High-level synthesis design flow for power side-channel security

The lack of efficient security guidance is a prominent problem in the design flow of high-level synthesis. To tackle this issue, this paper proposes a security-based high-level synthesis design flow featuring the power side-channel vulnerabilities. The side-channel leakage is quantified by establishing a secure component module library, a more efficient and secure parallel scheduling mechanism is generated by optimizing the control flow, and a more secure architecture of the storage system is achieved by optimizing the data flow. The goal is to perform tradeoffs between performance and security, reducing the side-channel risks at the early stage of design and simultaneously generating more secure and efficient cryptographic cores in hardware. Furthermore, the proposed HLS design flow is verified on a field programmable gate array platform. Experimental results show that, in comparison with the traditional design flow, this method reduces the resources by 72% and the clock cycles by 70% and increases the throughput by 88%, and that it can lower the power side-channel risks within an ongoing design to the greatest extent.     

基于FPGA实现AES的侧信道碰撞攻击

为了解决攻击点在能量迹中具体位置的识别问题,在对侧信道碰撞攻击技术研究的基础上,提出了通过计算能量迹中每个采样点的方差来识别攻击点的方差检查技术。并利用基于相关系数的碰撞检测方法,对一种AES的FPGA实现实施了攻击。实验结果表明,方差检查技术可以有效地识别攻击点在能量迹中的具体位置。     

一种面向密码芯片的旁路攻击防御方法

针对不同级别的旁路信息泄露,提出一种通用的旁路信息泄露容忍防御模型,并结合信息熵理论给出该模型的形式化描述.该模型采用(t,n)门限机制,使得部分旁路信息泄露不会影响系统的安全性.在该防御模型的基础上,结合高级加密标准AES-128算法的安全实现,设计了一种两阶段掩码的旁路攻击防御方法.与已有的防御方法相比,该方法能够同时防御高阶旁路攻击与模板攻击.通过理论分析与仿真实验验证了该方法的有效性.     

嵌入式系统的安全技术研究

随着嵌入式系统的网络化发展,嵌入式系统的安全将成为嵌入式系统必须考虑的问题。嵌入式系统的资源有限性使它的安全问题比一般的桌面系统更加复杂。因此,如何构建一个安全的嵌入式系统是个很值得研究的问题。同时,嵌入式系统的安全不是安全嵌入式系统的附加功能,安全嵌入式系统要在整个设计过程中考虑安全因素,从而决定采用哪种安全技术。从安全的整体性出发,研究了嵌入式系统的各种安全技术,总结归纳出几种安全增强方式,并指出其相应的应用特点,为如何建立嵌入式系统的安全提供依据。     

基于汉明重的PRESENT密码代数旁路攻击

研究了分组密码代数旁路攻击原理及模型、非线性布尔方程组转化为saT问题的方法,提出了一种基于汉明重的PRESENT密码代数旁路攻击方法,降低了求解非线性多元方程组的复杂度,减少了旁路攻击所需样本量,并通过实验对理论正确性进行了验证。结果表明,在已知明文条件下,利用一个样本前3轮的S盒输入、输出汉明重在0.63s内即可恢复80bit PRESENT完整密钥;在未知明密文和S盒输入、输出汉明重随机选取条件下,也可恢复PRESENT完整密钥。     

数据加密标准旁路攻击差分功耗仿真分析

器件在加密过程中会产生功率、电磁等信息的泄漏,这些加密执行过程中产生的能量辐射涉及到加密时的密钥信息;文章首先简单分析了CMOS器件工作时产生功耗泄漏的机理,即与门电路内处理数据的汉明距离成正比;详细分析了DES加密过程的功耗轨迹,建立了DES加密过程中的功耗泄漏模型,并利用该模型建立了差分功耗分析(DPA)仿真平台;通过这个仿真平台在没有复杂测试设备与测试手段的情况下,对DES加密实现在面临DPA攻击时的脆弱性进行分析,全部猜测48位子密钥所须时间大约为6分钟,剩下的8位可以通过强力攻击或是附加分析一轮而得到;可见对于没有任何防护措施的DES加密实现是不能防御DPA攻击的.     

针对随机伪操作的简单功耗分析攻击

讨论针对随机伪操作椭圆曲线密码标量乘算法的SPA攻击,理论推导和实测结果均表明,在单样本SPA攻击下,即可在功耗曲线中获取大量的密钥信息;而在针对算法中随机操作漏洞的一种新型多样本SPA攻击—多样本递推逼近攻击下,用极小样本量就可完整破译密钥.当密钥长度为n时,该攻击方法完整破译密钥所需的样本数仅为0(1b n).     

基于在线计数的改进快速泄露评估

快速泄露评估(FLA,fast leakage assessment)在2017年被提出,利用“计数”的思想极大地提升了计算效率.首先对快速泄露评估的性能进行分析,然后提出基于在线计数的方法对评估流程进行改进,并使用FPGA对该方法进行实现.根据实验结果对比,所提方法不仅可以减少评估中所需要占用的内存,而且能够缩短评估...     

A Novel Probabilistic Saturating Counter Design for Secure Branch Predictor

In a modern processor,branch prediction is crucial in effectively exploiting the instruction-level parallelism for high-performance execution.However,recently exposed vulnerabilities reveal the urgency to improve the security of branch predictors.The vital cause of the branch predictor vulnerabilities is that the update strategy of the saturating counter is deterministic.As a fundamental building block in a modern branch predictor,previous studies have paid too much attention to the performance and hardware cost and ignored the security of saturating counter.This leaves attackers with the opportunities to perform side-channel attacks on the branch predictor.This paper focuses on the saturating counter to explore a secure and lightweight design to mitigate branch predictor side-channel attacks.Instead of applying the isolation mechanism to branch predictor resources,we propose a novel probabilistic saturating counter design to confuse the attacker's perception of the victim's behaviour.It changes the conventional deterministic state transition function to a probabilistic state transition function.When a branch is committed,the conventional saturating counter needs to be updated about whether the prediction results are correct or not.While for the probabilistic saturating counter,the branch predictor determines whether the update is performed based on the update probability.The probabilistic saturating counter dramatically reduces the ability of the attacker to spy the saturating counter's state.Our analyses using a cycle-accurate simulator suggest that the proposed mechanism incurs 2.4％ performance overhead and hardware cost while providing strong protection.     

基于风险感知的关键虚拟网络功能动态迁移方法

针对传统动态迁移方法在应对侧信道攻击问题时存在迁移节点多、迁移频率高、迁移后服务功能链路径过长的问题,提出了一种基于风险感知的关键虚拟网络功能动态迁移方法。所提方法仅对含隐私信息的关键虚拟网络功能进行迁移,以减少迁移节点数量;结合侧信道攻击检测系统,对遭受攻击的关键虚拟网络功能执行触发式迁移,同时依据侧信道信息泄露模型对关键虚拟网络功能进行定期式迁移;采用基于逼近理想解排序的多属性节点排序方法选择迁移目的服务器,以避免迁移后路径过长。实验结果表明,所提方法在达到相同的侧信道攻击防御性能的情况下,具有更低的节点迁移数量与迁移频率,同时有效避免了迁移后服务功能链路径过长问题。