Blind mask template attacks on masked cryptographic algorithm

Masking is a countermeasure against differential power analysis (DPA) attacks on cryptographic devices by using random masks to randomize the leaked power of sensitive information.Template attacks (TA) against cryptographic devices with masking countermeasure by far require attackers have knowledge of masks at the profiling phase.This requirement not only increase the prerequisite of template attacking,but also lead to some sort of difference between the experimental encryption codes of the profiling device and the codes of commercial cryptographic devices,which might degrade performance in real world attacking.Blind mask template attack directly learns templates for the combination of no mask intermediate values without the need of knowing the masks of training power traces,and then uses these templates to attack masked cryptographic devices.Both traditional Gaussian distribution and neural network were adopted as the templates in experiments.Experimental results verified the feasibility of this new approach.The success rate of neural network based blind mask template attacking against masked cryptographic devices is very close to that of traditional template attacks against cryptographic devices without masking countermeasure.     

C~4ISR网络对抗技术

攻击和防御是对抗的两个基本方面。文章首先阐述了C^4ISR的概念,然后对信息网络的对抗技术进行了归纳分类,讨论了各种信息网络防御机制,重点分析了不同防御机制中所存在的脆弱性,并提出了相应的攻击措施。最后,对C^4ISR网络对抗机制间的攻防关系进行了总结。     

Cryptanalysis of an Authenticated Key Agreement Protocol for Wireless Mobile Communications

With the rapid progress of wireless mobile communications, the authenticated key agreement (AKA) protocol has attracted an increasing amount of attention. However, due to the limitations of bandwidth and storage of the mobile devices, most of the existing AKA protocols are not suitable for wireless mobile communications. Recently, Lo and others presented an efficient AKA protocol based on elliptic curve cryptography and included their protocol in 3GPP2 specifications. However, in this letter, we point out that Lo and others’ protocol is vulnerable to an offline password guessing attack. To resist the attack, we also propose an efficient countermeasure.     

Distance bounding protocols for RFID enhanced by using void‐challenges and analysis in noisy channels

RFID systems are vulnerable to different attacks related to the location; distance fraud attack, relay attack and terrorist attack. The main countermeasure against these attacks is the use of protocols capable of measuring the round trip time of single challenge‐response bit. In this paper, we consider a modification of these protocols applying a new feature; the ‘void challenges’. This way, the success probability for an adversary to access to the system decreases. We use as reference‐point the most popular of this kind of protocols, the Hancke and Kuhn's protocol, to show the improvements achieved when different cases are analysed. Copyright © 2008 John Wiley & Sons, Ltd.     

VPN网络防御DOS攻击的探讨

虚拟专用网(VPN)通过加密提供安全信道,尽管VPN支持两个主机间的认证并认证后才提供VPN服务,但VPN并不拒绝试图建立连接的请求,因此,还是可以被拒绝服务(DOS)和分布式拒绝服务(DDOS)攻击,除非整个网络全部采用IPSec协议提供身份认证,否则就找不到攻击源头。针对已采用IPSec协议的VPN,文章补充了一个模块以增加其安全性并抵御中小型DOS攻击,尽量减少攻击造成的损害,并探讨了下一代网络采用IPSec必要性。     

The effectiveness of a current flattening circuit as countermeasure against DPA attacks

This paper presents an on-chip current flattening circuit designed in 0.18-μm CMOS technology, which can be integrated with secure microsystems, such as smart cards, as a countermeasure against power analysis attacks. The robustness of the proposed countermeasure is evaluated by measuring the number of current traces required for a differential power analysis attack. We analyze the relationship between the required number of current traces and the dynamic current variations, and we show empirically that the required numbers of current traces is proportional to an inverse of the square of the rms value of the flattened current. Finally, we evaluate the effectiveness of the proposed design by using the experimental results of the fabricated chip. The analysis of the experimental results confirms the effectiveness of the current flattening circuit.     

Cryptanalysis and enhancements of efficient three‐party password‐based key exchange scheme

In this paper, we first showed that Lou and Huang's three‐party password‐based key exchange protocol is still vulnerable to offline dictionary attacks. Thereafter, we proposed an enhanced protocol that can defeat the attack described and yet is efficient. Finally, we provided the rigorous proof of the security for it. Copyright © 2011 John Wiley & Sons, Ltd.     

空中进攻作战电子对抗兵力需求分析

首先运用排队理论建立了信号流密度下的电子对抗侦察预警兵力估算模型,然后给出了铺设空中干扰走廊时干扰飞机施放箔条反射体数量的计算方法,最后分析了空中进攻作战中反辐射攻击兵力需求估算问题.     

一种信息系统对抗过程模型的建立

通过对信息系统攻击和防御行为过程的分析,提出了信息系统攻击与防御的“共道”与“逆道”过程,建立了信息系统对抗过程的“共道-逆道”模型,该模型是信息系统攻击与对抗过程的抽象,通过合理裁剪和填充具体内容便可广泛适用;该模型可以方便地分析攻击方和被攻击方的行为过程,分析其时间区域分布、其“共道”和“逆道”的信息特征等;该模型将为信息系统安全与对抗的系统层的分析、设计和评价提供一定的理论与技术基础。     

Intelligent Internal Stealthy Attack and its Countermeasure for Multicast Routing Protocol in MANET

Multicast communication of mobile ad hoc networks is vulnerable to internal attacks due to its routing structure and high scalability of its participants. Though existing intrusion detection systems (IDSs) act smartly to defend against attack strategies, adversaries also accordingly update their attacking plans intelligently so as to intervene in successful defending schemes. In our work, we present a novel indirect internal stealthy attack on a tree‐based multicast routing protocol. Such an indirect stealthy attack intelligently makes neighbor nodes drop their routing‐layer unicast control packets instead of processing or forwarding them. The adversary targets the collision avoidance mechanism of the Medium Access Control (MAC) protocol to indirectly affect the routing layer process. Simulation results show the success of this attacking strategy over the existing “stealthy attack in wireless ad hoc networks: detection and countermeasure (SADEC)” detection system. We design a cross‐layer automata‐based stealthy attack on multicast routing protocols (SAMRP) attacker detection system to identify and isolate the proposed attacker. NS‐2 simulation and analytical results show the efficient performance, against an indirect internal stealthy attack, of SAMRP over the existing SADEC and BLM attacker detection systems.     

空间信息对抗综述

空间信息对抗是信息对抗的一个新的领域。首先阐述了空间信息对抗的概念,然后着重从空间信息获取、空间信息攻击和空间信息防御三个方面对空间信息对抗的理论体系和技术发展进行了综述,并展望了空间信息对抗的发展趋势,以期对我军空间信息对抗的发展有所裨益。     

Random Point Blinding Methods for Koblitz Curve Cryptosystem

While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side‐channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost.     

信息战中的导航作战

从信息对抗的角度来看，导航战是指对立双方为争夺导航信息的控制权而展开的斗争。全面分析了导航系统的特点，从进攻与防御两方面探讨了导航战对相关技术的需求，分析了导航技术在军事中的具体应用，提出加强对敌信息作战中导航作战理论的研究。     

Design of differential power analysis resistant crypto chip based on time randomization

Differential Power Analysis (DPA) is an effective attack method to break the crypto chips and it has been considered to be a threat to security of information system. With analyzing the principle of resist-ing DPA, an available countermeasure based on randomization is proposed in this paper. Time delay is in-serted in the operation process and random number is precharged to the circuit during the delay time, the normal schedule is disturbed and the power is randomized. Following this methodology, a general DPA re-sistance random precharge architecture is proposed and DES algorithm following this architecture is imple-mented. This countermeasure is testified to be efficient to resist DPA.     

Practical Second‐Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary‐with‐random‐initial‐point algorithm on elliptical curve cryptosystems. It is known to be secure against first‐order differential power analysis (DPA); however, it is susceptible to second‐order DPA. Although second‐order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second‐order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.     

流密码典型分析方法及实例

流密码的设计与分析在现代密码学中占有重要地位。简要介绍了流密码分析的基本原理和模型,主要包括：折中攻击、猜测和决定攻击、相关攻击、最佳仿射攻击、代数攻击和边信道攻击。然后基于Mathematica平台,使用简易密钥流发生器为测试对象,对其中的折中攻击、猜测和决定攻击及相关攻击进行了仿真实现。通过实验,揭示了流密码算法的一个重要设计原则：避免内部状态演变的线性性以及输出序列统计性质的偏向性。最后对流密码分析方法给予了总结和展望。     

可证安全的高效无证书有序多重签名方案

无证书有序多重签名可用于解决信任链推荐信息的认证问题。秦艳琳等提出一个高效的无证书有序多重签名方案,并在随机语言机模型下证明方案的安全性可归约为CDH（computational Diffie-Hellman）困难问题。对该方案的安全性证明过程进行分析,指出方案难以抵抗伪造攻击：攻击者已知某个多重签名,则可以伪造其他消息的多重签名。随后构造一个更加高效的无证书有序多重签名方案,方案使用更少的双线性对,且只有一个签名消息,占用更小的计算代价和通信代价。最后证明方案在随机预言机模型下具有不可伪造性。     

抗SPA攻击的椭圆曲线NAF标量乘实现算法

针对椭圆曲线非相邻形式（NAF）标量乘法不能很好地抵抗简单功耗分析攻击（SPA）的问题,对NAF标量乘的实现算法以及对NAF标量乘的SPA攻击原理进行了分析,提出一种新的标量乘实现算法——平衡能量NAF标量乘法。通过对智能卡功耗分析平台的实测波形进行分析验证,平衡能量NAF标量乘法不仅继承了NAF标量乘法运算效率高的优点,而且能够很好地抵抗SPA攻击,提高密码芯片的安全性。     

确定性复杂网络的稳定性受随机打击影响的研究

通过对确定性复杂网络模型稳定性的量化分析,利用随机打击,计算出了打击后的平均路径长度,度分布及打击后群系数,结果显示确定性复杂网络在随机打击下,其平均路径长度和群系数都能保持很好的稳定性,不会因恶意打击而受到很大的干扰。     

复杂网络中修复策略研究

复杂网络修复是提高网络抗毁性的重要手段,已有的修复模型大多只考虑对有限资源的分配策略,而没有很好的反映实际复杂网络修复中的延迟因素。提出一种延迟修复的网络修复模型,该模型考虑了网络打击和修复所需要的实际时间比例,并在不同复杂网络拓扑下针对随机打击和故意打击这两种打击模式设计了四种不同的修复策略,模拟实验结果显示在随机网络下,采用比例修复或者平方根修复能够达到较好的修复效果;而在无标度网络下,采用平方根修复能够达到较好的修复效果。