基于碰撞模型的PRESENT密码代数旁路攻击

提出了一种新的分组密码通用的基于碰撞模型的分组密码代数旁路分析方法—代数功耗碰撞攻击,将代数攻击与功耗碰撞攻击结合,首先利用代数分析方法建立密码算法等效布尔代数方程组;然后通过功耗攻击手段获取密码加密过程运行时泄露的功耗信息,经分析转化为加密过程碰撞信息,并表示为关于加密中间状态变元的代数方程组;最后使用CryptoMiniSAT解析器求解方程组恢复密钥。应用该方法对在8位微控制器上实现的PRESENT密码进行了实际攻击,实验结果表明,代数攻击基础上引入额外的代数方程组,可有效降低方程组求解的复杂度;PRESENT易遭受此类代数功耗攻击的威胁,明密文已知,以4个样本全轮碰撞或8个样本部分轮碰撞信息成功获取PRESENT 80bit完整密钥。此外,文中分析方法也可为其它分组密码功耗碰撞分析提供一定思路。     

轻型分组密码LED代数故障攻击方法

针对CHES 2011会议上提出的轻型分组密码LED,给出了一种代数故障攻击方法。首先利用代数攻击方法建立密码算法等效布尔代数方程组;然后基于单比特故障模型根据算法故障密文得到差分故障信息,并转换为额外的代数方程组;最后利用CryptoMiniSAT解析器求解密钥。实验结果表明,针对LED算法代数故障攻击优于传统的差分故障分析,第30轮一次故障注入即可在122 s内恢复LED 64 bit完整密钥。     

基于汉明重的SMS4密码代数旁路攻击研究

基于汉明重泄露模型,对SMS4算法抗代数旁路攻击能力进行了评估.首先构建SMS4算法等价布尔代数方程组,然后采集SMS4加密功耗泄露,基于模板分析对加密中间状态字节的汉明重进行推断,并转化为与密码算法联立的代数方程组,最后利用解析器进行密钥求解.结果表明:SMS4密码易遭受代数旁路攻击;已知明文条件下,2个样本4轮连续汉明重泄露或26轮离散汉明重泄露可恢复128bit SMS4主密钥;未知明密文条件下,2个样本连续5轮汉明重泄露可恢复128bit SMS4主密钥;使用随机掩码防御的SMS4实现仍不能有效防御代数旁路攻击,已知明文条件下,2个样本连续14轮汉明重泄露可恢复128bit SMS4主密钥.为提高攻击实用性,提出了一种容错代数旁路攻击方法,结果表明汉明重推断错误率不超过60％的情况下,2个样本可恢复128bit SMS4主密钥.本文方法对其它分组密码代数旁路攻击研究具有一定的借鉴意义.     

ITUbee密码代数旁路攻击

ITUbee是在2013年第二届轻量级加密安全与隐私国际研讨会上提出的轻量级密码算法,对ITUbee密码进行安全分析有着积极意义。研究了ITUbee的代数旁路攻击方法,首先构建ITUbee密码S盒的等价代数方程组;由于构造的方程组不易解,通过采集ITUbee算法的加密功耗泄露,对加密中间状态字节的汉明重进行推断,并将其转化为与密码算法联立的布尔方程组,再利用cryptominisat解析器来求解密钥。实验结果表明,按此思路构造的ITUbee攻击方法所需样本少;在已知明文和未知明密文的场景下,1次ITUbee加密、部分轮汉明重泄露的情况下可成功恢复全部初始密钥。     

基于汉明重的EPCBC代数侧信道攻击

为评估EPCBC密码的安全性,在汉明重的基础上,提出一种EPCBC密码代数侧信道攻击方法,并研究影响攻击效率的因素。构建该算法的代数方程组,通过功耗泄露情况推断汉明重,将其转化为代数方程组,并利用解析器求解密钥。实验结果表明,该方法在已知明密文和未知明密文条件下均可恢复出完整密钥。     

基于汉明重的PRESENT密码代数旁路攻击

研究了分组密码代数旁路攻击原理及模型、非线性布尔方程组转化为saT问题的方法,提出了一种基于汉明重的PRESENT密码代数旁路攻击方法,降低了求解非线性多元方程组的复杂度,减少了旁路攻击所需样本量,并通过实验对理论正确性进行了验证。结果表明,在已知明文条件下,利用一个样本前3轮的S盒输入、输出汉明重在0.63s内即可恢复80bit PRESENT完整密钥;在未知明密文和S盒输入、输出汉明重随机选取条件下,也可恢复PRESENT完整密钥。     

针对分组密码的攻击方法研究

为提升旁路攻击对分组密码算法硬件实现电路的攻击效果,增大正确密钥与错误密钥间的区分度,提出一种针对分组密码的旁路攻击方法。结合差分功耗分析(DPA)攻击和零值攻击的特点,通过分类来利用尽可能多的功耗分量,以攻击出全部密钥。在FPGA上实现AES硬件电路并进行实验,结果表明,在20万条全随机明文曲线中,该方法恢复出了全部密钥,相比DPA攻击方法,其正确密钥与错误密钥间的区分度更大。     

一种基于Grobner基的代数攻击方法

代数攻击能够有效分析出分组密码中的密钥值,Grobner基能够快速求解多变量高次方程组。该文提出一种基于Grobner基的代数攻击方法,用超定代数方程组描述Rijndael加密算法,采用项序转换算法FGML将次数反字典序转化为字典序,使算法能够在已知少量明密文对的情况下对密钥进行求解,通过设计合理的项序和方程组解的判定降低算法复杂度。     

MIBS密码旁路立方体攻击

研究密码MIBS安全性评估问题.基于单比特泄露模型,假定攻击者可以获取加密中间状态的1比特信息泄露.预处理阶段,随机生成不同选择明文和密钥进行极大项和超多项式提取;在线分析阶段,利用超多项式和加密输出中间状态信息泄露构建关于密钥变量的低次方程组,经方程组求解恢复密钥.结果表明:针对MIBS加密第1轮输出的第5比特泄露,26.39个选择明文分析将MIBS-64密钥搜索空间降低至240.经暴力破解可最终恢复64位MIBS完整密钥.改进方法对其它分组密码旁路立方体攻击研究具有一定借鉴意义.     

ARIA分组密码相关性功耗分析

功耗攻击已对密码算法实现的物理安全性构成严重威胁,对其攻击和防御的研究是近年来旁路攻击的热点问题。研究了ARIA韩国国家分组密码的相关功耗分析攻击方法。阐述了ARIA密码算法,给出了密码算法功耗泄露模型及相关性分析的原理,结合ARIA算法给出了相关功耗分析的具体方法,并通过仿真实验验证了攻击的有效性。结果表明,ARIA密码中的非线性S盒查表操作功耗泄露使其易遭受相关功耗分析攻击;仿真环境下10个样本的采集和分析即可恢复ARIA主密钥。     

针对重用掩码AES算法的随机明文碰撞攻击

侧信道攻击是密码学研究的热点方向,碰撞攻击作为侧信道攻击的重要分支,可从泄露能量中有效提取中间值信息,根据中间值信息检测不同S盒之间的碰撞,并利用碰撞建立不同密钥字节之间的线性关系,缩小密钥候选值的空间。针对使用重用掩码的高级加密标准（AES）算法,自适应选择明文碰撞攻击方法需要预先建立攻击模板,并且实施攻击所需的前提条件较多。提出一种高效的随机明文碰撞攻击方法,基于2个不同S盒输入值的汉明距离及其对应能量迹的欧氏距离之间的关系,从256个密钥异或值中找出正确的密钥异或值。通过理论分析得出该方法无需预先确定碰撞阈值及建立攻击模板,即可有效利用能量迹中未发生碰撞的信息,并且所加密的明文是随机的,能在没有目标设备的情况下实施攻击。实验结果表明,与自适应选择明文碰撞攻击、改进型相关性碰撞攻击等方法相比,该方法减少了实现碰撞攻击所需的前提条件,并且扩大了攻击范围。     

Differential power analysis of stream ciphers with LFSRs

Side-channel attacks on block ciphers and public key algorithms have been discussed extensively, but only a few systematic studies on the applicability of side-channel attacks to stream ciphers could be found. The objective of the present study is to develop general differential power analysis techniques which can be employed to attack the stream ciphers with linear feedback shift registers. To illustrate the new approach, a common structure of a stream cipher with the basic components is given. Then the approach is employed to analyze the given structure. The results show that the linear feedback shift registers may leak the information of the secret key. The approach is also applied to Crypto-1 and the experimental results show that it is very effective. 28-bit information of the 48-bit secret key can be obtained just by analyzing some power traces. Furthermore, the present work may be helpful in analyzing a variety of stream ciphers with LFSRs.     

一种针对分组密码S盒的组合侧信道攻击方法*

近年来随着半导体工艺的飞速发展和信息安全的重要性不断增强,越来越多的硬件嵌入了密码算法以保证数据安全性。针对嵌入了FPGA密码芯片的设备在运行算法时泄漏的侧信道信息进行了研究,提出一种改进分组密码S盒的组合侧信道攻击方案,该方案由差分功耗攻击、模板攻击、和毛刺攻击构成。通过传统的差分功耗攻击确定S盒运行的时间区间,然后针对目标S盒的输入输出利用一个时钟周期内逻辑门毛刺个数与部分功耗线性相关的方法,采用线性模型匹配算法恢复密钥并减少了基于多元高斯模型匹配的计算量,为今后提高侧信道攻击的效率提供依据。     

SCARE and power attack on AES-like block ciphers with secret S-box

Despite Kerckhoff's principle, there are secret ciphers with unknown components for diplomatic or military usages. The side-channel analysis of reverse engineering (SCARE) is developed for analyzing secret ciphers. Considering the side-channel leakage, SCARE attacks enable the recovery of some secret parts of a cryptosystem, e.g., the substitution box table. However, based on idealized leakage assumption, most of these attacks have a few limitations on prior knowledge or implementations. In this paper, we focus on AES-like block ciphers with a secret S-box and demonstrate an attack which recovers both the secret key and the secret S-box. On the one hand, the key is recovered under profiled circumstance by leakage analysis and collision attack. On the other hand, the SCARE attack is based on mathematical analysis. It relies on Hamming weight of MixColumns intermediate results in the first round, which can restore the secret S-box. Experiments are performed on real power traces from a software implementation of AES-like block cipher. Moreover, we evaluate the soundness and efficiency of our method by simulations and compare with previous approaches. Our method has more advantages in intermediate results location and the required number of traces. For simulated traces with gaussian noise, our method requires 100000 traces to fully restore the secret S-box, while the previous method requires nearly 300000 traces to restore S-box.     

Side-channel cryptographic attacks using pseudo-boolean optimization

Symmetric block ciphers, such as the Advanced Encryption Standard (AES), are deterministic algorithms which transform plaintexts to ciphertexts using a secret key. These ciphers are designed such that it is computationally very difficult to recover the secret key if only pairs of plaintexts and ciphertexts are provided to the attacker. Constraint solvers have recently been suggested as a way of recovering the secret keys of symmetric block ciphers. To carry out such an attack, the attacker provides the solver with a set of equations describing the mathematical relationship between a known plaintext and a known ciphertext, and then attempts to solve for the unknown secret key. This approach is known to be intractable against AES unless side-channel data – information leaked from the cryptographic device due to its internal physical structure – is introduced into the equation set. A significant challenge in writing equations representing side-channel data is measurement noise. In this work we show how casting the problem as a pseudo-Boolean optimization instance provides an efficient and effective way of tolerating this noise. We describe a theoretical analysis, connecting the measurement signal-to-noise ratio and the tolerable set size of a non-optimizing solver with the success probability. We then conduct an extensive performance evaluation, comparing two optimizing variants for dealing with measurement noise to a non-optimizing method. Our best optimizing method provides a successful attack on the AES cipher which requires surprisingly little side-channel data and works in reasonable computation time. We also make available a set of AES cryptanalysis instances and provide some practical feedback on our experience of using open-source constraint solvers.     

一种椭圆曲线密码算法ECC旁路攻击方法研究

针对椭圆曲线密码算法ECC的旁路安全性进行研究,分析了ECC算法的旁路攻击脆弱点。对点乘和点加进行了研究,在此基础上,研究ECC密码算法差分功耗攻击过程,给出了未加防护和加入一位固定值掩码的ECC算法差分功耗攻击方法;并进行了相应的攻击实验,对两种旁路攻击实验结果进行了比较分析,表明未加防护的ECC算法不能防御旁路攻击。同时实验结果显示,相对于对称密码算法,ECC密码算法攻击的难度较大。     

Deep learning side-channel attack against hardware implementations of AES

In the field of image recognition, machine learning technologies, especially deep learning, have been rapidly advancing alongside the advances of hardware such as GPUs. In image recognition, in general, large numbers of labeled images to be identified are input to a neural network, and repeatedly learning the images enables the neural network to identify objects with high accuracy. A new profiling side-channel attack method, the deep learning side-channel attack (DL-SCA), utilizes the neural network’s high identifying ability to unveil a cryptographic module’s secret key from side-channel information. In DL-SCAs, the neural network is trained with power waveforms captured from a target cryptographic module, and the trained network extracts the leaky part that depends on the secret. However, at this stage, the main target of investigation has been software implementation, and studies regarding hardware implementation, such as ASIC, are somewhat lacking. In this paper, we first depict deep learning techniques, profiling side-channel attacks, and leak models to clarify the relation between secret and side channels. Next, we investigate the use of DL-SCA against hardware implementations of AES and discuss the problem derived from the Hamming distance model and ShiftRow operation of AES. To solve the problem, we propose a new network training method called “mixed model dataset based on round-round XORed value.” We prove that our proposal solves the problem and gives the attack capability to neural networks. We also compare the attack performance and characteristics of DL-SCA to conventional analysis methods such as correlation power analysis and conventional template attack. In our experiment, a dedicated ASIC chip for side-channel analysis is utilized and the chip is also equipped with a side-channel countermeasure AES. We show how DL-SCA can recover secret keys against the side-channel countermeasure circuit. Our results demonstrate that DL-SCA can be a more powerful option against side-channel countermeasure implementations than conventional SCAs.