摘要
针对AES密码算法的单个信息泄露点能量分析攻击,传统攻击方法没有尽可能多地利用算法和能量曲线中对攻击有用的信息,导致这种攻击存在所需曲线条数多、攻击信息利用率低等诸多问题。提出一种针对AES密码算法的多点联合能量分析攻击方法,并以相关性能量分析攻击为例,给出详细的攻击过程。攻击的同时选择轮密钥加和字节变换作为能量分析攻击的中间变量,构建关于该变量的联合能量泄露函数,实施多点联合的相关性能量分析攻击。针对智能卡上软实现的AES密码算法,分别进行联合能量分析攻击,针对轮密钥加和字节变换单个信息泄露点的相关性能量分析攻击实验,实验结果不仅验证了本攻击方法的有效性,而且证实联合能量分析攻击相比针对单个信息泄露点的能量分析攻击具有成功率高、所需攻击曲线条数少等优点。
For the power analysis attack of the AES cryptographic algorithm with the single information leakage point, the traditional attack method does not use as much information as possible in the algorithm and power trace. So there are some problems such as required more power traces, the low utilization rate of information and so on. A novel method of muti-point joint power analysis attack against AES was proposed to solve the problems. And taking the correlation power analysis attack as an example, the detailed attack process was presented. The operations of the round key addition and the Sub Bytes were chosen as the attack intermediate variable at the same time. Then the joint power leakage function was constructed for the attack intermediate variable. And the multi-point joint correlation energy analysis attack was given. Aiming at the AES cryptographic algorithm implemented on the smart card, the multi-point joint power analysis attack, the correlation power analysis attack with the single information leakage point in the key addition and the Sub Bytes were conducted. The measured results validate the proposed method is effective. It also shows that the proposed method has the advantages of high success rate and less power traces comparing with the single information leakage point.
引文
[1]KOCHER P C.Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]//Advances in Cryptology.1996:104-113.
[2]KOCHER P C,JAFFE J,JUN B.Differential power analysis[M].Berlin:Springer,1999:388-397.
[3]QUISQUATER J J.A new tool for non-intrusive analysis of smart cards based on electromagnetic emissions,the SEMA and DEMA methods[J].Eurocrypt 2000 Rump Session,2000.
[4]BONEH D,DEMILLO R A,LIPTON R J.On the importance of checking cryptographic protocols for faults[C]//International Conference on Theory&Application of Cryptographic Techniques.1997:37-51.
[5]STANDAERT F X,MALKIN T G,YUNG M.A unified framework for the analysis of side channel key recovery attacks[C]//28th Annual International Conference on the Theory and Applications of Cryptographic Techniques.2009:443-461
[6]ABID T,ALI M.Differential power analysis countermeasure for improved DES with dynamic key management[J].Bahria University Journal of Information&Communication Technology,2015,8(2):15-21.
[7]MANGARD S.A simple power-analysis(SPA)attack on implementations of the AES key expansion[C]//International Conference on Information Security and Cryptology.2002:343-358.
[8]ORS S B,GURKAYNAK F,OSWALD E,et al.Power-analysis attack on an ASIC AES implementation[C]//International Conference on Information Technology:Coding and Computing.2004:546-552.
[9]OSWALD E,MANGARD S,HERBST C,et al.Practical second-order DPA attacks for masked smart card implementations of block ciphers[C]//Cryptographers’Track at The RSA Conference.2006:192-207.
[10]向春玲,吴震,饶金涛,等.针对一种AES掩码算法的频域相关性能量分析攻击[J].计算机工程,2016,42(10):146-150.XIANG C L,WU Z,RAO J T,et al.Correlation power analysis attack in frequency domain for an AES mask algorithm[J].Computer Engineering,2016,42(10):146-150.
[11]OSWALD E,MANGARD S,PRAMSTALLER N,et al.A side-channel analysis resistant description of the AES S-box[C]//International Workshop on Fast Software Encryption.2005:413-423.
[12]BONNECAZE A,LIARDET P,VENELLI A.AES side-channel countermeasure using random tower field constructions[J].Designs,codes and Cryptography,2013,69(3):331-349.
[13]OSVIK D A,SHAMIR A,TROMER E.Cache attacks and countermeasures:the case of AES[C]//Cryptographers’Track at the RSA Conference.2006:1-20.
[14]MANGARD S,SCHRAMM K.Pinpointing the side-channel leakage of masked AES hardware implementations[C]//International Workshop on Cryptographic Hardware and Embedded Systems.2006:76-90.
[15]MORADI A,MISCHKE O,EISENBARTH T.Correlation-enhanced power analysis collision attack[C]//International Workshop on Cryptographic Hardware and Embedded Systems.2010:125-139.
[16]杜之波,吴震,王敏,等.针对SM4轮输出的改进型选择明文功耗分析攻击[J].通信学报,2015,36(10):85-91.DU Z B,WU Z,WANG M,et al.Improved chosen-plaintext power analysis attack against SM4 at the round-output[J].Journal on Communications,2015,36(10):85-91.
[17]王敏,杜之波,吴震,等.针对SMS4轮输出的选择明文能量析攻击[J].通信学报,2015,36(1):2015016.WANG M,DU Z B,WU Z,et al.Chosen-plaintext power analysis attack against SMS4 with the round-output as the intermediate data[J].Journal on Communications,2015,36(1):2015016.
[18]杜之波,吴震,王敏,等.针对SM4密码算法的多点联合能量分析攻击[J].计算机研究与发展,2016,53(10):2224-2229.DU Z B,WU Z,WANG M,et al.Multi-point joint power analysis attack against SM4[J].Journal of Computer Research and Development,2016,53(10):2224-2229.
[19]MANGARD S,OSWALD E,POPP T.Power analysis attacks:revealing the secrets of smart cards[M].Berlin:Springer,2008.
[20]杜之波,吴震,王敏,等.针对基于SM3的HMAC的能量分析攻击方法[J].通信学报,2016,37(5):38-43.DU Z B,WU Z,WANG M,et al.Power analysis attack of HMAC based on SM3[J].Journal on Communications,2016,37(5):38-43.