共查询到20条相似文献,搜索用时 173 毫秒
1.
旁路攻击方法从密码算法在密码设备上实现时所泄漏出来的旁路物理信号入手进行分析,从中萃取出密码系统的秘密信息甚至密钥,开辟了与传统密码分析方法迥然不同的新方向.采用等价关系和等价类划分的方法对旁路攻击中计时攻击进行形式化定性分析,结合信息熵度量方式对计时攻击者能力进行定量评价,通过对面向RSA二进制模幂运算进行计时攻击的... 相似文献
2.
3.
为了增强点击型图形密码在触摸屏移动智能终端应用中的易用性和安全性,离散化过程中引入多分辨思想,提出了一种用于图形密码的多分辨离散模型。对比分析数据表明,多分辨离散模型可以在相同的图像尺寸和容错距离情况下,获得比已有离散化方法更大的密码空间,增加攻击难度,提高安全性。同时多分辨离散模型可调整安全强度,可通过扩大容错距离来提高易用性。 相似文献
4.
为探究利用电磁辐射旁路信号检测集成电路芯片中硬件木马的可行性,分析了芯片电磁旁路信号的组成,构建了信号泄漏模型。在阐释霍特林(K-L)变换原理及特点的基础上,提出了利用K-L变换对芯片电磁辐射旁路信号进行信号特征提取的方法,分析含硬件木马芯片(木马芯片)与不含硬件木马芯片(原始芯片)对应特征信号的差异来检测芯片中是否含有硬件木马。通过在针对基于FPGA密码芯片中植入硬件木马并进行对比检测实验的结果表明,利用上述方法能有效分辨出木马芯片与原始芯片所泄漏电磁信号间的差异,达到检测出芯片中硬件木马的目的。 相似文献
5.
旁路攻击是一种新的密码分析方法,其利用了密码设备在运算时泄漏的信息破解密码系统。从信息泄露的一般性出发,提出了一种旁路信息分级泄露模型并给出其形式化描述。该模型将泄露信息分为算法级、指令级和逻辑门级泄漏。在此基础上,对不同泄露级别上采用的防御方法的安全性进行分析比较,最后对抗旁路攻击的安全芯片的设计给出建议。 相似文献
6.
旁路攻击是一种新的密码分析方法,其利用了密码设备在运算时泄漏的信息破解密码系统。从信息泄露的一般性出发,提出了一种旁路信息分级泄露模型并给出其形式化描述。该模型将泄露信息分为算法级、指令级和逻辑门级泄漏。在此基础上,对不同泄露级别上采用的防御方法的安全性进行分析比较,最后对抗旁路攻击的安全芯片的设计给出建议。 相似文献
7.
8.
9.
量子计算的飞速发展对传统密码的安全性带来巨大挑战,Peter Shor提出的量子计算模型下分解整数和计算离散对数的多项式时间算法对基于传统数论难题的密码系统构成了威胁.美国国家标准与技术研究院(NIST)于2016年开始征集后量子公钥密码算法标准,其中,大多基于格、基于哈希、基于编码、基于多变量这四种密码体制,而基于格的密码体制在其公钥尺寸、计算效率和安全性方面具有更好的平衡性,所占比例最大.然而,格密码的实现在实际环境中易遭受能耗分析攻击(Power Analysis Attacks).能耗分析攻击是利用密码设备运行过程中产生的功耗、电磁等信息,攻击者建立这些旁路信息与密码算法中间值之间的联系从而恢复密钥等敏感信息.自从能耗分析攻击出现以来,该类攻击手段严重威胁了密码系统的安全.随着量子计算的发展,后量子密码的安全性日益成为密码研究的热点,特别地,近期NIST公布了最新轮的后量子密码算法,作为占据比例最多的格密码,其侧信道安全性也受到了学术界的广泛关注.本文针对格密码的能耗分析攻击技术从攻击模型、攻击目标、攻击条件开展研究,分析了面向格密码的攻击原理、格密码的各个算子的侧信道安全性,... 相似文献
10.
11.
In recent years, much attention has been focused on designing provably secure cryptographic primitives in the presence of key leakage. Many constructions of leakage-resilient cryptographic primitives have been proposed. However, for any polynomial time adversary, most existing leakage-resilient cryptographic primitives cannot ensure that their outputs are random, and any polynomial time adversary can obtain a certain amount of leakage on the secret key from the corresponding output of a cryptographic primitive. In this study, to achieve better performance, a new construction of a chosen ciphertext attack 2 (CCA2) secure, leakage-resilient, and certificateless public-key encryption scheme is proposed, whose security is proved based on the hardness of the classic decisional Diffie-Hellman assumption. According to our analysis, our method can tolerate leakage attacks on the private key. This method also achieves better performance because polynomial time adversaries cannot achieve leakage on the private key from the corresponding ciphertext, and a key leakage ratio of 1/2 can be achieved. Because of these good features, our method may be significant in practical applications. 相似文献
12.
Kazuki Yoneyama 《International Journal of Information Security》2018,17(1):43-66
The task-structured probabilistic I/O automata (task-PIOA) framework provides a method to formulate and to prove the computationally bounded security of non-sequential processing systems in a formal way. Formalizing non-sequential processes for strong adversaries is not easy. Actually, existing security analyses using the task-PIOA framework are for cryptographic protocols (e.g., the EGL oblivious transfer) only against simple adversaries (e.g., honest but curious adversary). For example, there is no case study for digital signature against strong active adversaries (i.e., EUF-CMA) in the task-PIOA framework. In this paper, we propose the first formalization of digital signature against EUF-CMA in the task-PIOA framework. To formalize the non-sequential process of EUF-CMA, we introduce a new technique for the iteration of an identical action in a single session. Using the task-PIOA framework allows us to verify security of signature schemes in the non-sequential scheduling manner. We show the validity and usefulness of our formulation by giving a formal security analysis of the FDH signature scheme. In order to prove the security, we also introduce a method to utilize the power of random oracles. As far as we know, this work is the first case study to clarify usefulness of random oracles in this framework. 相似文献
13.
Modeling and analysis of air campaign resource allocation: a spatio-temporal decomposition approach 总被引:1,自引:0,他引:1
Ghose D. Krichman M. Speyer J.L. Shamma J.S. 《IEEE transactions on systems, man, and cybernetics. Part A, Systems and humans : a publication of the IEEE Systems, Man, and Cybernetics Society》2002,32(3):403-418
In this paper, we address the modeling and analysis issues associated with a generic theater level campaign where two adversaries pit their military resources against each other over a sequence of multiple engagements. In particular, we consider the scenario of an air raid campaign where one adversary uses suppression of enemy air defense (SEAD) aircraft and bombers (BMBs) against the other adversary's invading ground troops (GTs) that are defended by their mobile air defense (AD) units. The original problem is decomposed into a temporal and a spatial resource allocation problem. The temporal resource allocation problem is formulated and solved in a game-theoretical framework as a multiple resource interaction problem with linear attrition functions. The spatial resource allocation problem is posed as a risk minimization problem in which the optimal corridor of ingress and optimal movement of the GTs and AD units are decided by the adversaries. These two solutions are integrated using an aggregation/deaggregation approach to evaluate resource strengths and distribute losses. Several simulation experiments were carried out to demonstrate the main ideas. 相似文献
14.
《Theoretical computer science》2005,340(1):154-178
We consider secrecy and authentication in a simple process calculus with cryptographic primitives. The standard Dolev–Yao adversary is enhanced so that it can guess the key required to decrypt an intercepted message. We borrow from the computational complexity approach the assumptions that guessing succeeds with a given negligible probability and that the resources available to adversaries are polynomially bounded. Under these hypotheses we prove that the standard Dolev–Yao adversary is as powerful as the enhanced one. 相似文献
15.
Kyu Young Choi Jong Hwan Park Dong Hoon Lee 《Computers & Mathematics with Applications》2011,61(7):1760-1768
Certificateless public key cryptography simplifies the complex certificate management in the traditional public key cryptography and resolves the key escrow problem in identity-based cryptography. In 2007, Huang et al. revisited the security models of certificateless signature scheme. They classified adversaries according to their attack power into normal, strong, and super adversaries (ordered by their attack power). Recently, Du and Wen proposed a short certificateless signature scheme and presented that their scheme is secure against the strong adversary in the random oracle model. In this paper, we show that their short signature scheme is insecure against the strong adversary. We then propose a new short certificateless signature scheme which is secure against the super adversary. Our scheme is the first certificateless signature scheme which satisfies both the strongest security level and the shortest signature length. 相似文献
16.
密码协议的设计和安全性分析是困难的,在密码协议中总是以所使用的密码算法是安全的为前提,但是人们却忽略了密码算法的加密模式对密码协议安全性的影响。论文针对一个改进的Needham-Schroeder协议,假设其使用了分组密码的CBC加密模式,我们通过使用一条旧信息的明密文对来修改当前会话中的信息,从而成功地欺骗用户双方,并分别与他们建立了一个会话密钥,对该协议进行了成功的攻击。结果说明密码算法的加密模式对密码协议的安全性有着巨大的影响。Schroederauthenticationprotocol125 相似文献
17.
White-box cryptography is the discipline of implementing a cryptographic algorithm in software such that an adversary will have difficulty extracting the cryptographic key. This approach assumes that the adversary has full access to and full control over the implementation's execution. White-box implementations can provide good protection when combined with other security measures. 相似文献
18.
Leakage of private information including private keys of user has become a threat to the security of computing systems. It has become a common security requirement that a cryptographic scheme should withstand various leakage attacks. In the real life, an adversary can break the security of cryptography primitive by performing continuous leakage attacks. Although, some research on the leakage-resilient cryptography had been made, there are still some remaining issued in previous attempts. The identity-based encryption (IBE) constructions were designed in the bounded-leakage model, and might not be able to meet their claimed security under the continuous-leakage attacks. In the real applications, the leakage is unbounded. That is, a practical cryptography scheme should keep its original security in the continuous leakage setting. The previous continuous leakageresilient IBE schemes either only achieve chosen-plaintext attacks security or the chosen-ciphertext attacks (CCA) security is proved in the selective identity model. Aiming to solve these problems, in this paper, we show how to construct the continuous leakage-resilient IBE scheme, and the scheme’s adaptive CCA security is proved in the standard model based on the hardness of decisional bilinear Diffie-Hellman exponent assumption. For any adversary, all elements in the ciphertext are random, and an adversary cannot obtain any leakage on the private key of user from the corresponding given ciphertext. Moreover, the leakage parameter of our proposal is independent of the plaintext space and has a constant size. 相似文献
19.
基于刚性与相似性概念的密码协议分析方法 总被引:1,自引:0,他引:1
如何融合计算密码学与形式演算模型两条途径以有效分析和证明复杂密码协议,是信息安全领域富有挑战性的问题之一.文中提出Dolev-Yao刚性和Dolev-Yao相似性概念,运用密码协议的语法骨架提取与语义赋值技术,建立起一个能涵盖除具有适应性入侵能力之外的任何主动攻击者和大部分有实际意义的非自由消息代数的理论分析框架.该框架内所证明的协议安全性质具有复合一稳定性,即所证明的安全性质在协议与环境复合时仍然保持成立.文中针对strand一图模型这一具体情形证明了Canetti的UC-相似性概念与这里所建立的Dolev-Yao相似性概念之间接近充分必要程度的对偶关系,从而对融合UC-理论/strand-图模型这一情形具体证明了该分析框架具有相容性和完备性.最后,根据以上理论结果讨论了如何建立一种对应的新的协议分析方法. 相似文献
20.
Bill Hancock 《Network Security》1997,1997(3):6-7
The problems with export of cryptographic products started many years ago (1937) with the US Government realization that if cryptographic technologies were to become rampant, US security would be compromised for lack of knowledge on what adversaries and persons who wished harm on the US and its interests. Of course, there are many arguments on hows and whys, but the basic problem is that of law and what the US Government perceives to be a threat to the national security of the US. 相似文献