基于微控制器的AES激光注入攻击研究

密码设备面临故障攻击的威胁，针对密码芯片的故障攻击手段研究是密码学和硬件安全领域的重要研究方向。脉冲激光具有较好的时空分辨性，是一种准确度较高的故障攻击手段。该文详细描述了激光注入攻击的原理和方法，以集成AES-128算法的微控制器(MCU)为例实施了激光注入攻击实验。实验以微控制器的SRAM为攻击目标，分别成功实现了差分故障攻击和子密钥编排攻击，恢复了其16 Byte的完整密钥，其中后一种攻击是目前首次以激光的手段实现。研究表明，激光注入攻击能准确定位关键数据存放的物理位置，并能在任意的操作中引入错误，实现单比特的数据翻转，满足故障攻击模型的需求。激光注入攻击能在较短时间内完成自动攻击和密文收集，攻击过程贴近真实场景，对密码芯片具有极大的威胁。

Research on Laser Injection Attack for AES Based on Micro-Controller Unit

The security of cryptosystem is threatened by fault attacks, and implementation of fault attacks for crypto chips become an important research direction in the field of cryptography and hardware security. The pulse laser is a method with high accuracy for its high temporal-spatial resolution. In this paper, the principle and method of laser injection attacks are described in detail, and experiments are carried out on a Micro-Controller Unit (MCU) with AES-128 algorithm as an example. The SRAMs of the MCU are taken as the attack targets. Differential fault attack and the subkey expansion attack are successfully implemented, and the 16 Byte complete keys are recovered respectively. The latter attack is first implemented by the laser. The research shows that laser injection attack has many benefits to meet the requirements of fault attack models, including accurate location of critical data, error injection in any operation, and generation of single bit flip. The laser injection attacks and ciphertext collection can be completed automatically in a short time in a nearly real-life scenario, which has a great threat to the crypto chips.