量子密钥分发系统的现实无条件安全性

量子密钥分发系统由于能够提供一种物理上安全的密钥分发方式,因此成为量子信息领域的研究热点,其中如何在现实条件下保证量子密钥分发的无条件安全性是该领域的一个重要研究课题。本文从经典保密通信系统中具有完善保密性的一次一密体制出发,介绍了量子密钥分发系统的应用模型和整体保密通信系统的安全性基础,以及自量子密钥分发协议被提出以来量子密钥传输现实无条件安全性的研究进展,重点介绍了针对现实条件安全漏洞的各种类型的量子黑客攻击方案、防御方式,以及最近两年被广泛重视的与测量设备无关的量子密钥分发系统的理论和实验进展。     

Encryption against Storage-Bounded Adversaries from On-Line Strong Extractors

We study the problem of information-theoretically secure encryption in the bounded-storage model introduced by Maurer. The sole assumption of this model is a limited storage bound on an eavesdropper Eve, who is even allowed to be computationally unbounded. Suppose a sender Alice and a receiver Bob agreed on a short private key beforehand, and there is a long public random string accessible by all parties, say broadcast from a satellite or sent by Alice. Eve can only store some partial information of this long random string due to her limited storage. Alice and Bob read the public random string using the shared private key, and produce a one-time pad for encryption or decryption. In this setting, Aumann et al. proposed protocols with a nice property called everlasting security, which says that the security holds even if Eve later manages to obtain that private key. Ding and Rabin gave a better analysis showing that the same private key can be securely reused for an exponential number of times, against some adaptive attacks. We show that an encryption scheme with such nice properties can be derived immediately from any strong randomness extractor, a function which extracts randomness from a slightly random source, so that its output and its seed together are almost random. To have an efficient encryption scheme, one needs a strong extractor that can be evaluated in an on-line and efficient way. We give one such construction, which yields an encryption scheme that has the nice security properties as before but now can encrypt longer messages using shorter private keys.     

路径攻击对量子密钥分发网络安全性的影响

对基于微弱相干脉冲的量子密钥分发网络的安全性进行了分析.在该量子密钥分发网络中,由于光学节点的插入损耗及用户之间量子信道损耗的影响,窃听者可以实施路径攻击来获取量子信息.这种路径攻击不会改变脉冲中的光子数分布及系统的密钥生成速率,且这种窃听行为可以利用量子信道的损耗进行隐藏.数据分析显示,即使诱惑态技术也无法防范路径攻击对密钥分发网络安全的威胁,而且随着平均光子数的增加,这种威胁越强.因此,在对量子密钥分发网络系统参数进行选择时,必须考虑路径攻击的影响.     

Aiding Side-Channel Attacks on Cryptographic Software With Satisfiability-Based Analysis

Cryptographic algorithms, irrespective of their theoretical strength, can be broken through weaknesses in their implementations. The most successful of these attacks are side-channel attacks which exploit unintended information leakage, e.g., timing information, power consumption, etc., from the implementation to extract the secret key. We propose a novel framework for implementing side-channel attacks where the attack is modeled as a search problem which takes the leaked information as its input, and deduces the secret key by using a satisfiability solver, a powerful Boolean reasoning technique. This approach can substantially enhance the scope of side-channel attacks by allowing a potentially wide range of internal variables to be exploited (not just those that are trivially related to the key). The proposed technique is particularly suited for attacking cryptographic software implementations which may inadvertently expose the values of intermediate variables in their computations (even though, they are very careful in protecting secret keys through the use of on-chip key generation and storage). We demonstrate our attack on standard software implementations of three popular cryptographic algorithms: DES, 3DES, and AES. Our attack technique is automated and does not require mathematical expertise on the part of the attacker     

量子密钥分配协议在概率克隆/重发攻击下的安全性

该文基于概率克隆理论提出了一种量子密钥分配协议的攻击策略,密钥攻击者通过概率克隆机将发送端发送的量子态进行概率克隆,并根据自已的结果重新产生一个新的量子态发送给接收端。理论计算证明了量子密钥分配协议在这种攻击策略下仍具有足够的安全性。在经典计算机上设计并仿真量子密钥分配过程,仿真结果与理论分析相吻合。     

Spatial spectrum approach for pilot spoofing attack detection in MIMO systems

In this study, a spatial spectrum method is proposed to cope with the pilot spoofing attack (PSA) problem by exploiting the of uplink–downlink channel reciprocity in time-division-duplex multiple-input multiple-output systems. First, the spoofing attack in the uplink stage is detected by a threshold derived from the predefined false alarm based on the estimated spatial spectrum. When the PSA occurs, the transmitter (That is Alice) can detect either one or two spatial spectrum peaks. Then, the legitimate user (That is Bob) and Eve are recognized in the downlink stage via the channel reciprocity property based on the difference between the spatial spectra if PSA occurs. This way, the presence of Eve and the direction of arrival of Eve and Bob can be identified at the transmitter end. Because noise is suppressed by a spatial spectrum, the detection performance is reliable even for low signal-noise ratios and a short training length. Consequently, Bob can use beamforming to transmit secure information during the data transmission stage. Theoretical analysis and numerical simulations are performed to evaluate the performance of the proposed scheme compared with conventional methods.     

量子密钥分发技术的机遇与挑战

量子密钥分发（QKD,quantum key distribution）具有理想的理论安全性,近十年来得到了快速发展.但是,理论上被证明完美的技术并不意味着一定能够实现完美的应用.一方面,越来越多的研究表明,旁路攻击将是QKD系统的一个主要威胁,而且针对实际QKD系统的旁路攻击才刚刚开始.另一方面,由于量子信号的传输不像经典电磁波那样具有很大的灵活性,致使QKD很难与传统通信网络进行无缝对接,也很难在广域网中得到广泛作用.另外,QKD也不能解决身份识别和数据存储安全等问题.因此,构建一个完善的QKD系统安全及其测评体系将是QKD得到实际应用的重要因素,而构建一个完善的抗量子计算的新型密码理论体系将是确保未来信息安全的关键.     

Utility analysis and evaluation method study of side channel information

In order to improve the efficiency and success rate of the side channel attack, the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation. Based on the study of side-channel attack techniques, a method is proposed in this paper to analyze and evaluate the utility of side channel information and the evaluation indexes of comentropy Signal-to-Noise Ratio （SNR） are introduced. On this basis, the side channel information （power and electromagnetic） of a side channel attack experiment board is analyzed and evaluated, and the Data Encryption Standard （DES） cipher algorithm is attacked with the differential power attack method and differential electromagnetic attack method. The attack results show the effectiveness of the analysis and evaluation method proposed in this paper.     

基于分片的云虚拟机安全保护技术

在典型的IaaS云中,用户使用云服务需要通过虚拟机实现。最近有研究表明,在大多数常用的加密协议(如SSL/TLS等)中,至关重要的加密密钥,可能被攻击者通过跨虚拟机的旁路攻击截获。针对这种攻击方式,提出了一种云虚拟机密钥保护系统,通过将加密密钥随机分割为多个分片,并将每个分片存储于不同的虚拟机中,能有效保护云中的加密密钥,抵御各类跨虚拟机的旁路攻击。此外,云虚拟机密钥保护系统会周期性地对加密密钥进行重新分割,即便攻击者能够截获局部的加密密钥,也无法进行还原。将云虚拟机密钥保护系统作为一种对应用软件透明的扩展库,运行在亚马逊EC2云的web服务器,取得了较好的成果。     

基于W态的网络中任意两个用户间量子密钥分配方案

针对实现网络中任意两个用户间密钥分配的问题,该文将W态变换为系数全部相同的对称形式,提出一种利用W态实现网络量子密钥分配的方案,即可信赖中心(CA)与网络中要求通信的任意两个用户分别拥有W态的3个粒子,CA对手中的粒子进行测量并公开测量结果,两个用户按照CA的不同测量结果采取相应的措施以生成密钥。继而,分别对存在窃听者(Eve)的情况以及CA不可信的情况进行安全性分析。结果表明,该方案能够有效抵御攻击,且可以实现平均消耗3个W态得到两比特密钥的理论效率。     

椭圆曲线加密算法的边信道攻击

椭圆曲线加密算法是目前已知的公共密钥体系中加密强度最高的一种算法,为了将其破解,采用边信道攻击,即通过对密码机在加密过程中的功率变化的分析来尝试获取密钥信息,从而绕过了从数学上破译椭圆曲线密钥极其困难的问题。所搭建的实验平台,利用示波器探测正在运行加密程序的设备,对其中进行差分功率分析,从而找到加密规则。实验结果验证了所采用方法的有效性。     

针对IDEA算法实现方式的时间攻击

传统上认为,密码系统的安全性主要依赖于系统使用的密码算法的安全性,对系统的攻击是基于敌手只能通过系统的输入输出信道获取信息的假设。实际上,密码系统的旁路信息（如时间信息等）也可以被利用来实现攻击。时间攻击就是这一类攻击方法,它通过分析密码系统的运算环节在执行加密过程中的时间信息来恢复密钥。针对IDEA密码算法的实现特点提出一种时间攻击方法,从理论上分析该方法的有效性,并给出抵抗这种攻击的对策。     

密码算法旁路立方攻击改进与应用

立方攻击的预处理阶段复杂度随输出比特代数次数的增长呈指数级增长,寻找有效立方集合的难度也随之增加。该文对立方攻击中预处理阶段的算法做了改进,在立方集合搜索时,由随机搜索变为带目标的搜索,设计了一个新的目标搜索优化算法,优化了预处理阶段的计算复杂度,进而使离线阶段时间复杂度显著降低。将改进的立方攻击结合旁路方法应用在MIBS分组密码算法上,从旁路攻击的角度分析MIBS的算法特点,在第3轮选择了泄露位置,建立关于初始密钥和输出比特的超定的线性方程组,可以直接恢复33 bit密钥,利用二次检测恢复6 bit密钥。所需选择明文量2^21.64,时间复杂度2²⁵。该结果较现有结果有较大改进,恢复的密钥数增多,在线阶段的时间复杂度降低。

     

AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks

Security ICs are vulnerable to side-channel attacks (SCAs) that find the secret key by monitoring the power consumption or other information that is leaked by the switching behavior of digital CMOS gates. This paper describes a side-channel attack resistant coprocessor IC fabricated in 0.18-$muhbox m$CMOS consisting of an Advanced Encryption Standard (AES) based cryptographic engine, a fingerprint-matching engine, template storage, and an interface unit. Two functionally identical coprocessors have been fabricated on the same die. The first coprocessor was implemented using standard cells and regular routing techniques. The second coprocessor was implemented using a logic style called wave dynamic differential logic (WDDL) and a layout technique called differential routing to combat the differential power analysis (DPA) side-channel attack. Measurement-based experimental results show that a DPA attack on the insecure coprocessor requires only 8000 encryptions to disclose the entire 128-bit secret key. The same attack on the secure coprocessor does not disclose the entire secret key even after 1 500 000 encryptions.     

量子密钥分配协议的Petri网建模及安全性分析

量子密钥分配协议已经被证明具有无条件安全特性,但是证明过程比较复杂,不利于推广到其他量子密码协议的安全性分析和证明中.为了简化量子密码协议的安全性证明以及建立一种通用的证明方法,基于Petri网提出一种量子密钥分配协议的形式化分析方法,根据Biham的等效对称化攻击模型,将协议分为主体模型和攻击模型两部分,建立了BB84协议的Petn网模型,然后对模型进行安全性分析,分析结果表明, BB84协议是无条件安全的.该方法提高了安全性分析效率,形式上简洁统一,容易推广到其他量子密码协议的安全性分析中.     

Jetson Nano神经网络物理电磁泄漏安全研究

如果采用旁路攻击方法对神经网络结构、框架进行攻击,恢复出结构、权重等信息,会产生敏感信息的泄漏,因此,需要警惕神经网络计算设备在旁路攻击领域产生敏感信息泄露的潜在风险。本文基于Jetson Nano平台,针对神经网络及神经网络框架推理时产生的旁路电磁泄漏信号进行采集,设计了基于深度学习方法的旁路攻击算法,对旁路进行分析研究,并对两个维度的安全进行评估。研究表明,良好的网络转换策略能够提升网络分类识别准确率5%～12%。两种评估任务中,针对同一框架下不同结构的典型神经网络推理时,电磁泄漏的分类准确率达到97.21%;针对不同神经网络框架下同一种网络推理时,电磁泄漏的分类准确率达到100%。说明旁路电磁攻击方法对此类嵌入式图像处理器(GPU)计算平台中的深度学习算法隐私产生了威胁。     

Standardization of Quantum Key Distribution in ETSI

This article describes in the first part the background of this new key distribution technology for cryptographic keys, called QKD (quantum key distribution) and compares it to classic key distribution principles and its basic functioning. In the second part it introduces the need for QKD and the link to standardization, with its approach by the ISG (industry specification group) QKD in ETSI (European Telecommunication Standards Institute). Finally the article gives an outlook on the future next steps.     

基于Montgomery算法安全漏洞的SPA攻击算法

公钥密码体制的算法大多基于有限域的幂指数运算或者离散对数运算。而这些运算一般会采用Montgomery算法来降低运算的复杂度。针对Montgomery算法本身存在可被侧信道攻击利用的信息泄露问题,从理论和实际功耗数据2方面分析了Montgomery算法存在的安全漏洞,并基于该漏洞提出了对使用Montgomery算法实现的模幂运算进行简单能量分析（SPA, simple power analysis）攻击算法。利用该算法对实际模幂运算的能量曲线进行了功耗分析攻击。实验表明该攻击算法是行之有效的。     

Secrecy outage performance analysis of MIMO underlay cognitive radio networks with delayed CSI and transmitter antenna selection

Cognitive radio network is an emerging solution to deal with spectrum scarcity and to utilize the radio spectrum in opportunistic and efficient manner. Secure data transmission is one of the important issues in these kind of networks. This work studies the secrecy outage performance of a multiple-input multiple-output underlay cognitive wiretap radio network system over Rayleigh fading channel with delayed channel state information. This work considers that the secondary transmitter is equipped with multiple antennas and confidential information is transmitted from to multiantenna receiver in the presence of multiantenna eavesdropper. Further, the transmit antenna selection scheme is considered at secondary transmitter to reduce the complexity of antenna selection and to make it more practicable. To improve the quality of signal, this work considers maximal ratio combining (MRC) at secondary receiver, while selection combining and MRC techniques are utilized at the eavesdropper. The closed form expression for exact, asymptotic, and intercept secrecy outage probability has been derived, and the simulation is done for the validation of analytical results. The derived results reveal deterioration of channel secrecy performance with outdated channel state information, and the eavesdropper with outdated channel state information has also an adverse effect. Moreover, the diversity order that can be achieved in underlay cognitive radio network with outdated channel state information is unity.     

无线密钥产生中的Karhunen Loève变换去相关性研究

在通过公共无线信道生成密钥的过程中,信道特征序列之间的相关性不容忽视。相关文献提出,利用Karhunen-Loève变换完成特征序列的去相关时,具有较明显的敏感性［1-3］。本文对Karhunen Loève变换的敏感性展开了进一步的分析,并提出了一种改进的Karhunen-Loève去相关算法来去除敏感性。在改进算法中,需要通过公开信道来传输额外信息,但所公开的信息可以被有效控制,使得窃听者获得的信息尽可能少。仿真结果表明,利用提出的改进方案可以有效降低密钥的不一致率。同时,本文采用简单的CASCADE协商协议对密钥进行协商,说明改进算法可以提高单位时间内生成密钥的长度。