks are developed in a separate fashion. To lay a solid foundation for countermeasure development for the emerging combined attacks, it is imperative to thoroughly study how the countermeasure for one attack affects the efficiency of other attack. In this work, we use a FPGA-based platform to investigate whether and how the FA countermeasure can influence the efficiency of the correlation power analysis (CPA) attack. Unlike the previous work using simulations on the S-Box only, our assessments are based on the FPGA emulation of the entire AES. In addition to considering different error detection codes, we compare the key retrieval speed of the CPA attack in the scenarios of using different power models, redundancy types for fault detection, modules under fault protection, and practical FPGA synthesis optimization. Furthermore, we propose a new countermeasure that integrates dynamic masking and error deflection to simultaneously thwart CPA and FA attacks. Experimental results show that for 100,000 power traces, our method successfully prevents the key leakage while other methods leak at least five AES subkey bytes. Meanwhile, our simulation also confirms that the proposed method reduces the success rate of FA attacks by up to 90 % over the other methods.     

智能卡差分能量分析实验平台实现与数据优化

随着密码学和密码芯片的广泛应用,针对密码芯片的攻击也日益增多.差分能量分析（Differential Power Analysis,DPA）攻击是最常见的一种侧信道攻击方法.DPA攻击者无须了解加密算法的具体细节,而只通过密码设备的能量迹分析即可破解出设备的密钥.因此,研究DPA攻击十分必要.实现了智能卡DPA实验系统,并对于此系统的能量迹测量数据进行优化处理,从而更有利于针对此类攻击的分析和相应防御措施的设计.     

基于微控制器的AES激光注入攻击研究

密码设备面临故障攻击的威胁,针对密码芯片的故障攻击手段研究是密码学和硬件安全领域的重要研究方向.脉冲激光具有较好的时空分辨性,是一种准确度较高的故障攻击手段.该文详细描述了激光注入攻击的原理和方法,以集成AES-128算法的微控制器(MCU)为例实施了激光注入攻击实验.实验以微控制器的SRAM为攻击目标,分别成功实现了差分故障攻击和子密钥编排攻击,恢复了其16 Byte的完整密钥,其中后一种攻击是目前首次以激光的手段实现.研究表明,激光注入攻击能准确定位关键数据存放的物理位置,并能在任意的操作中引入错误,实现单比特的数据翻转,满足故障攻击模型的需求.激光注入攻击能在较短时间内完成自动攻击和密文收集,攻击过程贴近真实场景,对密码芯片具有极大的威胁.     

基于微控制器的AES激光注入攻击研究

密码设备面临故障攻击的威胁,针对密码芯片的故障攻击手段研究是密码学和硬件安全领域的重要研究方向。脉冲激光具有较好的时空分辨性,是一种准确度较高的故障攻击手段。该文详细描述了激光注入攻击的原理和方法,以集成AES-128算法的微控制器(MCU)为例实施了激光注入攻击实验。实验以微控制器的SRAM为攻击目标,分别成功实现了差分故障攻击和子密钥编排攻击,恢复了其16 Byte的完整密钥,其中后一种攻击是目前首次以激光的手段实现。研究表明,激光注入攻击能准确定位关键数据存放的物理位置,并能在任意的操作中引入错误,实现单比特的数据翻转,满足故障攻击模型的需求。激光注入攻击能在较短时间内完成自动攻击和密文收集,攻击过程贴近真实场景,对密码芯片具有极大的威胁。     

线性反馈移位寄存器的差分能量攻击

能否有效去除算法噪声的影响,直接关系到能量攻击成败。该文以线性反馈移位寄存器(LFSR)相邻两个时钟周期的能量消耗差异为出发点,提出了一种新的差分能量攻击算法。它从根本上去除了密码算法噪声在攻击过程中带来的影响。由于该算法随机选择初始向量(initialization vector),从而使攻击者能够容易地将其推广到具有类似结构的流密码体制。为了进一步验证攻击算法的有效性,该文利用软件仿真的方法对DECIM进行了模拟攻击。仿真结果表明,该攻击算法能够有效降低LFSR的密钥搜索的复杂度。     

一种与JPEG图像压缩编码结合的细胞自动机域盲水印算法

该文结合JPEG图像压缩编码和细胞自动机,提出一种用于JPEG压缩图像的数字盲水印算法。该算法先用Moore型细胞自动机对水印图像进行置乱;随后用2维正交细胞自动机变换将原始灰度图像进行分解,并在分解后得到的低频细胞自动机域系数中嵌入置乱后的水印信息。最后将嵌入了水印的图像按JPEG图像压缩标准进行编码。水印的提取是在解码过程中进行的。实验结果表明,该水印算法有较好的隐藏性;对常见的攻击如JPEG压缩、滤波、剪切、旋转以及加性噪声攻击等有较好的鲁棒性。     

系统级封装新型埋入式电源滤波结构的研究

在高密度小尺寸的系统级封装(SiP)中,对供电系统的完整性要求越来越高,多芯片共用一个电源网路所产生的电压抖动除了会影响到芯片的正常工作,还会通过供电网路干扰到临近电路和其他敏感电路,导致芯片误动作,以及信号完整性和其他电磁干扰问题.这种电压抖动所占频带相当宽,几百MHz到几个GHz的中频电源噪声普通方法很难去除.结合埋入式电容和电源分割方法的特点,提出一种新型高性能埋入式电源低通滤波结构直接替代电源/地平面.研究表明,在0.65～4GHz的频带内隔离深度可达-40～75 dB,电源阻抗均在0.25ohm以下,实现了宽频高隔离度的高性能滤波作用.分别用电磁场和广义传输线两种仿真器模拟,高频等效电路模型分析这种低通滤波器的工作原理以及结构对隔离性能的影响,并进行了实验验证.     

The research of DPA attacks against AES implementations

This article examines vulnerabilities to power analysis attacks between software and hardware implementations of cryptographic algorithms. Representative platforms including an Atmel 89S8252 8-bit processor and a 0.25 um 1.8 v standard cell circuit are proposed to implement the advance encryption standard （AES）. A simulation-based experimental environment is built to acquire power data, and single-bit differential power analysis （DPA）, and multi-bit DPA and correlation power analysis （CPA） attacks are conducted on two implementations respectively. The experimental results show that the hardware implementation has less data-dependent power leakages to resist power attacks. Furthermore, an improved DPA approach is proposed. It adopts hamming distance of intermediate results as power model and arranges plaintext inputs to differentiate power traces to the maximal probability. Compared with the original power attacks, our improved DPA performs a successful attack on AES hardware implementations with acceptable power measurements and fewer computations.     

Side-channel attack-resistant AES S-box with hidden subfield inversion and glitch-free masking

A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.     

侧信道原子化的严格自随机化模幂算法

研究了RSA密码算法的差分功耗分析防御方法.通过对自随机化模幂算法的分析,提出将BBS随机数发生器和侧信道原子化技术应用于改进的算法中,得到侧信道原子化的严格自随机化模幂算法.仿真实验结果证明.该方法可以有效防御差分功耗分析攻击.     

Methods increasing inherent resistance of ECC designs against horizontal attacks

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behaviour of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA is the so called horizontal differential SCA. In this paper we investigate two different approaches to increase the inherent resistance of our hardware accelerator for the kP operation. The first approach aims at reducing the impact of the addressing in our design by realizing a regular schedule of the addressing. In the second approach, we investigated how the formula used to implement the multiplication of GF(2ⁿ)-elements influences the results of horizontal DPA attacks against a Montgomery kP-implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly. The combination of these two approaches leads to the most resistant design. For the 250 nm technology only 2 key candidates could be revealed with a correctness of about 70% which is a huge improvement given the fact that for the original design 7 key candidates achieved a correctness of more than 90%. For our 130 nm technology no key candidate was revealed with a correctness of more than 60%.     

对智能卡进行微分功耗分析攻击的方法研究

详细阐述了对通用密码系统实施微分功耗分析攻击(DPA)的理论基础和对DES算法攻击的特定理论，并提出了对DPA的改进算法。在分析功耗信号的噪声特点以后，提出了一个信噪比(SNR)的建模方法和相应理论的证明。最后，给出了算法的一个实验结果。     

A 220 mV robust read-decoupled partial feedback cutting based low-leakage 9T SRAM for Internet of Things (IoT) applications

In this work, a 9T subthreshold SRAM cell is proposed with the reduced leakage power and improved stability against the PVT variations. The proposed cell employs the read decoupling to improve the read stability, and the partial feedback cutting approach to control the leakage power with improved read/write ability. The incorporated stacking effect further improves the leakage power. The simulated leakage power for the proposed cell is 0.61×, 0.49×, 0.80× and 0.55×, while the read static noise margin (RSNM) is 2.5×, 1×, 1.05× and 0.96×, write static noise margin (WSNM) 0 is 1.5×, 1.8×, 1.68× and 1.9× and WSNM 1 is 0.95×, 1.2×, 1.05×, and 1.2× at 0.4 V when compared with the conventional 6T and state of arts (single ended 6T, PPN based 10T and data aware write assist (DAWA) 12T SRAM architectures) respectively. The minimum supply voltage at which this cell can successfully operate is 220 mV. A 4 Kb memory array has also been simulated using proposed cell and it consumes 0.63×, 0.67× and 0.63× less energy than 6T during read, write 1 and write 0 operations respectively for supply voltage of 0.3 V.     

基于信号互相关的低速率拒绝服务攻击检测方法

低速率拒绝服务LDoS（Low-rate Denial of Service）攻击是一种基于TCP/IP协议漏洞,采用密集型周期性脉冲的攻击方式.本文针对分布式LDoS攻击脉冲到达目标端的时序关系,提出基于互相关的LDoS攻击检测方法.该方法通过计算构造的检测序列与采样得到的网络流量序列的相关性,得到相关序列,采用基于循环卷积的互相关算法来计算攻击脉冲经过不同传输通道在特定的攻击目标端的精确时间,利用无周期单脉冲预测技术估计LDoS攻击的周期参数,提取LDoS攻击的脉冲持续时间的相关性特征,并设计判决门限规则.实验结果表明基于信号互相关的LDoS攻击检测方法具有较好的检测性能.     

Image Restoration Using Hybrid Features Improvement on Morphological Component Analysis

Images are generally corrupted by impulse noise during acquisition and transmission. Noise deteriorates the quality of images. To remove corruption noise, we propose a hybrid approach to restoring a random noise-corrupted image, including a block matching 3D (BM3D) method, an adaptive non-local mean (ANLM) scheme, and the K-singular value decomposition (K-SVD) algorithm. In the proposed method, we employ the morphological component analysis (MCA) to decompose an image into the texture, structure, and edge parts. Then, the BM3D method, ANLM scheme, and K-SVD algorithm are utilized to eliminate noise in the texture, structure, and edge parts of the image, respectively. Experimental results show that the proposed approach can effectively remove interference random noise in different parts; meanwhile, the deteriorated image is able to be reconstructed well.     

一种适用于超宽带通信的微带垂直转换结构

该文提出一种适用于超宽带电路的基于过孔的微带垂直转换结构。通过在过孔附近的电源层上蚀刻平面电磁带隙单元来抑制电源分配网络谐振,降低其在过孔处的自阻抗,以改善垂直互连结构传输性能。将互连结构分解为过孔处耦合的微带线结构和电源平面对结构,并使用网络分析方法快速估算系统传输性能。仿真和实验测试表明,在3.1-10.6 GHz的超宽带频段内过孔的插入损耗小于0.4 dB。与在电源分配网络之间添加短路过孔方法相比,该结构在传输性能相当的前提下减少了一个布线层,从而降低了设备成本。     

一种针对Virtex-7加密位流的侧信道分析方法

随着FPGA在商业、国防等领域的广泛应用,出现了很多针对FPGA的攻击方法,电路安全性面临着极大挑战。为了进一步研究FPGA的安全机制,文章介绍了一种新的侧信道分析(SCA)方法,并首次在Xilinx Virtex-7芯片上分析了加密位流在加载过程中存在的安全漏洞。相比之前的攻击目标,Virtex-7芯片规模更大,采集的信号信噪比更低,攻击难度更大。之前的研究使用的是SASEBO或SAKURA这类专为SCA设计的测试板,而该文的分析是第一个在Xilinx官方评估板上进行的实例,由于官方评估板不是针对侧信道信号采集设计的电路板,因此需要经过处理才能获得足够的信噪比。使用电磁辐射作为侧信道测量值,在80万条电磁曲线内就能够获得一组密钥。通过密钥解密,得到明文位流,攻击者就能够对FPGA进行逆向分析、克隆等操作,从而影响FPGA的安全。     

基于差异度的密码芯片旁路攻击研究

针对旁路攻击方法存在的样本量大、分析时间长等问题,结合微控制器的系统结构,分析了旁路泄漏信号的噪声来源及其差分抑制方法;定义了信号差异度和汉明距离差异度,分析了二者间的反比映射关系;利用加密过程中差异度的变化特征,提出了基于差异度的密钥分析方法;以DES密码算法为验证目标,仅用150组功耗轨迹,分析用时1.03 s破解了密钥,可推广应用于以通用微控制器作为实现载体的其他分组密码系统。     

针对密码芯片频域互信息能量分析攻击

在对密码芯片进行时域上互信息能量分析基础上,提出频域上最大互信息系数能量分析攻击的方法。该方法结合了密码芯片在频域上信息泄露的原理和互信息能量分析攻击的原理,引入了最大互信息系数的概念,避免了在时域上进行曲线精确对齐的操作,并针对国产密码算法SMS4进行了攻击测试。实验表明,频域上最大互信息系数攻击的有效性扩展了侧信道能量分析攻击的方法。     

融合潜在纹理和表面一致性的三维掌纹识别

针对三维 (3D)掌纹识别由于噪声干扰和忽略相邻深度信息引起识别率低的问题,提出融合潜在纹理和表面一致性的3D掌纹识别方法。首先,利用能量局部边缘二值码(energy local edge binary code,ELEBC)从能量图中提取潜在的纹理方向信息,消除噪声。然后,通过平均块模式表面类型(mean block pattern surface type,MBST)获取表面一致性。最后,利用主成分分析(principal component analysis,PCA)进行数据降维,并使用决策级融合,从而获取最终的识别结果。在香港理工大学3D掌纹数据库中进行相关实验,结果表明,正确识别率最高可达到99.71%,相比于其他新颖算法具有优势,并且识别分类时间保持在0.5 s以下。这显示出本文方法不仅具有良好的识别效果,同时能够满足实时性的要求,具有应用价值。