抗故障攻击的专用芯片存储单元设计

在复用检测和线性校验码检测的基础上,提出互补存储、奇偶校验和汉明码校验三种存储单元的抗故障攻击防护方案。应用这三种方案,用硬件描述语言Verilog设计了三种抗故障攻击双端口RAM存储器,在Altera公司的器件EP1C12Q240C8上予以实现。通过仿真验证,三种带故障检测的RAM具有较高的故障检测概率,而对硬件芯片性能影响不大。     

SMS4密码算法的差分故障攻击

SMS4是用于WAPI的分组密码算法,是国内官方公布的第一个商用密码算法．由于公布时间不长,关于它的安全性研究尚没有公开结果发表．该文研究SMS4密码算法对差分故障攻击的安全性．攻击采用面向字节的随机故障模型,并且结合了差分分析技术．该攻击方法理论上仅需要32个错误密文就可以完全恢复出SMS4的128比特种子密钥．因为实际中故障发生的字节位置是不可能完全平均的,所以实际攻击所需错误密文数将略大于理论值;文中的实验结果也验证了这一事实,恢复SMS4的128bit种子密钥平均大约需要47个错误密文．文章结果显示SMS4对差分故障攻击是脆弱的．为了避免这类攻击,建议用户对加密设备进行保护,阻止攻击者对其进行故障诱导．     

Keccak算法|海绵结构|哈希算法|可重构|现场可编程门阵列

在分析研究Keccak算法的基础上,针对现有Keccak算法的硬件实现方案版本单一,应用不灵活的问题,设计了一种高性能可重构的Keccak算法硬件实现方案。实验结果表明:该方案在Xilinx 公司的现场可编程门阵列(FPGA)Virtex-5平台上的时钟频率可达214MHz,占用1607slices;该方案具有吞吐量高(9131Mbps),应用灵活性好,可支持4种不同参数版本的优点。     

改进的SMS4算法差分故障与暴力联合攻击

研究了SMS4对差分故障和暴力联合攻击的安全性.这种联合攻击利用传统的故障模型、采用一种简化的差分故障攻击与暴力攻击相结合的方法.在实验中,用该攻击方法不到1分钟就可以恢复出128位的SMS4种子密钥,实验结果表明,SMS4密码算法很难防范这种利用差分故障和暴力攻击的联合攻击.该类型攻击对SMS4具有很大威胁,所以使用SMS4密码算法时,必须对轮函数相关运算进行保护.     

基于FPGA的全桥软开关电路故障自动检修系统

传统的电路故障自动检修系统大多针对固定类型的故障进行检测,而且系统运行时的计算复杂、对硬件资源占用过高,影响了检修系统的实际使用效果。针对以上问题,设计了基于FPGA的全桥软开关电路故障自动检修系统。在传统系统的硬件部分基础上,设计FPGA控制模块和信号生成、采集模块。系统检修信号进行分频处理后,利用处理后的信号和专家系统实现对电路故障的自动检修。通过与传统系统的对比实验,验证了基于FPGA的检修系统对电路故障的覆盖率高于91%,吞吐量约为传统系统的2.55倍,能够有效降低对硬件资源的占用,具有实际使用价值。     

针对RSA算法软件应用的故障攻击研究

原有的RSA故障攻击针对的都是运行在智能卡等硬件上的算法,为研究针对RSA软件实现方式的故障攻击,剖析中国剩余定理软件实现算法,提出针对OpenSSL密码库的RSA算法软件实现的故障攻击算法,给出一种只需要一次错误签名的改进攻击方案。通过仿真实验验证算法的可行性,并给出抵御此类攻击的有效措施。     

SMS4加密算法的设计和高效实现

本文对SMS4算法各运算单元进行了分析和优化设计,并根据该加密算法的结构和特点提出了一种基于FPGA的硬件高效实现方案。与传统硬件实现方案相比,本设计大大减少了硬件资源的消耗,并充分保证了处理速度,因而非常适用于无线局域网的安全产品。     

Skein算法的流水线结构设计与实现

硬件实现的速度和性能是SHA-3算法甄选的重要指标。针对SHA-3末轮5个候选算法之一的Skein算法,结合其4轮迭代结构的关键路径较短而8轮迭代结构实现所用的选择器较少的优点,采用FPGA实现了一个两级流水线结构的Skein算法IP核。仿真验证结果表明,该算法在Xilinx Virtex-5上数据吞吐量达到6. 4Gbps,比之前的非流水线结构速度性能提高了82%以上,硬件资源利用率提高了2100,特别适用于Hash树计算。     

基于FPGA的16位数据路径的AES IP核

提出一种基于FPGA的16位数据路径的高级加密标准AES IP核设计方案。该方案采用有限状态机实现,支持密钥扩展、加密和解密。密钥扩展采用非并行密钥扩展,减少了硬件资源的占用。该方案在Cyclone II FPGA芯片EP2C35F484上实现,占用20 070个逻辑单元（少于60%的资源）,系统最高时钟达到100 MHz。与传统的128位数据路径设计相比,更方便与处理器进行接口。     

一种检测程序控制流故障的方法

本文介绍一种在容错处理器中实现控制流故障检测的方法。处理器的容错机制是通过修改超标量体系结构,利用时间冗余技术实现的。处理器支持两个指令流并发执行,本文提出的控制流检测算法是通过比较两个时间冗余的指令流的执行结果实现的,与同类实现方案相比,此方法可以进一步节省硬件资源以及额外的处理器执行时间。     

Online traffic-aware fault detection for networks-on-chip

A key requirement for modern Networks-on-Chip (NoC) is the ability to detect and diagnose faults and failures. This paper addresses the challenge of fault diagnosis using online testing where the interruption of the runtime operation (performance) under diagnosis is minimised. A novel Monitor Module (MM) is proposed to detect NoC interconnect faults which minimise the intrusion of the regular NoC traffic throughput by (1) using a channel tester which only examines NoC channels when they are idle; and (2) using a testing interval parameter based on the Binary Exponential Back off algorithm to dynamically balance the level of testing when recovering from temporary faults. The paper presents results on the minimal impact on NoC throughput for a range of testing conditions and also highlights the minimal area overhead of the MM (11.56%) compared with an adaptive NoC router implemented on FPGA hardware. Simulation results demonstrate non-intrusion of the NoC runtime traffic throughput when channel are fault free, and also how throughput loss is minimised when faults are identified.     

A Secure Hardware Implementation for Elliptic Curve Digital Signature Algorithm

Since the end of the 1990s, cryptosystems implemented on smart cards have had to deal with two main categories of attacks: side-channel attacks and fault injection attacks. Countermeasures have been developed and validated against these two types of attacks, taking into account a well-defined attacker model. This work focuses on small vulnerabilities and countermeasures related to the Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. The work done in this paper focuses on protecting the ECDSA algorithm against fault-injection attacks. More precisely, we are interested in the countermeasures of scalar multiplication in the body of the elliptic curves to protect against attacks concerning only a few bits of secret may be sufficient to recover the private key. ECDSA can be implemented in different ways, in software or via dedicated hardware or a mix of both. Many different architectures are therefore possible to implement an ECDSA-based system. For this reason, this work focuses mainly on the hardware implementation of the digital signature ECDSA. In addition, the proposed ECDSA architecture with and without fault detection for the scalar multiplication have been implemented on Xilinx field programmable gate arrays (FPGA) platform (Virtex-5). Our implementation results have been compared and discussed. Our area, frequency, area overhead and frequency degradation have been compared and it is shown that the proposed architecture of ECDSA with fault detection for the scalar multiplication allows a trade-off between the hardware overhead and the security of the ECDSA.     

分组密码AES-128的差分故障攻击

AES是美国数据加密标准的简称,又称Rijndael加密算法。它是当今最著名且在商业和政府部门应用最广泛的算法之一。AES有三个版本,分别是AES-128,AES-19和AES-AES的分析是当今密码界的一个热点,文中使用差分故障攻击方法对AES进行分析。差分故障攻击假设攻击者可以给密码系统植入错误并获得正确密文和植入故障后密文,通过对两个密文分析比对从而得到密钥。文中提出了对AES-128的两种故障攻击方法,分别是在第8轮和第7轮的开始注入故障。两个分析方法分别需要2个和4个故障对。数据复杂度分别为2^34（2^112）次猜测密钥。     

具有多传感器的CPS系统的攻击检测

信息物理系统（cyber-physical systems，简称CPS）是基于环境感知实现计算、通信与物理元素紧密结合的下一代智能系统，广泛应用于安全攸关的系统和工业控制等领域.信息技术与物理世界的相互作用使得CPS容易受到各种恶意攻击，从而破坏其安全性.主要研究存在瞬态故障的CPS中传感器的攻击检测问题.考虑具有多个传感器测量相同物理变量的系统，其中一些传感器可能受到恶意攻击并提供错误的测量.此外，使用抽象传感器模型，每个传感器为控制器提供一个真实值的可能间隔.已有的用于检测传感器被恶意攻击的方法是保守的.当专业攻击者在一段时间内轻微地或不频繁地操纵传感器的输出时，现有方法很难捕获到攻击，如隐身攻击.为了解决这个问题，设计了一种基于融合间隔和历史测量的传感器攻击检测方法.该方法首先为不同的传感器构建不同的故障模型，使用系统动力学方程把历史测量融入到攻击检测方法中，从不同的方面分析传感器的测量.另外，利用历史测量和融合间隔解决了两个传感器的测量相交时是否存在故障的问题.该方法的核心思想是利用传感器之间的成对不一致关系检测和识别攻击.从EV3地面车辆上获得真实的测量数据来验证算法的性能.实验结果表明，所提出的方法优于现有方法，对各种攻击类型都有较好的检测和识别性能，特别是对于隐身攻击，检测率和识别率大约提高了90%以上.     

LiCi密码的差分故障攻击

LiCi轻量级分组密码算法是2017年提出的一种新型密码算法,其具有结构微小、消耗能量少等优点,适用于物联网等资源受限的环境.在LiCi的设计文档中,对该算法抵御差分攻击和线性攻击的能力进行了分析,但LiCi算法对于差分故障攻击的抵抗能力尚未得到讨论.针对LiCi算法每轮迭代的移位规律,在第31轮迭代时的左半侧多次注入...     

Cryptanalysis of a Type of CRT-Based RSA Algorithms

It is well known that the Chinese Remainder Theorem(CRT)can greatly improve the performances of RSA cryptosystem in both running times and memory requirements.However,if the implementation of CRT-based RSA is careless,an attacker can reveal some secret information by exploiting hardware fault cryptanalysis.In this paper,we present some fault attacks on a type of CRT-RSA algorithms namely BOS type schemes including the original BOS scheme proposed by Bl(?)mer,Otto,and Seifert at CCS 2003 and its modified scheme proposed by Liu et al.at DASC 2006.We first demonstrate that if some special signed messages such as m=0,±1 are dealt carelessly,they can be exploited by an adversary to completely break the security of both the BOS scheme and Liu et al.'s scheme.Then we present a new permanent fault attack on the BOS scheme with a success probability about 25%.Lastly,we propose a polynomial time attack on Liu et al.'s CRT-RSA algorithm,which combines physical fault injection and lattice reduction techniques when the public exponent is short.     

基于Petri网的软硬件故障建模方法研究

针对计算机系统中软件和硬件相互作用而引发的故障分析问题,提出了基于Petri网的软硬件故障模型,用以表达软件故障和硬件故障相互作用的复杂过程,在此基础上给出了软件、硬件和软硬件故障模式的形式化定义。根据软硬件故障模式的特征,基于故障的传播过程提出了软硬件故障识别算法。实例结果表明模型和算法可以准确的分析和识别软硬件故障,从而为计算机系统的可靠性分析提供了新的途径。     

针对椭圆曲线密码系统点乘算法的改进差分故障攻击

针对故障攻击椭圆曲线点乘算法失效问题,提出一种改进的差分故障攻击算法。该算法消除了非零块的假设,并引入验证机制抵抗了“故障检测”失效威胁。以SM2算法提供的椭圆曲线为例,通过软件仿真成功攻击了二进制点乘算法、二进制非相邻型（NAF）点乘算法和蒙哥马利点乘算法,3小时内恢复出了256比特私钥。针对二进制NAF点乘算法攻击过程进行了优化,将攻击时间缩短至原来的五分之一。实验结果表明,所提算法能够提高攻击的有效性。     

运行控制系统集中式容错控制方法

本文针对运行控制系统,建立了运行优化控制过程的双层结构模型.在此基础上,通过建立相应的自适应故障诊断算法,提出了保证在系统有故障和干扰时仍能渐近优化指标的集中式容错控制方法,利用李雅普诺夫稳定性理论分析了自适应故障诊断算法的构建.已证明:该方法通过调整已优化的设定值来保证在回路控制层出现故障时整个运行控制仍可收敛到其原有的优化控制效果.该方法属于非完备容错控制,仿真结果验证了所提方法的有效性.     

Fault diagnosis architecture for SKINNY family of block ciphers

Cryptographic hardware and software applications are prone to various attacks either from the environments or from the attacker to gain the secret key. Resource-constrained devices use lightweight cryptographic algorithms to achieve a high level of security. It's always a trade-off between efficient resource utilization and level of security. Out of different attacks, in recent years, fault injection attacks is well matured. It becomes imperative to choose the best and efficient fault diagnosis schemes for lightweight cryptography. In this paper, we propose novel Concurrent error detection (CED), i.e., recomputing with inverted operands (REIO) method for SKINNY Family of Block Ciphers to increase the reliability. The proposed fault detection technique for SKINNY round-based pipelined architecture is adapted. The result shows that the throughput overhead of the SKINNY remains within 2.5% variance for the proposed novel fault detection with a pipelined technique, a maximum of 10% area overhead. We have implemented the proposed fault detection scheme using Xilinx FPGA. Best to our knowledge, there is no CED based fault detection technique proposed in the literature for the SKINNY family of block ciphers. The implementation results show that the proposed scheme is more effective and well suited for resource-constrained environments.