共查询到20条相似文献,搜索用时 31 毫秒
1.
The power analysis attack on SM4 using the chosen-plaintext method was proposed by Wang et al in 2013 CIS.The fixed data was introduced in the method when attacking the round key.However,the attack process was complex.There were many problems in the process,such as more power traces,more numbers of the chosen-plaintext and acquisition power traces.The correlation between the fixed data and the round key were presented,which could be used to decode the round key.Based on the correlation,the improved chosen-plaintext power analysis attack against SM4 at the round-output was proposed.The proposed method attacked the fixed data by analyzing the power traces of the special plaintext.And the round key was derived based on the correlation.The results show that the proposed attack algorithm is effective.The proposed method not only improves the efficiency of the attack by reducing number of power traces,number of the chosen-plaintext and number of acquisition power traces,but also can be applied to a chosen-plaintext power analysis attack against SM4 at the shift operation. 相似文献
2.
A novel method of mutual information power analysis attack was proposed.The method was built on the basis of the basic principle of power analysis and the basic theory of information.For the purpose of attacking the key,the mutual in-formation values was computed using two values between the mediate variable with the power traces.An experiment was im-plemented on the algorithm of HMAC based on SM3 using this method.The experimental results show the proposed attack method is effective because the initial value of state variable can be successfully retrieved to compute the real true key. 相似文献
3.
A novel method of the power analysis attack of dynamic password token based on SM3 was first proposed to choose the permutation function output as the power analysis attack target,and the simultaneous equations about the key were composed of the attack results.According to the given inverse permutation function,the key was derived by solving the simultaneous equations based on the inverse permutation function.Measured results are presented to validate the proposed method was effective.The proposed method solved the problems of permutation function keys for direct selection of target as an energy analysis attack target.And the proposed method can also be applied to the power analysis attack of the other cryptographic algorithms. 相似文献
4.
This article examines vulnerabilities to power analysis attacks between software and hardware implementations of cryptographic algorithms. Representative platforms including an Atmel 89S8252 8-bit processor and a 0.25 um 1.8 v standard cell circuit are proposed to implement the advance encryption standard (AES). A simulation-based experimental environment is built to acquire power data, and single-bit differential power analysis (DPA), and multi-bit DPA and correlation power analysis (CPA) attacks are conducted on two implementations respectively. The experimental results show that the hardware implementation has less data-dependent power leakages to resist power attacks. Furthermore, an improved DPA approach is proposed. It adopts hamming distance of intermediate results as power model and arranges plaintext inputs to differentiate power traces to the maximal probability. Compared with the original power attacks, our improved DPA performs a successful attack on AES hardware implementations with acceptable power measurements and fewer computations. 相似文献
5.
6.
功耗分析攻击是侧信道分析中针对密码设备最有效的分析手段之一,它利用密码设备消耗的功耗来分析密码设备的敏感信息.差分功耗分析是最早提出的功耗分析方法,也是目前最基本的分析方法之一.但是在实际使用差分功耗分析过程中,由于功耗轨迹存在噪声等因素,往往使得花了较多的功耗轨迹,差分功耗分析的效果一般,难以恢复出正确密钥.针对这个问题,本文提出了一种基于奇异值分解的选择功耗轨迹方法,这种方法可以选择一些质量好的功耗轨迹用于差分功耗分析,提高差分功耗分析的攻击效率.本文的实验验证了该方法的有效性,在同等分析条件下,对于我们自己采集的功耗数据,使用该方法情况下仅需124条功耗轨迹就可以达到80%的成功率,而普通差分功耗分析需要490条;对于DPA Contest 2008/2009提供的数据,使用该方法仅需53条功耗轨迹可以达到80%的成功率,而普通差分功耗分析需要195条.两个不同的实验对象都说明了该方法的有效性. 相似文献
7.
密码器件在执行高级加密标准(Advanced Encryption Standard,AES)时常以能量消耗方式泄漏密钥信息,为有效降低其与实际处理数据之间的相关性,该文提出一种具有防御零值功耗攻击性能的AES SubByte模块设计及其VLSI实现方案.首先,在分析GF(256)域求逆算法的基础上,采用关键模块复用的方法,提出一种更为有效的加法性屏蔽求逆算法;然后依此进一步得到一种新型的SubByte模块结构,实现在不影响对所有中间数据进行加法性屏蔽编码的同时,减少电路的芯片开销、提高电路的工作速度.实验结果表明,所设计的电路具有正确的逻辑功能.与传统SubByte模块比较,该设计的最高工作频率和面积都有较大的优化. 相似文献
8.
9.
安全性评估是密码芯片设计中的重要环节。传统的安全性分析方法主要包括泄漏评估和侧信道攻击,但是这些方法需要采集大量功耗曲线,对时间和采集设备都有较高要求。提出了利用芯片仿真波形进行安全性分析,并基于此设计了一种仿真安全分析软件。实验结果表明,仿真波形分析能够快速检测出加解密运算过程中出现的信息泄漏,且仿真分析需要的曲线条数与实际侧信道攻击需要的功耗曲线条数存在定性关系。与之前的安全分析技术相比,该方法主要应用于数字前端设计阶段,对硬件设备没有要求,可以极大节省时间和成本。 相似文献
10.
电磁旁路攻击是旁路攻击中的一种有效方法,为了克服传统的电磁旁路攻击必须近距离获取电磁信息的局限性,针对没有电磁防护的密码设备提出一种基于相关性分析的远场攻击方法.使用微控制器运行高级加密标准算法,使用天线在远场探测电磁信号,先对采集的电磁信号均值和滤波以减少噪声的影响,再使用相关性分析方法进行旁路攻击,在天线距离微控制器10 m处成功破解出完整的密钥.同时也对远场电磁旁路攻击中的频率和样本量做了深入研究,带有密钥信息的电磁旁路主要集中在一段频率范围内,而且随着样本量的增加密钥信息越明显,以此为基础结合密码芯片产生密钥信息泄露的机理,提出了改进的电磁旁路攻击方法. 相似文献
11.
Masking is a countermeasure against differential power analysis (DPA) attacks on cryptographic devices by using random masks to randomize the leaked power of sensitive information.Template attacks (TA) against cryptographic devices with masking countermeasure by far require attackers have knowledge of masks at the profiling phase.This requirement not only increase the prerequisite of template attacking,but also lead to some sort of difference between the experimental encryption codes of the profiling device and the codes of commercial cryptographic devices,which might degrade performance in real world attacking.Blind mask template attack directly learns templates for the combination of no mask intermediate values without the need of knowing the masks of training power traces,and then uses these templates to attack masked cryptographic devices.Both traditional Gaussian distribution and neural network were adopted as the templates in experiments.Experimental results verified the feasibility of this new approach.The success rate of neural network based blind mask template attacking against masked cryptographic devices is very close to that of traditional template attacks against cryptographic devices without masking countermeasure. 相似文献
12.
基于功耗预处理优化的 LED 密码模板攻击研究 总被引:1,自引:0,他引:1
对CHES 2011会议提出的轻量级分组密码LED抗功耗模板攻击能力进行了评估,从功耗曲线预处理优化的角度对模板攻击提出了改进:利用功耗曲线频域上的相位相关性计算偏移量,消除了模板构建过程中的数据干扰;利用明文片段对功耗曲线聚类划分的特征差异,提出了一种基于类间距离的特征提取方法,可实现不同泄露点的功耗数据自动切割;利用均值和噪声信息评估模板区分度,提出了一种基于聚类有效度的动态选点策略,提高了旁路信息利用率。实验结果表明:数据对齐和切割提高了匹配度的区分效果,降低了模板构建和攻击所需功耗曲线数量;聚类有效度选点策略与现有策略相比,攻击数据复杂度低,2条功耗曲线即可使成功概率收敛于1。 相似文献
13.
讨论针对随机伪操作椭圆曲线密码标量乘算法的SPA攻击,理论推导和实测结果均表明,在单样本SPA攻击下,即可在功耗曲线中获取大量的密钥信息;而在针对算法中随机操作漏洞的一种新型多样本SPA攻击—多样本递推逼近攻击下,用极小样本量就可完整破译密钥.当密钥长度为n时,该攻击方法完整破译密钥所需的样本数仅为0(1b n). 相似文献
14.
Potlapally N. R. Raghunathan A. Ravi S. Jha N. K. Lee R. B. 《Very Large Scale Integration (VLSI) Systems, IEEE Transactions on》2007,15(4):465-470
Cryptographic algorithms, irrespective of their theoretical strength, can be broken through weaknesses in their implementations. The most successful of these attacks are side-channel attacks which exploit unintended information leakage, e.g., timing information, power consumption, etc., from the implementation to extract the secret key. We propose a novel framework for implementing side-channel attacks where the attack is modeled as a search problem which takes the leaked information as its input, and deduces the secret key by using a satisfiability solver, a powerful Boolean reasoning technique. This approach can substantially enhance the scope of side-channel attacks by allowing a potentially wide range of internal variables to be exploited (not just those that are trivially related to the key). The proposed technique is particularly suited for attacking cryptographic software implementations which may inadvertently expose the values of intermediate variables in their computations (even though, they are very careful in protecting secret keys through the use of on-chip key generation and storage). We demonstrate our attack on standard software implementations of three popular cryptographic algorithms: DES, 3DES, and AES. Our attack technique is automated and does not require mathematical expertise on the part of the attacker 相似文献
15.
A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces. 相似文献
16.
公钥密码体制的算法大多基于有限域的幂指数运算或者离散对数运算。而这些运算一般会采用Montgomery算法来降低运算的复杂度。针对Montgomery算法本身存在可被侧信道攻击利用的信息泄露问题,从理论和实际功耗数据2方面分析了Montgomery算法存在的安全漏洞,并基于该漏洞提出了对使用Montgomery算法实现的模幂运算进行简单能量分析(SPA, simple power analysis)攻击算法。利用该算法对实际模幂运算的能量曲线进行了功耗分析攻击。实验表明该攻击算法是行之有效的。 相似文献
17.
18.
19.
The secret key used in a cryptosystem can be retrieved by physical attacks such as side-channel analysis (SCA) and fault analysis (FA) attacks. Traditionally, countermeasures for different physical attacks are developed in a separate fashion. To lay a solid foundation for countermeasure development for the emerging combined attacks, it is imperative to thoroughly study how the countermeasure for one attack affects the efficiency of other attack. In this work, we use a FPGA-based platform to investigate whether and how the FA countermeasure can influence the efficiency of the correlation power analysis (CPA) attack. Unlike the previous work using simulations on the S-Box only, our assessments are based on the FPGA emulation of the entire AES. In addition to considering different error detection codes, we compare the key retrieval speed of the CPA attack in the scenarios of using different power models, redundancy types for fault detection, modules under fault protection, and practical FPGA synthesis optimization. Furthermore, we propose a new countermeasure that integrates dynamic masking and error deflection to simultaneously thwart CPA and FA attacks. Experimental results show that for 100,000 power traces, our method successfully prevents the key leakage while other methods leak at least five AES subkey bytes. Meanwhile, our simulation also confirms that the proposed method reduces the success rate of FA attacks by up to 90 % over the other methods. 相似文献
20.
With the development of system-on-chip (SoC) chips, more and more design houses are cooperating with each other's. How to achieve benefit sharing and key management for multiple intellectual properties (IPs) has become an emergency problem. This work proposes an orthogonal obfuscation method to protect multiple IPs. The proposed method permits cooperators to control the project using different security keys, protects the patterns with an orthogonal key, and be convenient for the user to manage the key. For reasons of increased security, the proposed method hides the original keys to prevent information leakage. Multi-port Physical Unclonable Function (MPUF) circuit is used as the additional orthogonal key to cluster membership. It protects the IPs from hardware attacks such as brute-force attack, member leakage attack, reverse engineering and so on. The security analyzes results show that the proposed method reduces the key retrieval time by 36.3% over the baseline. The proposed obfuscation methods have been successfully applied to ISCAS′89 benchmark circuits and cryptographic algorithms. Experimental results indicate that the orthogonal obfuscation only increases the area by 3.43% and consumes 2.77% more power than the baseline. 相似文献