电磁攻击方法与能量攻击方法的对比

旁道攻击是避开复杂的密码算法，利用密码算法在软硬件实现中泄露出的各种信息进行攻击，电磁攻击和能量攻击是两种不同旁道攻击方法，二者既有共同之处，又有各自的特点，可以通过实验分析，进行对比。     

数据加密算法IDEA的错误引入攻击研究

文中研究对IDEA的一个差分错误分析方法。它基于暂时随机的比特错误,并利用IDEA中群运算的差分特性。模拟实验表明,该攻击方法能够确定IDEA初始密钥中的62个比特。给出对IDEA的一个基于永久性错误的错误引入攻击方法。该攻击要求攻击者能够永久地毁掉密码设备中的几个寄存器,并使得它们寄存的值总为零。利用该攻击,攻击者可以找出IDEA初始密钥中的96个比特。     

Attacks on MacDES MAC algorithm

Two new attacks are given on a cipher block chaining-message authentication code algorithm which is in the final stages of being standardised as MAC algorithm 4 in ISO/IEC FDIS 9797-1. The attacks are significantly more efficient than previously known attacks, which means that the inclusion of this scheme in the standard will need to be reconsidered     

Bug Attacks

In this paper we present a new kind of cryptanalytic attack which utilizes bugs in the hardware implementation of computer instructions. The best-known example of such a bug is the Intel division bug, which resulted in slightly inaccurate results for extremely rare inputs. Whereas in most applications such bugs can be viewed as a minor nuisance, we show that in the case of RSA (even when protected by OAEP), Pohlig–Hellman and ElGamal encryption such bugs can be a security disaster: decrypting ciphertexts on any computer which multiplies even one pair of numbers incorrectly can lead to full leakage of the secret key, sometimes with a single well-chosen ciphertext. As shown by recent revelation of top secret NSA documents by Edward Snowden, intentional hardware modifications is a method that was used by the USA to weaken the security of commercial equipment sent to targeted organizations.     

对SDPA动态口令方案的攻击及其改进

对SDPA方案进行了详细、系统的分析,找出其弱点并进行了有效攻击.运用公钥加密体制、对称加密算法对原来的动态口令方案进行了改进.改进的方案使用户和服务器之间进行相互认证,建立了多个共享密钥,对改进方案的安全性进行了理论分析,证明其性能明显提高.     

New Second-Preimage Attacks on Hash Functions

In this work, we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack and applies to various Merkle–Damgård-based iterative hash functions. Compared to the previously known long-message second-preimage attacks, our attack offers more flexibility in choosing the second-preimage message at the cost of a small computational overhead. More concretely, our attack allows the adversary to replace only a few blocks in the original target message to obtain the second preimage. As a result, our new attack is applicable to constructions previously believed to be immune to such second-preimage attacks. Among others, these include the dithered hash proposal of Rivest, Shoup’s UOWHF, and the ROX constructions. In addition, we also suggest several time-memory-data tradeoff attack variants, allowing for a faster online phase, and even finding second preimages for shorter messages. We further extend our attack to sequences stronger than the ones suggested in Rivest’s proposal. To this end we introduce the kite generator as a new tool to attack any dithering sequence over a small alphabet. Additionally, we analyse the second-preimage security of the basic tree hash construction. Here we also propose several second-preimage attacks and their time-memory-data tradeoff variants. Finally, we show how both our new and the previous second-preimage attacks can be applied even more efficiently when multiple short messages, rather than a single long target message, are available.     

Improved Practical Attacks on Round-Reduced Keccak

The Keccak hash function is the winner of NIST’s SHA-3 competition, and so far it showed remarkable resistance against practical collision finding attacks: After several years of cryptanalysis and a lot of effort, the largest number of Keccak rounds for which actual collisions were found was only 2. In this paper, we develop improved collision finding techniques which enable us to double this number. More precisely, we can now find within a few minutes on a single PC actual collisions in the standard Keccak-224 and Keccak-256, where the only modification is to reduce their number of rounds to 4. When we apply our techniques to 5-round Keccak, we can get in a few days near collisions, where the Hamming distance is 5 in the case of Keccak-224 and 10 in the case of Keccak-256. Our new attack combines differential and algebraic techniques, and uses the fact that each round of Keccak is only a quadratic mapping in order to efficiently find pairs of messages which follow a high probability differential characteristic. Since full Keccak has 24 rounds, our attack does not threaten the security of the hash function.     

Distributed Computing Attacks on Cryptographic Systems

It is now possible to link large numbers of desktop computers to achieve massive computing power. This paper briefly describes approaches taken to attack cryptographic algorithms using this method. The approach taken by BT Laboratories in the successful attack on an elliptic curve cipher is detailed. Finally a proposal for the architecture needed to recruit unused computing power for similar problems is given.     

MILP-Based Linear Attacks on Round-Reduced GIFT

GIFT is a lightweight block cipher with an substitution-permutation-network(SPN)structure proposed in CHES 2017.It has two different versions whose block sizes ...     

带记忆组合生成器的代数攻击

文章描述了代数攻击的一般原理和可攻击的流密码类型,针对带记忆非线性组合流密码的代数攻击,基于Courtios等人的工作,给出了一种新的寻找可用于代数攻击的低阶多元方程的方法。     

基于光电检测的智能回弹仪系统

本文在研究国内外回弹仪系统的基础上，提出了采用光电检测的非接触测皇方法。该智能回弹仪系统分为现场数据记录系统(便携)和智能数据处理系统两大部分，即可满足现场操作的要求，又能实现快速准确的数据处理。     

Efficient Slide Attacks

The slide attack, presented by Biryukov and Wagner, has already become a classical tool in cryptanalysis of block ciphers. While it was used to mount practical attacks on a few cryptosystems, its practical applicability is limited, as typically, its time complexity is lower bounded by \(2^n\) (where n is the block size). There are only a few known scenarios in which the slide attack performs better than the \(2^n\) bound. In this paper, we concentrate on efficient slide attacks, whose time complexity is less than \(2^n\). We present a number of new attacks that apply in scenarios in which previously known slide attacks are either inapplicable, or require at least \(2^n\) operations. In particular, we present the first known slide attack on a Feistel construction with a 3-round self-similarity, and an attack with practical time complexity of \(2^{40}\) on a 128-bit key variant of the GOST block cipher with unknown S-boxes. The best previously known attack on the same variant, with known S-boxes (by Courtois), has time complexity of \(2^{91}\).     

基于真实密码电路的功耗分析攻击研究

采用Atmel AT89C55微控制器,构建真实的密码电路攻击平台:在此低成本平台上,对微控制器指令的操作码和操作数进行了功耗分析实验.测量结果显示,运算中操作数变化的汉明权重与测量功耗差值之间存在线性关系;实验条件下,单位汉明权重能够导致大约5 mV功耗偏差.采用差分功耗分析(DPA)和相关功耗分析(CPA),对高级加密标准(AES)的加密操作进行了功耗攻击实验.结果表明,CPA方法具有更高的攻击成功率,并且明文样本数和均值滤波均能够显著影响CPA相关系数信噪比.     

Fast Correlation Attacks on the Summation Generator

The linear sequential circuit approximation method for combiners with memory is used to find mutually correlated linear transforms of the input and output sequences in the well-known summation generator with any number of inputs. It is shown that the determined correlation coefficient is large enough for applying a fast correlation attack to the output sequence to reconstruct the initial states of the input linear feedback shift registers. The proposed attack is based on iterative probabilistic decoding and appropriately generated low-weight parity-checks. The required output sequence length and the computational complexity are both derived. Successful experimental results for the summation generators with three and five inputs are obtained. Received 13 December 1996 and revised 7 October 1998     

基于有限条件攻击的安全测试方法

在网络战环境下,为了提高通信网络的抗攻击能力,需要对通信网络的安全性进行较全面的攻击测试。文中提出了基于有限条件攻击的安全测试方法,并设计了有限制条件攻击测试模型和算法。有限制条件攻击测试模型由攻击、目标、响应、条件四部分构成。基于该方法设计并实现了相应的原型攻击测试系统,并对GSM等无线网络进行了攻击测试,表明该方法可行、有效。     

弹射式干扰对INSAR成像的影响分析

从理论上分析了弹射式干扰对SAR图像干涉相位的影响,仿真了弹射式干扰前后INSAR成像处理过程,通过INSAR成像过程中相位图质量、相位频谱分布的评价阐述了弹射式干扰对INsAR成像的影响,并得出弹射式干扰可对单航过测高INsAR形成有效的欺骗式干扰效果的结论。     

DDoS攻击原理及其防御机制的研究

DDoS攻击是一种被黑客广泛应用的攻击方式,它以破坏计算机系统或网络的可用性为目标,危害性极大。本文首先介绍了DDoS攻击的攻击原理,接着从DDoS攻击的攻击手段和攻击方式两个方面对DoS攻击进行分类介绍,然后针对DDoS攻击的方式,提出了一种检测和防御DDoS攻击的模型,最后利用入侵检测技术和数据包过滤技术,设计了一个针对DDoS攻击的检测与防御系统,该系统具有配置简单、易于扩展、实用性较强等优点。     

针对GTP协议的攻击及防御综述

3G通信安全正逐步受到人们的关注。GTP(GPRS Tunnelling Protocol)协议是3G通信中的重要协议。GTP协议本身并没有任何内在的安全机制,来自空中、Internet、PLMN的针对GTP协议的各种攻击会给3G核心网的基础设施、Internet和移动用户带来巨大的危害。文中介绍了针对GTP协议的各种可能攻击,并用GTP专用防火墙和其他应对措施来解决针对GTP协议的攻击。     

New Related-Tweakey Boomerang Attacks and Distinguishers on Deoxys-BC

Deoxys-BC is the primitive tweakable block cipher of the Deoxys family of authenticated encryption schemes.Based on existing related-tweakey boomerang distinguishers,this paper improves the boomerang attacks on 11-round Deoxys-BC-256 and 13-round Deoxys-BC-384 by the optimized key guessing and the precomputation technique.It transfers a part of subtweakey guess in the key-recovery phase to the precomputation resulting in a significant reduction of the overall time complexity.For 11-round Deoxys-BC-256,we give a related-tweakey boomerang attack with time/data/memory complexities of 2218.6/2125.7/2125\"7,and give another attack with the less time complexity of 2215.8 and memory complexity of 2120 when the adversary has access to the full codebook.For 13-round Deoxys-BC-384,we give a related-tweakey boomerang attack with time/data/memory complexities of 2k-96+2157.5/2120.4/2113.For the key size k=256,it reduces the time complexity by a factor of 231 compared with the previous 13-round boomerang attack.In addition,we present two new related-tweakey boomerang distinguishers on 11-round Deoxys-BC-384 with the same probability as the best previous distinguisher.     

Decomposing Attacks on Asymmetric Cryptography Based on Mapping Compositions

Given the algebraic expression of the composition of two mappings how can one identify the two components? This is the problem of mapping decomposition, of which the usual function-decomposition problem [8] is a special case. It was believed that this problem is intractable in general. Some public key cryptosystems (PKC) are based on the difficulty of this mathematical problem. Two types of such PKCs are FAPKC, proposed by Tao [16], and the ``2R -schemes,' proposed by Patarin and Goubin [11], [12]. FAPKC is based on composing finite automata (FA), while the ``2R -schemes' use {quadratic functions} as the components. In this paper the decomposition problem for FA and for quadratic functions is investigated. Several methods for FA decomposing and one for quadratic functions are discovered. It is demonstrated that FA composition often exposes essential information about the components and that the full expression of composition of quadratic functions should not be given in 2R -schemes. Received November 1998 and revised October 2000 Online publication 9 March 2001