一种适用于RFID标签芯片的AES算法结构设计

针对当前AES算法不能满足超高频RFID标签芯片小面积、高效率的要求,重新构造AES算法的轮变换,实现多个运算步骤同步完成,提高了算法执行效率;用基于有限域的逻辑运算代替S盒查找表,降低芯片面积,满足了超高频RFID系统安全性要求.     

一种适用于RFID读写器的加密算法及其实现

介绍一种适用于RFID读卡器的XXTEA算法,分析结果表明与原来的分组TEA相比,XXTEA算法具有更高的安全性能、更快的运行速度和较小的负载等特点。针对Mifare1智能卡所面临的安全威胁,设计了一种基于XXTEA算法的Mifare1智能卡安全通信方案,通过密码动态变换及存取数据加密的方法来降低RFID通信数据被盗取的可能性,并采用MFRC500芯片在RFID读写器中实现了这一安全方案。     

基于Montgomery型椭圆曲线密码的RFID安全认证方案

针对现有基于椭圆曲线密码（elliptic curve cryptography,ECC）体制的 RFID（radio frequency identification device）安全认证方案不能满足相互认证、隐私保护和前向安全性等要求,提出一种基于Montgomery型椭圆曲线密码的认证方案。利用Montgomery型椭圆曲线来降低计算量,并提供标签和服务器之间的相互认证,具有匿名性和前向安全性。通过分析表明,该方案能够抵抗重放攻击、标签伪装攻击、服务器欺骗攻击、DoS攻击、位置跟踪攻击和克隆攻击。与现有方案相比,该方案在保证较低的内存、计算和通信需求的情况下,提供了较高的安全性能,能够满足RFID系统的安全性要求。     

基于FPGA平台的抗DPA攻击电路级防护技术研究

随着现场可编程门阵列（FPGA）芯片在安全领域上的广泛应用,有关FPGA密码芯片的抗（DPA）研究也越来越受关注,但目前的研究成果大多针对智能卡的安全防护。在研究各种电路级安全防护技术的基础上,采用硬件宏的方法将双轨和预充电技术应用于FPGA芯片的数据加密标准算法（DES）硬件结构,通过DPA攻击实验后发现,未加防护措施的DES加密系统难以抵御DPA攻击,而加防护措施的加密系统具有抗DPA攻击的能力。     

代理计算签名及其在RFID认证中的应用

射频识别(RFID)是物联网中实现物品标识的一项关键技术,但RFID标签的计算能力十分有限,导致传统的公钥密码技术很难有效地应用到RFID认证技术中,限制了RFID的应用范围和提供服务的形式。针对读卡器和标签计算资源不对称的特点,提出一种新的签名算法——代理计算签名,将传统的签名技术中耗能的复杂运算交给读卡器(验证方)来完成,从而实现标签对消息的签名,并仍能保持签名的安全性,解决了RFID标签很难计算数字签名的困难问题。结合Rabin型数字签名和加密算法,进一步地给出了基于代理计算签名的RFID认证方案,实现了标签与读卡器间的双向认证,大大地降低了标签的实现成本。     

一种有源RFID局域定位系统设计

提出了一种基于PIC16F877A微控制器和CC2500射频收发器芯片的低功耗、低成本RFID（Radio Frequency Identification,无线射频识别）局域定位系统设计方法,介绍了系统的定位工作原理、主要硬件电路模块及定位算法的设计和实现。采用基于序列号对时隙数运算的排序算法有效解决了多标签识别碰撞的问题,基于射频辐射强度（Received Signal Strength Indication,RSSI）和圆周定位算法实现了基于RFID多标签系统的平面定位。实验测试表明,这种射频定位方法能够实现一定精度下的无线局域定位的功能。     

新的抵抗鬼峰的关联矩阵差分能量分析

差分能量分析（DPA）是对芯片中分组密码实现安全性的最主要威胁之一，当采集的能量迹不足时，DPA容易受到错误密钥产生的差分均值影响产生鬼峰。基于DPA，提出了一种可以有效抵抗鬼峰的关联矩阵差分能量分析（IMDPA）。通过构造预测差分均值矩阵，利用猜测密钥在非泄露区间的弱相关性，避免非泄露区间对泄露区间内密钥猜测的影响。对IMDPA在AES-128算法的不同泄露区间进行了实验验证，结果表明，与传统的DPA相比，IMDPA需要更少（达到85%）的能量迹来猜测正确的密钥。同时IMDPA在实施防护措施下的AES-128的密钥猜测效率仍然存在显著的优势。为了进一步验证IMDPA在分组密码中的通用性，在SM4算法上进行了实验验证，与传统的DPA相比，IMDPA需要更少（达到87.5%）的能量迹来猜测正确的密钥。     

基于元胞自动机的S盒的性质与神经网络实现研究

基于元胞自动机（CA）的S盒密码学性质良好且软硬件实现代价低,被用于Keccak、SIMON等密码算法.本文研究了基于CA的S盒的性质,给出并证明了此类S盒的三个重要性质：移位不变性、镜面对称性和互补性;同时研究了基于CA的S盒的神经网络实现方法,指出相比一般的S盒,基于CA的S盒在进行神经网络实现时可以用更简单的结构、消耗更少的资源来完成,并且给出了一种权重阈值搜索算法可以方便快速地实现基于CA的S盒的神经网络结构.     

分组密码DPA汉明重量区分函数选择方法

为了解决分组密码差分能量分析攻击(DPA)汉明重量区分函数选择问题,提出了一种基于相对非线性度的选择方法.该方法利用分组密码算法S盒输出相对非线性度与DPA之间的关系,通过比较相对非线性度的大小来选择汉明重量区分函数.通过仿真验证和实测验证,证明采用该方法能够正确地选择攻击效果较好的汉明重量区分函数.     

一种基于公钥的低成本RFID双向认证协议

基于目前资源消耗最少的RFID 公钥认证方案cryptoGPS 协议,提出了一种低成本双向认证协议,采用有效的密钥管理方法、改进的快速Rabin 加密算法、低汉明重量（LHW）模值以及轻量级流密码算法Grain V1,并设计使用新型低资源乘法器完成标签的大数模乘,在节省资源的同时克服了cryptoGPS 密钥管理不灵活和认证单向性的缺点。安全性分析和基于Design Complier平台Smic 0.25 μm工艺的仿真结果表明,该方案有足够的安全性且标签只需4 530个门即可完成双向认证,适用于资源受限的RFID系统。     

防御差分功耗分析攻击技术研究

差分功耗分析(DPA)攻击依赖于密码芯片在执行加密/解密过程中功耗与数据及指令的相关性,利用统计学等方法对收集到的功耗曲线进行分析,盗取关键信息,对密码芯片的安全性构成极大威胁。防御DPA攻击技术的开发与研究,已经成为信息安全领域的迫切需求。该文在归纳DPA攻击原理的基础上,对主流防御DPA攻击技术的理论与设计方法进行概述与分析,指出防御DPA前沿技术的研究进展。重点讨论防御DPA攻击技术的原理、算法流程和电路实现,包括随机掩码技术、功耗隐藏技术、功耗扰乱技术等等,并详细分析这些技术存在的优缺点。最后,对该领域潜在的研究方向与研究热点进行探讨。     

Low-power compact composite field AES S-Box/Inv S-Box design in 65 nm CMOS using Novel XOR Gate

The Substitution box (S-Box) forms the core building block of any hardware implementation of the Advanced Encryption Standard (AES) algorithm as it is a non-linear structure requiring multiplicative inversion. This paper presents a full custom CMOS design of S-Box/Inversion S-Box (Inv S-Box) with low power GF (2⁸) Galois Field inversions based on polynomial basis, using composite field arithmetic. The S-Box/Inv S-Box utilizes a novel low power 2-input XOR gate with only six devices to achieve a compact module implemented in 65 nm IBM CMOS technology. The area of the core circuit is only about 288 μm² as a result of this transistor level optimization. The hardware cost of the S-Box/Inv S-Box is about 158 logic gates equivalent to 948 transistors with a critical path propagation delay of 7.322 ns enabling a throughput of 130 Mega-SubBytes per second. This design indicates a power dissipation of only around 0.09 μW using a 0.8 V supply voltage, and, is suitable for applications such as RFID tags and smart cards which require low power consumption with a small silicon die. The proposed implementation compares favorably with other existing S-Box designs.     

AES类S盒与Camellia类S盒的代数复杂度分析

S盒是很多分组密码算法唯一的非线性部件,它的密码学性质对分组密码的安全性至关重要。该文主要研究与有限域上逆变换仿射等价S盒的代数复杂度问题,利用有限域上的线性化多项式给出了两类S盒的最大代数复杂度,并得到了Camellia类S盒退化为AES类S盒的一个充分必要条件。     

Practical Second‐Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary‐with‐random‐initial‐point algorithm on elliptical curve cryptosystems. It is known to be secure against first‐order differential power analysis (DPA); however, it is susceptible to second‐order DPA. Although second‐order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second‐order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.     

基于RC4和RSA混合算法的加密卡设计

当代社会,信息安全成为信息领域重要的研究课题.本文对现有的密码算法作了比较分析后,结合RC4和RSA算法的优点,提出了混合加密算法方案.针对算法的特点,给出了实现方法,并设计了基于该算法的DSP硬件加密卡.     

混沌密码及其在多媒体保密通信中应用的进展

该文回顾了过去混沌密码理论与应用的现状及存在的问题,并对其进行了综合评述。重点报道了近年来高维混沌密码及其在多媒体保密通信中的应用与硬件实现技术的进展,其中包括基本理论、设计方法、典型应用以及解决这些问题的思路。在混沌密码设计与安全性能评估方面,报道了以下几个方面的进展:基于反控制方法设计无简并高维混沌密码增强数字混沌的抗退化能力;无退化数字域混沌系统的设计;具有闭环反馈的有限精度高维混沌长周期序列流密码的多轮加密设计方案;高维混沌密码的安全性能评估。在多媒体保密通信中的应用与硬件实现方面,报道了针对手机,计算机,ARM, FPGA, DSP等手持设备所需不同应用业务、广域网和WIFI无线通信网传输的实时远程混沌保密通信应用环境和多位一体的应用平台进行优化融合,创建示范验证系统等若干技术实现问题的进展。该文试图推进国内外未来混沌密码理论及其应用的研究。     

Design of differential power analysis resistant crypto chip based on time randomization

Differential Power Analysis (DPA) is an effective attack method to break the crypto chips and it has been considered to be a threat to security of information system. With analyzing the principle of resist-ing DPA, an available countermeasure based on randomization is proposed in this paper. Time delay is in-serted in the operation process and random number is precharged to the circuit during the delay time, the normal schedule is disturbed and the power is randomized. Following this methodology, a general DPA re-sistance random precharge architecture is proposed and DES algorithm following this architecture is imple-mented. This countermeasure is testified to be efficient to resist DPA.     

An Efficient DPA Countermeasure for the EtaT Pairing Algorithm over GF(2n) Based on Random Value Addition

This paper presents an efficient differential power analysis (DPA) countermeasure for the Eta_T pairing algorithm over GF(2ⁿ). The proposed algorithm is based on a random value addition (RVA) mechanism. An RVA‐based DPA countermeasure for the Eta_T pairing computation over GF(3ⁿ) was proposed in 2008. This paper examines the security of this RVA‐based DPA countermeasure and defines the design principles for making the countermeasure more secure. Finally, the paper proposes an efficient RVA‐based DPA countermeasure for the secure computation of the Eta_T pairing over GF(2ⁿ). The proposed countermeasure not only overcomes the security flaws in the previous RVA‐based method but also exhibits the enhanced performance. Actually, on the 8‐bit ATmega128L and 16‐bit MSP430 processors, the proposed method can achieve almost 39% and 43% of performance improvements, respectively, compared with the best‐known countermeasure.     

A Distributed Power Allocation Scheme for Base Stations Powered by Retailers with Heterogeneous Renewable Energy Sources

Owing to the intermittent power generation of renewable energy sources (RESs), future wireless cellular networks are required to reliably aggregate power from retailers. In this paper, we propose a distributed power allocation (DPA) scheme for base stations (BSs) powered by retailers with heterogeneous RESs in order to deal with the unreliable power supply (UPS) problem. The goal of the proposed DPA scheme is to maximize our well‐defined utility, which consists of power satisfaction and unit power costs including added costs as a non‐subscriber, based on linear and quadratic cost models. To determine the optimal amount of DPA, we apply dual decomposition, which separates the master problem into sub‐problems. Optimal power allocation from each retailer can be obtained by iteratively coordinating between the BSs and retailers. Finally, through a mathematical analysis, we show that the proposed DPA can overcome the UPS for BSs powered from heterogeneous RESs.     

A 10-Gbps full-AES crypto design with a twisted BDD S-Box architecture

In this brief, we present a high-speed AES IP-core, which runs at 880 MHz on a 0.13-/spl mu/m CMOS standard cell library, and which achieves over 10-Gbps throughput in all encryption modes, including cipher block chaining (CBC) mode. Although the CBC mode is the most widely used and important, achieving such high throughput was difficult because pipelining and/or loop unrolling techniques cannot be applied. To reduce the propagation delays of the S-Box, the slowest function block, we developed a special circuit architecture that we call twisted-binary decision diagram (BDD), where the fanout of signals is distributed in the S-Box circuit. Our S-Box is 1.5 to 2 times faster than the conventional S-Box implementations. The T-Box algorithm, which merges the S-Box and another primitive function (MixColumns) into a single function, is also used for an additional speedup.