Practical Second‐Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary‐with‐random‐initial‐point algorithm on elliptical curve cryptosystems. It is known to be secure against first‐order differential power analysis (DPA); however, it is susceptible to second‐order DPA. Although second‐order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second‐order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.     

SHA-256算法的安全性分析

现有算法MD5、SHA-1等的相继破译,严重威胁到SHA-256、SAH-384等算法的安全性.本文介绍了SHA-256的算法逻辑及压缩函数的构造,探讨了生日攻击碰撞阈值和攻击步骤,分析了SHA-256在生日攻击下的安全性.通过对Chabaud-Joux攻击SHA-256的分析,找到了一个部分碰撞,其复杂度为,却无法找到SHA-256的一个整体碰撞.所以,在抵抗生日攻击和抵御现有差分攻击方面,SHA-256比MD5和SHA-1等具有更高的安全性.     

The research of DPA attacks against AES implementations

This article examines vulnerabilities to power analysis attacks between software and hardware implementations of cryptographic algorithms. Representative platforms including an Atmel 89S8252 8-bit processor and a 0.25 um 1.8 v standard cell circuit are proposed to implement the advance encryption standard （AES）. A simulation-based experimental environment is built to acquire power data, and single-bit differential power analysis （DPA）, and multi-bit DPA and correlation power analysis （CPA） attacks are conducted on two implementations respectively. The experimental results show that the hardware implementation has less data-dependent power leakages to resist power attacks. Furthermore, an improved DPA approach is proposed. It adopts hamming distance of intermediate results as power model and arranges plaintext inputs to differentiate power traces to the maximal probability. Compared with the original power attacks, our improved DPA performs a successful attack on AES hardware implementations with acceptable power measurements and fewer computations.     

Intelligent Internal Stealthy Attack and its Countermeasure for Multicast Routing Protocol in MANET

Multicast communication of mobile ad hoc networks is vulnerable to internal attacks due to its routing structure and high scalability of its participants. Though existing intrusion detection systems (IDSs) act smartly to defend against attack strategies, adversaries also accordingly update their attacking plans intelligently so as to intervene in successful defending schemes. In our work, we present a novel indirect internal stealthy attack on a tree‐based multicast routing protocol. Such an indirect stealthy attack intelligently makes neighbor nodes drop their routing‐layer unicast control packets instead of processing or forwarding them. The adversary targets the collision avoidance mechanism of the Medium Access Control (MAC) protocol to indirectly affect the routing layer process. Simulation results show the success of this attacking strategy over the existing “stealthy attack in wireless ad hoc networks: detection and countermeasure (SADEC)” detection system. We design a cross‐layer automata‐based stealthy attack on multicast routing protocols (SAMRP) attacker detection system to identify and isolate the proposed attacker. NS‐2 simulation and analytical results show the efficient performance, against an indirect internal stealthy attack, of SAMRP over the existing SADEC and BLM attacker detection systems.     

针对SM4轮输出的改进型选择明文功耗分析攻击

The power analysis attack on SM4 using the chosen-plaintext method was proposed by Wang et al in 2013 CIS.The fixed data was introduced in the method when attacking the round key.However,the attack process was complex.There were many problems in the process,such as more power traces,more numbers of the chosen-plaintext and acquisition power traces.The correlation between the fixed data and the round key were presented,which could be used to decode the round key.Based on the correlation,the improved chosen-plaintext power analysis attack against SM4 at the round-output was proposed.The proposed method attacked the fixed data by analyzing the power traces of the special plaintext.And the round key was derived based on the correlation.The results show that the proposed attack algorithm is effective.The proposed method not only improves the efficiency of the attack by reducing number of power traces,number of the chosen-plaintext and number of acquisition power traces,but also can be applied to a chosen-plaintext power analysis attack against SM4 at the shift operation.     

基于碰撞的选择明文简单功耗聚类攻击算法(英文)

Chosen-message pair Simple Power Analysis (SPA) attacks were proposed by Boer, Yen and Homma, and are attack methods based on searches for collisions of modular multiplication. However, searching for collisions is difficult in real environments. To circumvent this problem, we propose the Simple Power Clustering Attack (SPCA), which can automatically identify the modular multiplication collision. The insignificant effects of collision attacks were validated in an Application Specific Integrated Circuit (ASIC) environment. After treatment with SPCA, the automatic secret key recognition rate increased to 99%.     

Random Point Blinding Methods for Koblitz Curve Cryptosystem

While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side‐channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost.     

Improved Side‐Channel Attack on DES with the First Four Rounds Masked

This letter describes an improved side‐channel attack on DES with the first four rounds masked. Our improvement is based on truncated differentials and power traces which provide knowledge of Hamming weights for the intermediate data computed during the enciphering of plaintexts. Our results support the claim that masking several outer rounds rather than all rounds is not sufficient for the ciphers to be resistant to side‐channel attacks.     

Detection of man‐in‐the‐middle attacks using physical layer wireless security techniques

Compared with a wired network, a wireless network is not protected by the cable transmission medium. Information is broadcasted over the air and it can be intercepted by anyone within the transmission range. Even though the transmissions could potentially be protected by security authentication mechanisms, malicious users can still intercept the information by mimicking the characteristics of normal user or a legitimate access point. This scenario is referred as a man‐in‐the‐middle (MITM) attack. In the MITM attack, the attackers can bypass the security mechanisms, intercept the unprotected transmission packets, and sniff the information. Because of several vulnerabilities in the IEEE 802.11 protocol, it is difficult to defend against a wireless MITM attack. In this paper, a received signal strength indicator (RSSI)‐based detection mechanism for MITM attacks is proposed. RSSI information is an arbitrary integer that indicates the power level being received by the antenna. The random RSSI values are processed via a sliding window, yielding statistic information about the signal characteristics such as mean and standard deviation profiles. By analyzing those profiles, the detection mechanism can detect if a rogue access point, the key component of an MITM attack, is launched. Our proposed approach has been validated via hardware experimentation using Backtrack 5 tools and MATLAB software suite. Copyright © 2014 John Wiley & Sons, Ltd.     

基于Montgomery算法安全漏洞的SPA攻击算法

公钥密码体制的算法大多基于有限域的幂指数运算或者离散对数运算。而这些运算一般会采用Montgomery算法来降低运算的复杂度。针对Montgomery算法本身存在可被侧信道攻击利用的信息泄露问题,从理论和实际功耗数据2方面分析了Montgomery算法存在的安全漏洞,并基于该漏洞提出了对使用Montgomery算法实现的模幂运算进行简单能量分析（SPA, simple power analysis）攻击算法。利用该算法对实际模幂运算的能量曲线进行了功耗分析攻击。实验表明该攻击算法是行之有效的。     

基于球面波照射的非对称光学图像加密

为了克服基于相位截断傅里叶变换的非对称光学图像加密系统不能抵御已知明文攻击的缺陷,采用球面波的自带因子扰乱输入图像空间信息的方法实现图像的加解密,并通过理论分析和实验仿真进行了研究。结果表明,该方法既能抵御已知明文攻击和保持非线性特性,又能获得原系统加解密图像的效果,同时还能减少相位掩膜数量,简化系统设置。这一结果对于改进基于相位截断傅里叶变换的非对称光学图像加密系统的安全性是有帮助的。     

智能卡差分能量分析实验平台实现与数据优化

随着密码学和密码芯片的广泛应用,针对密码芯片的攻击也日益增多.差分能量分析（Differential Power Analysis,DPA）攻击是最常见的一种侧信道攻击方法.DPA攻击者无须了解加密算法的具体细节,而只通过密码设备的能量迹分析即可破解出设备的密钥.因此,研究DPA攻击十分必要.实现了智能卡DPA实验系统,并对于此系统的能量迹测量数据进行优化处理,从而更有利于针对此类攻击的分析和相应防御措施的设计.     

对自同步混沌密码的分割攻击方法

本文分析了自同步混沌密码的信息泄漏规律,并据此提出了对自同步混沌密码的分割攻击方法.由于能够利用所有时刻的已知明文进行攻击,因而自同步混沌密码比同步混沌密码的抗分割攻击能力更弱.本文以Hong Zhou等提出的自同步混沌密码为例,完成了对密钥规模为64比特且以混沌映射的65次迭代为自同步映射的自同步密码的分割攻击.利用1万个已知明文,在主频为2.5GHz的Pentium-4 PC上,攻击的平均时间为25小时22分,成功率为0.86.     

Pseudo 4D projective coordinate-based multi-base scalar multiplication

In order to address the problem of elliptic curve cryptosystem (ECC) for the expensive cost in scalar multiplication and the vulnerability to the power analysis attacks,a pseudo 4D projective coordinate-based multi-base scalar multiplication was proposed to optimize group operation layer and scalar multiplication operation layer,which aimed at increasing the performance of ECC and resisting common power analysis attacks.Experimental results show that compared with the state-of-the-art algorithms,the proposed algorithm decreases 5.71% of point doubling cost,3.17% of point tripling cost,and 8.74% of point quintupling cost under discrete group operations.When the key length is 160 bit,the proposed algorithm decreases 36.32% of point tripling cost,17.42% of point quintupling cost,and 8.70% of the system cost under continuous group operations.The analyzing of power consumption wave shows that the proposed algorithm can resist SPA and DPA attack.     

强物理不可克隆函数的侧信道混合攻击

物理不可克隆函数（Physical Unclonable Function,PUF）凭借其固有的防篡改、轻量级等特性,在资源受限的物联网安全领域拥有广阔的应用前景,其自身的安全问题也日益受到关注.多数强PUF可通过机器学习方法建模,抗机器学习的非线性结构PUF难以抵御侧信道攻击.本文在研究强PUF建模的基础上,基于统一符号规则分类介绍了现有的强PUF侧信道攻击方法如可靠性分析、功耗分析和故障注入等,重点论述了各类侧信道/机器学习混合攻击方法的原理、适用范围和攻击效果,文章最后讨论了PUF侧信道攻击面临的困境和宜采取的对策.     

针对SMS4轮输出的选择明文能量分析攻击

提出了针对SMS4轮输出的选择明文能量分析攻击,攻击时以一定约束条件选择明文,先攻击出轮迭代函数的输出,再由轮迭代函数的输出反推出对应的轮子密钥,从而实现了以轮输出作为中间数据对SMS4的能量分析攻击,并利用该方法对无防护SMS4算法的能量曲线进行了能量分析攻击,实验表明该攻击方法是行之有效的。     

Evaluating the web‐application resiliency to business‐layer DoS attacks

A denial‐of‐service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application‐ and business‐layer attacks, and vulnerability‐analysis tools are unable to detect business‐layer vulnerabilities (logic‐related vulnerabilities). This paper presents the business‐layer dynamic application security tester (BLDAST) as a dynamic, black‐box vulnerability‐analysis approach to identify the business‐logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages.     

针对随机伪操作的简单功耗分析攻击

讨论针对随机伪操作椭圆曲线密码标量乘算法的SPA攻击,理论推导和实测结果均表明,在单样本SPA攻击下,即可在功耗曲线中获取大量的密钥信息;而在针对算法中随机操作漏洞的一种新型多样本SPA攻击—多样本递推逼近攻击下,用极小样本量就可完整破译密钥.当密钥长度为n时,该攻击方法完整破译密钥所需的样本数仅为0(1b n).     

对一种双陷门加密体制的分析与改进

对一种具有双陷门解密机制的公钥概率加密体制的安全性进行分析,指出它存在三点不安全因素,不能抵抗选择密文攻击,攻击者通过选取适当的密文,在得到解密的明文后,能够计算出用户的私钥或分解模数,运用这些信息,攻击者可恢复所有的明文。同时,也对该加密体制作了改进,给出了一种能够抵抗适应性攻击的加密方案,防止攻击者利用获得的解密信息计算用户的私钥或分解模数,提高了加密体制的安全性。     

Performance evaluation of mobile ad hoc networks under flooding‐based attacks

A mobile ad hoc network (MANET) is an open wireless network that comprises a set of mobile, decentralized, and self‐organized nodes. Its properties render its environment susceptible to different types of attacks, which can paralyze the mobile nodes in MANET. A particularly dangerous type of attack is run primarily under flooding bogus packet mechanisms, such as hello floods, routing table overflows, exploitation of node penalizing schemes, and resource consumption attack (RCA). Flooding‐based attacks impose severe effects because they are intended to consume MANET resources, such as bandwidth, node memory, and battery power. Therefore, identifying such effects facilitates the development of countermeasures against the intrusions. In this paper, we introduce a simulation‐based study on the effects of RCA on MANET. Qual Net v5.0.2 is used to examine the severity of the effects on MANET performance metrics in terms of throughput, end‐to‐end delay, energy consumption, and routing overhead. The effects of RCA are also monitored under two combinations of four factors: we first vary the number of attackers and attackers' positions, and then modify the attackers' radio range and flooding rate. We also examine the effect of flooding mechanism on the energy consumed by resource consumption attackers. Copyright © 2013 John Wiley & Sons, Ltd.