线性反馈移位寄存器的差分能量攻击

能否有效去除算法噪声的影响,直接关系到能量攻击成败。该文以线性反馈移位寄存器(LFSR)相邻两个时钟周期的能量消耗差异为出发点,提出了一种新的差分能量攻击算法。它从根本上去除了密码算法噪声在攻击过程中带来的影响。由于该算法随机选择初始向量(initialization vector),从而使攻击者能够容易地将其推广到具有类似结构的流密码体制。为了进一步验证攻击算法的有效性,该文利用软件仿真的方法对DECIM进行了模拟攻击。仿真结果表明,该攻击算法能够有效降低LFSR的密钥搜索的复杂度。     

能量分析攻击基本原理与实践验证

论文介绍了旁路攻击的一种方法:能量分析攻击。通过实践验证能量分析攻击的理论基础,并最终用DPA(DifferentialPowerAnalysis)破译了单片机实现的DES算法。     

分组密码DPA汉明重量区分函数选择方法

为了解决分组密码差分能量分析攻击(DPA)汉明重量区分函数选择问题,提出了一种基于相对非线性度的选择方法.该方法利用分组密码算法S盒输出相对非线性度与DPA之间的关系,通过比较相对非线性度的大小来选择汉明重量区分函数.通过仿真验证和实测验证,证明采用该方法能够正确地选择攻击效果较好的汉明重量区分函数.     

针对SMS4轮输出的选择明文能量分析攻击

提出了针对SMS4轮输出的选择明文能量分析攻击,攻击时以一定约束条件选择明文,先攻击出轮迭代函数的输出,再由轮迭代函数的输出反推出对应的轮子密钥,从而实现了以轮输出作为中间数据对SMS4的能量分析攻击,并利用该方法对无防护SMS4算法的能量曲线进行了能量分析攻击,实验表明该攻击方法是行之有效的。     

一种基于攻击图模型的网络安全评估方法

随着网络的深入和快速发展,网络安全问题日益严峻,研究网络安全的评估方法,具有重要的现实意义。安全漏洞的大量存在是安全问题的总体形势趋于严峻的重要原因之一。详细介绍了攻击图建模方法,给出了攻击图自动生成算法,提出了一种利用数学模型分析攻击图,并对网络系统进行安全评估的方法,最后通过一个虚拟网络环境对网络安全评估方法进行了验证。该方法对攻击图的研究具有现实意义。     

基于塔域的通用循环移位掩码设计方法

该文分析了塔域的运算特性,提出了基于塔域分解的非线性变换实现方法,设计了求逆运算的随机掩码方案,利用循环移位对随机掩码进行移位变换,形成了基于塔域的循环移位随机掩码方案,实现了所有中间值的随机化隐藏,提高了算法的抗能量攻击能力。该文在高级加密标准(AES)算法上进行验证,利用T-test和相关性分析对掩码方案进行安全性评估。该掩码方案无明显信息泄露点,可有效抵抗相关性攻击,另外较现有文献的掩码方案,资源开销更小,通用性更好。     

基于塔域的通用循环移位掩码设计方法

该文分析了塔域的运算特性,提出了基于塔域分解的非线性变换实现方法,设计了求逆运算的随机掩码方案,利用循环移位对随机掩码进行移位变换,形成了基于塔域的循环移位随机掩码方案,实现了所有中间值的随机化隐藏,提高了算法的抗能量攻击能力.该文在高级加密标准(AES)算法上进行验证,利用T-test和相关性分析对掩码方案进行安全性评估.该掩码方案无明显信息泄露点,可有效抵抗相关性攻击,另外较现有文献的掩码方案,资源开销更小,通用性更好.     

针对密码芯片频域互信息能量分析攻击

在对密码芯片进行时域上互信息能量分析基础上,提出频域上最大互信息系数能量分析攻击的方法。该方法结合了密码芯片在频域上信息泄露的原理和互信息能量分析攻击的原理,引入了最大互信息系数的概念,避免了在时域上进行曲线精确对齐的操作,并针对国产密码算法SMS4进行了攻击测试。实验表明,频域上最大互信息系数攻击的有效性扩展了侧信道能量分析攻击的方法。     

基于模板和KNN算法的能量分析攻击对比研究

能量分析攻击至今仍是针对密码芯片最具威胁的攻击方法之一,针对传统的模板分析攻击和KNN算法的攻击进行对比研究,对比模板攻击和机器学习中的KNN优缺点。首先对皮尔逊相关系数、互信息和最大信息系数、距离相关系数3种降维方法进行了研究;然后对比了相同数量功耗曲线下,特征点数量对两种能量分析的成功率等性能的影响;同时研究了不同降维技术在相同功耗曲线数量和不同功耗曲线数量时对两种能量分析攻击的影响。结果表明,模板攻击在运行速度、占用内存方面优于KNN算法攻击,而在攻击成功率和鲁棒性方面,KNN算法攻击具有更好的表现。     

针对基于SM3的HMAC的能量分析攻击方法

现有基于SM3的HMAC的能量攻击方法,仅适用于同时存在汉明重量和汉明距离信息泄露的攻击对象,如果被攻击对象存在单一模型的信息泄露,则这些方法均不适用。针对该局限性,提出了一种针对SM3的HMAC的能量分析新型攻击方法,该新型攻击方法每次攻击时选择不同的攻击目标和其相关的中间变量,根据该中间变量的汉明距离模型或者汉明重量模型实施能量分析攻击,经过对SM3密码算法的前4轮多次实施能量分析攻击,将攻击出的所有结果联立方程组,对该方程组求解,即可推出最终的攻击目标。通过实验验证了该攻击方法的有效性。由于所提方法不仅可以对同时存在汉明重量和汉明距离信息泄露的对象进行攻击,而且还可以对仅存在单一信息泄露模型的对象进行攻击,所以该方法应用的攻击对象比现有的攻击方法应用更广。     

Multi-point joint power analysis attack against AES

For the power analysis attack of the AES cryptographic algorithm with the single information leakage point,the traditional attack method does not use as much information as possible in the algorithm and power trace.So there are some problems such as required more power traces,the low utilization rate of information and so on.A novel method of muti-point joint power analysis attack against AES was proposed to solve the problems.And taking the correlation power analysis attack as an example,the detailed attack process was presented.The operations of the round key addition and the SubBytes were chosen as the attack intermediate variable at the same time.Then the joint power leakage function was con-structed for the attack intermediate variable.And the multi-point joint correlation energy analysis attack was given.Aiming at the AES cryptographic algorithm implemented on the smart card,the multi-point joint power analysis attack,the correlation power analysis attack with the single information leakage point in the key addition and the SubBytes were conducted.The measured results validate the proposed method is effective.It also shows that the proposed method has the advantages of high success rate and less power traces comparing with the single information leakage point.     

Practical Second‐Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary‐with‐random‐initial‐point algorithm on elliptical curve cryptosystems. It is known to be secure against first‐order differential power analysis (DPA); however, it is susceptible to second‐order DPA. Although second‐order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second‐order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.     

针对SM4轮输出的改进型选择明文功耗分析攻击

The power analysis attack on SM4 using the chosen-plaintext method was proposed by Wang et al in 2013 CIS.The fixed data was introduced in the method when attacking the round key.However,the attack process was complex.There were many problems in the process,such as more power traces,more numbers of the chosen-plaintext and acquisition power traces.The correlation between the fixed data and the round key were presented,which could be used to decode the round key.Based on the correlation,the improved chosen-plaintext power analysis attack against SM4 at the round-output was proposed.The proposed method attacked the fixed data by analyzing the power traces of the special plaintext.And the round key was derived based on the correlation.The results show that the proposed attack algorithm is effective.The proposed method not only improves the efficiency of the attack by reducing number of power traces,number of the chosen-plaintext and number of acquisition power traces,but also can be applied to a chosen-plaintext power analysis attack against SM4 at the shift operation.     

Utility analysis and evaluation method study of side channel information

In order to improve the efficiency and success rate of the side channel attack, the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation. Based on the study of side-channel attack techniques, a method is proposed in this paper to analyze and evaluate the utility of side channel information and the evaluation indexes of comentropy Signal-to-Noise Ratio （SNR） are introduced. On this basis, the side channel information （power and electromagnetic） of a side channel attack experiment board is analyzed and evaluated, and the Data Encryption Standard （DES） cipher algorithm is attacked with the differential power attack method and differential electromagnetic attack method. The attack results show the effectiveness of the analysis and evaluation method proposed in this paper.     

Improving power analysis attack resistance using intrinsic noise in 3D ICs

Three-dimensional (3D) integration is envisioned as a natural defense to thwart side-channel analysis (SCA) attacks on the hardware implementation of cryptographic algorithms. However, neither physical experiments nor quantitative analysis is available in existing works to study the impact of power distribution network (PDN) on the SCA attacks. Through quantitative analyses and experiments with realistic 3D models, this work demonstrates the impact of noise in PDN on the 3D chip's resilience against correlation power analysis (CPA) attack, which is one of SCA attacks. The characteristic of PDN noise is extracted from our experiments. To expand the natural defense originated from the 3D integration, this work proposes to exploit the PDN noise inherently existing in 3D chips to thwart CPA attacks. Instead of introducing external noise or flattening the power profile, the proposed method utilizes the spatially and temporally varied supply voltages from other 3D planes to blur the power correlation of the crypto unit. Both theoretical analysis and experimental validation prove that the proposed method can effectively enhance the resilience of a crypto unit embedded in the 3D chip against CPA attacks. Simulation results show the proposed method improves the average guessing entropy by 9× over the baseline. Emulation on an FPGA platform demonstrates that the proposed method successfully slows down the key retrieval speed of CPA attack, with significantly less power overhead than representable power equalization techniques. Test vector leakage assessment (TVLA) shows that the proposed method improves the confidence to accept null hypothesis 201× over the baseline.     

新扩展多变量公钥密码方案

摘 要：为了有效地抵抗线性攻击和差分攻击,基于“温顺变换”思想构造了一种非线性可逆变换,将此变换与Matsumoto-Imai (MI)方案结合,提出了一种新的扩展多变量公钥密码方案。接着,在扩展方案的基础上,设计出了新的多变量公钥加密方案和签名方案。分析结果表明：该方案继承了MI方案计算高效的优点,并且能够抵抗线性攻击、差分攻击和代数攻击。     

The research of DPA attacks against AES implementations

This article examines vulnerabilities to power analysis attacks between software and hardware implementations of cryptographic algorithms. Representative platforms including an Atmel 89S8252 8-bit processor and a 0.25 um 1.8 v standard cell circuit are proposed to implement the advance encryption standard （AES）. A simulation-based experimental environment is built to acquire power data, and single-bit differential power analysis （DPA）, and multi-bit DPA and correlation power analysis （CPA） attacks are conducted on two implementations respectively. The experimental results show that the hardware implementation has less data-dependent power leakages to resist power attacks. Furthermore, an improved DPA approach is proposed. It adopts hamming distance of intermediate results as power model and arranges plaintext inputs to differentiate power traces to the maximal probability. Compared with the original power attacks, our improved DPA performs a successful attack on AES hardware implementations with acceptable power measurements and fewer computations.     

Mutual information power analysis attack of HMAC based on SM3

A novel method of mutual information power analysis attack was proposed.The method was built on the basis of the basic principle of power analysis and the basic theory of information.For the purpose of attacking the key,the mutual in-formation values was computed using two values between the mediate variable with the power traces.An experiment was im-plemented on the algorithm of HMAC based on SM3 using this method.The experimental results show the proposed attack method is effective because the initial value of state variable can be successfully retrieved to compute the real true key.     

ADS-B攻击数据弹性恢复方法

为了对自动广播相关监视(ADS-B)攻击数据进行弹性恢复,确保空情态势感知信息的持续可用性,该文提出针对ADS-B攻击数据的弹性恢复方法。基于前置的攻击检测机制,获取当前ADS-B量测数据序列和预测数据序列,并在此基础上构建偏差数据序列、差分数据序列和邻近密度数据序列。依托偏差数据构建恢复向量,依托差分数据挖掘攻击数据的时序特性,依托邻近密度数据挖掘攻击数据的空间特性。通过整合3种数据序列构建弹性恢复策略并确定恢复终止点,实现对攻击影响的弱化,将ADS-B攻击数据向正常数据方向进行定向恢复。通过对6种典型攻击样式的实验分析,证明该弹性恢复方法能够有效恢复ADS-B攻击数据,削弱数据攻击对监视系统的影响。