轻量级PRESENT加密算法功耗攻击研究

PRESENT密码算法是2007年提出来的一种轻量级分组密码算法, 适合于物联网环境下的安全加密。对PRESENT加密算法结构进行了深入研究, 提出了其适合功耗攻击的两个最佳攻击点, 详细介绍了针对PRESENT加密系统进行功耗分析攻击的设计与实现过程, 实验结果表明未加防护措施的PRESENT加密系统不能抵御一阶差分功耗分析攻击, 从而给PRESENT加密算法的安全改进提供一定的设计参考。     

基于汉明重的PRESENT密码代数旁路攻击

研究了分组密码代数旁路攻击原理及模型、非线性布尔方程组转化为saT问题的方法,提出了一种基于汉明重的PRESENT密码代数旁路攻击方法,降低了求解非线性多元方程组的复杂度,减少了旁路攻击所需样本量,并通过实验对理论正确性进行了验证。结果表明,在已知明文条件下,利用一个样本前3轮的S盒输入、输出汉明重在0.63s内即可恢复80bit PRESENT完整密钥;在未知明密文和S盒输入、输出汉明重随机选取条件下,也可恢复PRESENT完整密钥。     

基于PRESENT算法的RFID安全认证协议

物联网中RFID技术的应用非常广泛,但是RFID系统的安全性却存在着很大隐患。在RFID系统中标签与读写器间的通信信道是最易受到攻击,传输数据的完整性与保密性得不到保障,因而需要加强RFID系统通信的安全机制。考虑到RFID系统的硬件条件与成本限制,需要建立一个适合RFID系统的安全认证协议,来解决在RFID系统中信息传输所遇到的安全问题。PRESENT算法是轻量级的分组加密算法,将PRESENT结合到RFID系统的安全认证协议中,形成了新的RFID安全认证协议PRSA(PRESENT based RFID security authentication)。此协议可以增强RFID系统的安全性而又不会占用过多的硬件资源,从而能够适用于低成本的RFID系统的通信安全。     

针对低轮PRESENT的代数攻击

基于MiniSAT 2.0软件,研究对低轮PRESENT的代数攻击问题。提出将S盒表示为单项式个数较少的无冗余等效方程组的方法,将PRESENT的S盒表示为由14个单项式个数均≤6的8元布尔方程构成的等效方程组,并基于不同的已知明文量,利用MiniSAT软件对PRESENT进行代数攻击实验,获得了较好的攻击效果。实验表明,在已知明文条件下可以在121 h内求出80 bit密钥的5轮PRESENT的全部密钥比特,在选择明文条件下可以在203 h内求出6轮PRESENT的全部密钥比特。     

PRESENT相关功耗分析攻击研究

对PRESENT分组密码抗相关功耗分析能力进行了研究。基于汉明距离功耗模型,提出了一种针对PRESENT S盒的相关功耗分析方法,并通过仿真实验进行了验证。结果表明,未加防护措施的PRESENT硬件实现易遭受相关功耗分析威胁,5个样本的功耗曲线经分析即可恢复64位第一轮扩展密钥,将80位主密钥搜索空间降低到216,因此,PRESENT密码硬件实现需要对此类攻击进行防护。     

Lightweight authenticated encryption for embedded on-chip systems

ABSTRACT

Embedded systems are routinely deployed in critical infrastructures nowadays, therefore their security is increasingly important. This, combined with the pressing requirement of deploying massive numbers of low-cost and low-energy embedded devices, stimulates the evolution of lightweight cryptography and other green-computing security mechanisms. New crypto-primitives are being proposed that offer moderate security and produce compact implementations. In this article, we present a lightweight authenticated encryption scheme based on the integrated hardware implementation of the lightweight block cipher PRESENT and the lightweight hash function SPONGENT. The presented combination of a cipher and a hash function is appropriate for implementing authenticated encryption schemes that are commonly utilized in one-way and mutual authentication protocols. We exploit their inner structure to discover hardware elements usable by both primitives, thus reducing the circuit’s size. The integrated versions demonstrate a 27% reduction in hardware area compared to the simple combination of the two primitives. The resulting solution is ported on a field-programmable gate array (FPGA) and a complete security application with input/output from a universal asynchronous receiver/transmitter (UART) gate is created. In comparison with similar implementations in hardware and software, the proposed scheme represents a better overall status.     

Low area field-programmable gate array implementation of PRESENT image encryption with key rotation and substitution

Lightweight ciphers are increasingly employed in cryptography because of the high demand for secure data transmission in wireless sensor network, embedded devices, and Internet of Things. The PRESENT algorithm as an ultra-lightweight block cipher provides better solution for secure hardware cryptography with low power consumption and minimum resource. This study generates the key using key rotation and substitution method, which contains key rotation, key switching, and binary-coded decimal-based key generation used in image encryption. The key rotation and substitution-based PRESENT architecture is proposed to increase security level for data stream and randomness in cipher through providing high resistance to attacks. Lookup table is used to design the key scheduling module, thus reducing the area of architecture. Field-programmable gate array (FPGA) performances are evaluated for the proposed and conventional methods. In Virtex 6 device, the proposed key rotation and substitution PRESENT architecture occupied 72 lookup tables, 65 flip flops, and 35 slices which are comparably less to the existing architecture.     

针对PRESENT分组密码算法的代数分析*

本文研究针对PRESENT分组密码的代数分析。通过使用S盒的表达式形式,构建出多轮PRESENT加密中的代数方程组。这种构建方程的方法被推广到具有小型S盒的典型SPN型分组密码算法的方程构建问题中。文中还对简化的PRESENT算法进行了攻击实验。采用MiniSAT作为攻击过程中的求解工具,对4轮、6轮PRESENT加密进行实际攻击。可以在一分钟之内恢复4轮加密的所有密钥,数小时内恢复6轮加密的密钥。并且通过引入了差分思想,首次将有效攻击轮数提高到8轮。     

PRESENT的多模型差分错误分析

PRESENT密码是一种适用于传感器网络、RFID标签等小规模硬件的轻量加密算法。本文对PRESENT算法的差分错误分析方法进行研究,提出了针对PRESENT密码的四种差分错误模型,并对它们进行分析对比,从而找到针对PRESENT算法最好的差分错误分析方法。就我们收集到的现有发表著作显示,此次研究比以往PRESENT的差分错误攻击更为有效。最好结果是,在第28轮和第29轮P置换之间引入8bit随机错误,平均使用17个错误样本分析得到最后一轮64bit白化密钥。     

缩减轮数PRESENT算法的Biclique分析

轻量级分组密码算法PRESENT由于其出色的硬件实现性能和简洁的轮函数设计,一经提出便引起了工业界与学术界的广泛关注.文中作者基于Biclique分析方法,首次提出针对21轮PRESENT-80算法的Biclique密钥恢复攻击方法.该攻击方法需要278.9的计算复杂度和264的数据复杂度.此外,针对PRESENT-80的Bielique攻击也可推广到相同轮数的PRESENT-128和DM-PRESENT压缩函数的安全性分析.与其它已公开密码学安全性分析结果相比,作者提出的Bielique攻击在内存复杂度上具有一定的优势.