FPGA密码芯片改进掩码防护方法研究

功耗攻击已对密码芯片物理安全性构成严峻威胁,对其攻击和防御的研究是密码旁路分析的热点问题。文中给出了一种DES伪随机掩码算法的设计和实现方法,分析了算法抗功耗攻击的安全性。结果表明:一般的DES伪随机掩码算法只能抵抗一阶差分功耗攻击,不能有效防御二阶差分功耗攻击。为抵御二阶DPA攻击,采用掩码方法对DES掩码算法结构进行了改进,在理论上具有抗DPA攻击的能力。     

一种抗二阶功耗分析的DES算法实现方案

旁路攻击是一种利用密码设备在运行时泄露的旁路信息对其进行攻击的一种方法。Paul Kocher等人在1998年提出的功耗分析,是目前使用最广泛的一种旁路攻击方法。掩码技术通过对密码设备所处理的中间值进行随机化,来消除设备功耗与数据之间的相关性,从而达到防护的目的。文中提出了一种抗二阶功耗分析的DES算法掩码实现方案,增强了防护的效果并在之后的一个实验中,验证了方案的有效性。     

一种软件级双轨逻辑的完整实现方案

旁路攻击是一种通过分析密码设备在运行时所产生的旁路信息来分析该密码设备的秘密信息的方法.Paul Kocher等人在1998年提出的功耗分析现在已经是针对密码设备的旁路攻击中非常常见的一种.在硬件实现的密码设备中,双轨逻辑是一种有效的抵抗功耗分析的方法,它通过用两位物理比特来表示一位逻辑比特,使数据0和1的表述对称,从而平衡了功耗的大小.对于软件实现的密码设备,也可以借鉴双轨逻辑的思路,这里给出了一个较为完备的软件级双轨逻辑方案,解决了一些前人方案的不周全指出,并之后在一个DES算法的实验中,验证方案的有效性.     

一种抗DPA的AES的设计

为了防止智能卡在做加密运算时,旁路信息会通过功耗的变化而泄露,提出了一种抗差分功耗分析攻击的方法.首先研究了AES算法的加密规则,然后采用8位的处理器模拟智能卡,在智能卡上实现了对AES算法中的轮密钥加的差分功耗攻击.为了抵抗轮密钥加的差分功耗攻击,文中在算法级别上提出了一种掩码技术,其核心是用不同的随机量对密码运算过程中明文和密钥进行掩码,实验结果表明,该方法成功地抵抗了差分功耗攻击.     

抗旁路攻击的分组密码电路自动防护方法

文中提出了一种抗旁路功耗攻击的分组密码电路的自动防护方法,重点介绍了密码电路防护和自动防护方法,如隐藏技术、掩码技术、追踪算法等。通过修改高级程序语言代码实现自动防护,给出了应用于DES密码算法的两种防护方案且具有较好的防护效果。     

基于差异度的密码芯片旁路攻击研究

针对旁路攻击方法存在的样本量大、分析时间长等问题,结合微控制器的系统结构,分析了旁路泄漏信号的噪声来源及其差分抑制方法;定义了信号差异度和汉明距离差异度,分析了二者间的反比映射关系;利用加密过程中差异度的变化特征,提出了基于差异度的密钥分析方法;以DES密码算法为验证目标,仅用150组功耗轨迹,分析用时1.03 s破解了密钥,可推广应用于以通用微控制器作为实现载体的其他分组密码系统。     

针对IDEA算法实现方式的时间攻击

传统上认为,密码系统的安全性主要依赖于系统使用的密码算法的安全性,对系统的攻击是基于敌手只能通过系统的输入输出信道获取信息的假设。实际上,密码系统的旁路信息（如时间信息等）也可以被利用来实现攻击。时间攻击就是这一类攻击方法,它通过分析密码系统的运算环节在执行加密过程中的时间信息来恢复密钥。针对IDEA密码算法的实现特点提出一种时间攻击方法,从理论上分析该方法的有效性,并给出抵抗这种攻击的对策。     

基于DES密码电路的差分功耗分析仿真研究

差分功耗分析技术是目前应用广泛、技术发展较成熟的非侵入攻击技术,设计了一个功耗分析仿真平台,该平台具有自动化程度高、精度高和仿真速度快的特点.此外,还基于该平台实现了对DES密码电路的差分功耗分析,对数字电视机项盒安全性的提高具有参考意义.     

基于旁路分析的集成电路芯片硬件木马检测

针对密码芯片中硬件木马电路检测的困难性,介绍了根据芯片旁路信息进行硬件木马检测的思想．在形式化定义基于旁路分析的硬件木马检测问题的基础上,分析了含硬件木马与不含硬件木马的密码芯片对应旁路信号在主成份分析结果上的差异,并以此对FPGA实现的含硬件木马的DES密码原型芯片进行了检测实验,实验结果表明了基于旁路信号主成份分析在密码芯片硬件木马检测中的效果．     

基于HMM的微控制器旁路模板指令序列恢复

针对微控制器代码旁路逆向恢复的问题,采用逆向工程思想与旁路攻击方法,依据不同的指令在芯片内执行时,会产生不同的功耗旁路泄漏信号这一特点,在已实现的单条指令旁路模板恢复的基础上,综合考虑程序的"上下文"信息,运用隐马尔可夫模型(HMM)对该问题进行建模描述与求解.对AT89C52微控制器中运行的数据加密标准(DES)加密算法的部分指令序列的恢复实验表明,该方法能够有效的恢复出微控制器芯片中运行的指令序列.     

Improving power analysis attack resistance using intrinsic noise in 3D ICs

Three-dimensional (3D) integration is envisioned as a natural defense to thwart side-channel analysis (SCA) attacks on the hardware implementation of cryptographic algorithms. However, neither physical experiments nor quantitative analysis is available in existing works to study the impact of power distribution network (PDN) on the SCA attacks. Through quantitative analyses and experiments with realistic 3D models, this work demonstrates the impact of noise in PDN on the 3D chip's resilience against correlation power analysis (CPA) attack, which is one of SCA attacks. The characteristic of PDN noise is extracted from our experiments. To expand the natural defense originated from the 3D integration, this work proposes to exploit the PDN noise inherently existing in 3D chips to thwart CPA attacks. Instead of introducing external noise or flattening the power profile, the proposed method utilizes the spatially and temporally varied supply voltages from other 3D planes to blur the power correlation of the crypto unit. Both theoretical analysis and experimental validation prove that the proposed method can effectively enhance the resilience of a crypto unit embedded in the 3D chip against CPA attacks. Simulation results show the proposed method improves the average guessing entropy by 9× over the baseline. Emulation on an FPGA platform demonstrates that the proposed method successfully slows down the key retrieval speed of CPA attack, with significantly less power overhead than representable power equalization techniques. Test vector leakage assessment (TVLA) shows that the proposed method improves the confidence to accept null hypothesis 201× over the baseline.     

车载移动通信网（VANET）物理层安全问题

基于Ad Hoc网络的车载移动通信网(VANET)由于网络基础的原因,以及VANET自身的特点,带来了很多安全的问题。根据VANET的特点,对VANET进行自顶向下的分层,并针对物理层的攻击进行总结和归纳,再利用现有技术对其中一些攻击给出应对措施。底层的物理层安全的保证对整个VANET的安全至关重要。     

Sparse power equalization placement for limiting jamming attack propagation in transparent optical networks

The latest advances in Wavelength Division Multiplexing (WDM) technology are making it possible to build all-optical transparent WDM networks, which are expected to be able to satisfy the rapid growth of today’s capacity demand. However, the transparency of such networks makes them highly vulnerable to deliberate attacks, specifically targeting the physical layer. Physical-layer attacks, such as high-power jamming, can cause severe service disruption or even service denial, enhanced by their capability to propagate through a transparent optical network. Several attack-aware routing and wavelength assignment algorithms have been proposed to reduce the possible disruption caused by high-power jamming attacks. However, even with network planning approaches which take network security, specifically physical-layer attacks, into account, resilience to deliberate attacks in such scenarios remains an issue.In this paper, we propose the use of wavelength-selective attenuators as power equalizers inside network nodes to limit the propagation of high-power jamming attacks. Due to the increased cost of optical switching nodes associated with the addition of power equalizers, we aim at minimizing their number through sparse power equalization placement. We developed a set of greedy algorithms to solve what we call the Power Equalization Placement (PEP) problem with the objective of minimizing the number of power equalizers needed to reduce, to a desired level, the propagation of high-power jamming attacks for a given routing scheme. We further improved upon these results by proposing a GRASP (Greedy Randomized Adaptive Search Procedure) heuristic with a somewhat longer execution time, but with significantly superior results. The performance evaluation results indicate that the proposed GRASP heuristic can achieve the same attack propagation reduction as can be obtained by equipping all nodes with power equalizers by placing them at less than 50% of the nodes on average, potentially yielding significant cost savings.     

3T‐FASDM: Linear discriminant analysis‐based three‐tier face anti‐spoofing detection model using support vector machine

In recent years, to solve the problem of face spoofing, momentous work has been done in this field, but still, there is a need for establishing counter measures to the biometric spoofing attacks. Although trained and evaluated on different databases, impressive results have been achieved in existing face anti‐spoofing techniques, but biometric authentication is a very significant problem as imposters are using lots of reconstructed samples or fake synthetic material or structure that can be used for various attack purposes. For the first time, to the best of our knowledge, this paper explains the security for face anti‐spoofing detection using linear discriminant analysis and validates the results by calculating HTER and accuracy on different databases (i.e., REPLAY ATTACK and CASIA). The proposed model, that is, three‐tier face anti‐spoofing detection model (3T‐FASDM), is used for the detection of the fake biometric user and works well for real‐time applications. The proposed methods tested on a set of state‐of‐the‐art anti‐spoofing features for the face mode gives a very low degree of complexity as 26 general image quality measures are applied to differentiate among legitimate and imposter samples. The outcomes obtained from publically available data show that this technique has improved performance and accuracy by analyzing the HTER and machine learning classifiers that are helpful to differentiate among real and fake traits.     

一种针对Virtex-7加密位流的侧信道分析方法

随着FPGA在商业、国防等领域的广泛应用,出现了很多针对FPGA的攻击方法,电路安全性面临着极大挑战。为了进一步研究FPGA的安全机制,文章介绍了一种新的侧信道分析(SCA)方法,并首次在Xilinx Virtex-7芯片上分析了加密位流在加载过程中存在的安全漏洞。相比之前的攻击目标,Virtex-7芯片规模更大,采集的信号信噪比更低,攻击难度更大。之前的研究使用的是SASEBO或SAKURA这类专为SCA设计的测试板,而该文的分析是第一个在Xilinx官方评估板上进行的实例,由于官方评估板不是针对侧信道信号采集设计的电路板,因此需要经过处理才能获得足够的信噪比。使用电磁辐射作为侧信道测量值,在80万条电磁曲线内就能够获得一组密钥。通过密钥解密,得到明文位流,攻击者就能够对FPGA进行逆向分析、克隆等操作,从而影响FPGA的安全。     

Improved Fault Attack on LBlo ck: Earlier Injection with No Extra Faults

As one of the most popular lightweight ci-phers in recent years, LBlock has attracted great attention. Researchers have explored the security of LBlock against various attacks. We focus on fault attack—one of the most important implementation attacks. In the past two years, fault attacks under the random fault model have been suc-cessfully applied to LBlock, supposing faults were injected at the end of the 24th to the 31st round. If faults are injected at the end of the 23rd round, previous attacks only work under the semi-random fault model. For the first time, we address this issue and propose a 23rd round fault attack under the random fault model. Compared with the previous works, our attack extends the fault injection to earlier round, with reasonable time cost and no extra faults. Experiments show that it only takes 10 faults to recover the secret key.     

Secure multicast routing protocols in mobile ad‐hoc networks

A mobile ad‐hoc network (MANET) is a collection of autonomous nodes that communicate with each other by forming a multi‐hop radio network. Routing protocols in MANETs define how routes between source and destination nodes are established and maintained. Multicast routing provides a bandwidth‐efficient means for supporting group‐oriented applications. The increasing demand for such applications coupled with the inherent characteristics of MANETs (e.g., lack of infrastructure and node mobility) have made secure multicast routing a crucial yet challenging issue. Recently, several multicast routing protocols (MRP) have been proposed in MANETs. Depending on whether security is built‐in or added, MRP can be classified into two types: secure and security‐enhanced routing protocols, respectively. This paper presents a survey on secure and security‐enhanced MRP along with their security techniques and the types of attacks they can confront. A detailed comparison for the capability of the various routing protocols against some known attacks is also presented and analyzed. Copyright © 2013 John Wiley & Sons, Ltd.     

防DPA攻击的标准单元库的设计与实现

给出了一个功耗恒定标准单元库的设计实现方法,并利用该标准单元库实现了DES密码算法中的S-盒。实验结果表明,这种标准单元库能够很好地起到防DPA攻击的作用。     

基于微控制器的AES激光注入攻击研究

密码设备面临故障攻击的威胁,针对密码芯片的故障攻击手段研究是密码学和硬件安全领域的重要研究方向.脉冲激光具有较好的时空分辨性,是一种准确度较高的故障攻击手段.该文详细描述了激光注入攻击的原理和方法,以集成AES-128算法的微控制器(MCU)为例实施了激光注入攻击实验.实验以微控制器的SRAM为攻击目标,分别成功实现了差分故障攻击和子密钥编排攻击,恢复了其16 Byte的完整密钥,其中后一种攻击是目前首次以激光的手段实现.研究表明,激光注入攻击能准确定位关键数据存放的物理位置,并能在任意的操作中引入错误,实现单比特的数据翻转,满足故障攻击模型的需求.激光注入攻击能在较短时间内完成自动攻击和密文收集,攻击过程贴近真实场景,对密码芯片具有极大的威胁.     

Design and FPGA implementation of an efficient security mechanism for mobile pay‐TV systems

A mobile pay‐TV service is one of the ongoing services of multimedia systems. Designing an efficient mechanism for authentication and key distribution is an important security requirement in mobile pay‐TV systems. Until now, many security protocols have been proposed for mobile pay‐TV systems. However, the existing protocols for mobile pay‐TV systems are vulnerable to various security attacks. Recently, Wang and Qin proposed an authentication scheme for mobile pay‐TV systems using bilinear pairing on elliptic curve cryptography. They claimed that their scheme could withstand various attacks. In this paper, we demonstrate that Wang and Qin's scheme is vulnerable to replay attacks and impersonation attacks. Furthermore, we propose a novel security protocol for mobile pay‐TV systems using the elliptic curve cryptosystem to overcome the weaknesses of Wang and Qin's scheme. In order to improve the efficiency, the proposed scheme is designed in such a way that needs fewer scalar multiplication operations and does not use bilinear pairing, which is an expensive cryptographic operation. Detailed analyses, including verification using the Automated Validation of Internet Security Protocols and Applications tool and implementation on FPGA, demonstrate that the proposed scheme not only withstands active and passive attacks and provides user anonymity but also has a better performance than Wang and Qin's scheme.