密码芯片系统集成关键技术研究
|
摘要
随着集成电路、物联网和密码技术的飞速发展,作为密码产品的核心部件,密码SoC[32,91] (System on a Chip)的性能、安全性和应用领域已成为信息安全发展水平的重要标志之一。虽然密码模块安全需求方面的规范标准已较为成熟,但具体的密码工程实现上的规范或约束尚属空白,密码产品、尤其是物联网产品缺少科学、准确的安全性评估标准,各种接口和总线频频出现安全问题,侧信道攻击技术发展势头迅猛。
遗憾地是,由于理论技术落后和缺乏监管力度等问题,许多公司的密码SoC都未经过严谨的安全性论证就推向了市场,致使它们的客户经济损失惨重,甚至一些通过国际权威认证的产品,其内部密码SoC也出现了严重的安全问题。2009年,IEEE Symposium on Security and Privacy最佳论文奖授予了Garcia等人,他们破解了全世界发行量高达数十亿张的Mifare Classic Card,该卡被破解的主要原因是芯片中的加密算法的密钥长度太短(48bit),以及错误处理时将暴露明文信息的设计漏洞。尽管国内一些专家声明“用户不必恐慌”[89],并声称国内上亿张Mifare Classic Card不会受到影响,但在2010年中国密码年会上,华南理工大学的密码学者们还是宣布破解了“羊城通”地铁卡。2010年,IEEE Symposium on Security and Privacy最佳论文奖授予了Murdoch等人[70],他们破解了英国人普遍使用的INGENICO 13300和Dione Xtreme两种口令输入设备PED (PIN Entry Device),尽管这两款终端都已经通过了VISA的PED评估。但是它们的防篡改设计并不完善,敌手通过对硬件设备的篡改监听到了密码SoC与Ic卡之间交换的未加密的数据,因而成功地伪造了银行卡。因密码SoC设计不当而造成泄密的事件屡见不鲜,如何科学地评估一个密码产品的安全性?本文将以密码SoC为核心给出一种安全性证明方案。
密码SoC与外部模块之间执行的交互协议会直接影响到密码产品的安全性,例如密码SoC的主要应用之一——保密U盘类产品目前面临着巨大安全威胁。2004年,FreeOTFE开发小组设计了移动存储设备管理软件来对U盘中的数据进行加密,但Windows用户态的加密面临着病毒、逆向工程等诸多威胁。2009年,Sophos公司采用口令对U盘的用户进行身份认证,却无法防止敌手将U盘中Flash芯片拆下,采用特定设备直接读取数据。2009年,CE-Infosys公司基于密码SoC设计了一套个人移动存储安全解决方案CompuSec Mobilc[21],它实现了存储加密和签名,但该产品仅面向个人用户,缺乏通用性。2010年,爱国者公司和Kingston公司分别推出了L8267安全版[8]保密U盘和DataTraveler5000保密U盘,均采用了口令认证和闪存加密,已经广泛推广使用,但其密码SoC设计方案并未公开,其外部USB总线很可能仍然存在安全漏洞。同年,Kingston公司对旗下三款DataTraveler保密型闪盘实施了召回,尽管它们中有的已经通过了FIPS 140-2 Level 2认证,但由于这些产品的驱动程序在处理口令时存在瑕疵,德国SySS公司编写了一套软件破解了其中的加密技术。目前,保密U盘产品存在着USB总线监听、大规模群组应用、腐化攻击等主要问题,本文将给出这三个问题的一种解决方案。
侧信道攻击是密码SoC遭遇的主要威胁之一,只要密码芯片存在,就有侧信道攻击的威胁。自1996年Kocher在美密会上提出了计时攻击[57]的概念以来,侧信道攻击领域得到迅猛发展,能量分析攻击是该领域最实际、最容易实现的攻击方法。1999年,Kocher提出了简单能量分析(SPA)、差分能量分析(DPA)和高阶差分能量分析的思想[58],同年,Goubin(?)(?)Chari分别提出了最早的掩码方案[22,39],以抵抗能量分析攻击。随后,2003年Schramm在FSE上提出的碰撞攻击[77]和2004年Brier在CHES上提出的相关能量分析成为近年来该方向的研究热点。掩码技术与各种能量分析攻击之问的对抗愈演愈烈,目前高阶DPA方法被公认为能够有效地攻击掩码实现,2005年,Joye等人设计了一种最优的二阶DPA方法,能够高效地破解AES算法的掩码实现。在碰撞攻击方法上,2008年Bogdanov提出了多组差分碰撞检测技术,然而,掩码技术仍然能很好地抵抗碰撞攻击,本文将提出一种碰撞检测模型,并对掩码进行有效的攻击。
近年来,密码产品的安全模型与工程实现规范、接口与应用协议的安全、密码算法实现的侧信道攻击等已成为密码SoC的关键技术问题,研究这些方向具有非常重要的实际意义。本文分别对密码产品的安全模型、保密U盘的攻击与防御、软件层密钥管理、能量分析攻击中的碰撞攻击与碰撞检测、密码算法可重构中的桶形移位器等技术进行了深入的研究,主要创新点可以概括为:
1.将自底向上的密码工程设计思想与通用可组合安全模型相结合,建立了以密码SoC为核心的密码产品的通用安全框架。提出了一种自底向上地证明由硬件、软件、协议构成的密码SoC、密码模块、密码产品的安全性的思想,并指出了密码模块之间的通用可组合特性。根据该安全评估模型,给出了一些密码SoC和密码产品的设计原则。
2.设计和实现了一种新型USB总线监听攻击方案,它能够有效地攻击市面上绝大多数保密U盘中密码SoC协议上的缺陷。归纳了目前保密U盘面临的总线监听威胁、群组应用问题、抗腐化攻击问题,相应地设计了一套以密码SoC为核心的群组保密U盘密码安全策略、以及一种具体的认证与密钥协商协议,有效地解决了这三个问题。
3.针对碰撞攻击难以破解密码SoC中算法的掩码实现的现状,提出了一种新的碰撞攻击区分模型,以AES算法的掩码实现为例设计了具体的攻击步骤。经过效率分析和实验得知,它能够有效地攻击2006年Herbst提出的AES算法掩码实现方案。此外,提出了“关键点投票法”和“二阶二元投票法”,以克服能量分析攻击的碰撞检测过程中面临的毛刺误差、关键点数量不足等问题。同时,对Bogdanov的“三元投票法”进行了改进,使碰撞检测的效率大大提高。
此外,本文提出了一种基于功能驱动程序的密钥管理机制,在抗腐化攻击、抗病毒、抗逆向工程等方面比传统应用层实现方法具有显著的优势;提出了适用于密码算法可重构设计的“三合一”桶形移位器,及其四种实现方案,与传统的“四合一”方案相比,延迟时间和面积均有大幅减少,在密码SoC中有较高应用价值。
With the development of cryptographic technology and integrated circuit, the per-formance, security, and application of cryptographic SoC (System on a Chip) which is the core component have become one of the most important marks of information security's development level. Although some specifications and standards for security requirements of cryptographic module have been published, there are few standards or constraint for the concrete cryptography engineering implementation. No scientific evaluation standards can be used for cryptographic device, that's why some interfaces and buses encounter all kinds of security problem and side channel attack technology develops rapidly.
Regrettably, because of the lag in technology and lack of supervision, some cryp-tographic devices are marketed without a rigorous security evaluation. As a result, their client suffers heavy losses. Even some devices which have passed international canonical certification also face a serious security problem. In 2009, Garcia et al. were awarded the best paper of IEEE Symposium on Security and Privacy because of their work of breaking the Mifare Classic Card whose circulation is up to several billion in the world. In 2010 cryptographic annual meeting of China, a cryptographer from South China University of Technology announced his group had broken the subway card used in Guangzhou. In 2010, Murdoch et al. were awarded the best paper of IEEE Sym-posium on Security and Privacy. They broke two well used PIN Entry Devices named INGENICO 13300 and Dione Xtreme in UK, though the two terminals have passed the certification of VISA. Because of their flaw of tamper resistant, an adversary can modify the device and monitor the non-encrypted data between the terminal and IC card.
With the exception of smart cards, secure USB flash disks face serious security threats. In 2004, FrceOTFE group designed mobile device management software to encrypt the USB disk, but there were too many threats such as virus and reverse en-gineering in Windows user mode. In 2009, Sophos Company employed password for authentication, but the adversary can still assemble the flash disk and read the data with the help of specific device. In 2009, CE-Infosys designed a personal mobile storage security solution CompuSec Mobile which implemented storage encryption and signa-ture, but this product was only for personal users and short of universality. In 2010, Aigo and Kingston respectively issued secure flash disk named L8267 secure version and DataTraveler 5000.Both of them adopted password authentication and flash en-cryption, which had been popularized widely. However, their design schemes were not made public, so there might be some security problems. In the same year, Kingston recalled three DataTraveler disk because their driver had some flaws which was broken by SySS Company. At present, secure USB disks encounter some problems:USB bus monitor, application for big group, and corruption attack.
Since Kocher proposed timing attack in Crypto'96, the side channel attacks against cryptographic device have developed rapidly. Power analysis attack is the most practical method in this field. In 1999, Simple Power Analysis, Differential Power Analysis, and High-order Differential Power Analysis were presented by Kocher. In the same year, Goubin and Chari respectively proposed the earliest masking schemes which could resist the power analysis attack. Soon after, the Collision Attack pro-posed by Schramm in FSE'03 and the Correlation Power Analysis proposed by Brier in CHES'04 became research hotspots in this direction. The counterwork between masking and power analysis attack has become very intense in recent years. In the present, high-order DPA is regarded as the best way against masking. In 2005, Joye et al. designed a optimal second-order DPA which can efficiently break the masked AES. In the direction of collision attack, Bogdanov presented Multiple-Differential Collision Attacks, but the masking is still against the collision attack effectively.
In the past few years, the security model of cryptographic SoC, cryptography engi-neering implementation standard, secure interface technology, and side channel attack have become important directions in cryptography engineering. The Research on these key technologies of cryptographic SoC has great significance. In this paper, we study security model of cryptographic device, attacks and countermeasures of secure USB flash disk, key management in software layer, collision attack and detection, and barrel shifter in cryptographic algorithm's reconfigurability in detail. The main innovations are as follows:
1. The bottom-up idea in cryptography engineering is combined with the univer-sally composable security model. A security proof idea which can prove the security of cryptographic module consisting of software, hardware, and proto-cols is presented. According to the security model, some design principles of cryptographic devices are given.
2. A USB bus monitor attack is designed and implemented, which can attack the overwhelming majority of USB flash disk effectively. Some problems such as monitored bus, application in big group, corruption attack, and so on are gen-eralized. Accordingly, a set of cryptographic security strategy for group secure flash disk and a concrete authenticated key exchange protocol are designed. As a result, the aforementioned three problems are solved effectively, and security evaluation and efficiency analysis are given.
3. A key management scheme based on function driver and its implementation tech-nology is proposed. After analysis, our scheme has a outstanding superiority for resisting virus, corruption, and reverse engineering, so the software implementa-tion of cryptography engineering has regulations to abide by.
4. In the situation that collision attack is hard to break the masking, a new distin-guisher for collision attack is presented. Taking the masked AES implementation for example, some concrete attack steps are designed. After the experiments and efficiency analysis, we can conclude that our scheme can attack the masked AES implementation scheme proposed by Herbst in 2006 effectively.
5. A method named key point voting test is proposed, which can overcome the problem of glitch and lack of key point in collision detection of power analysis. Accordingly, this method can be combined with Bogdanov's binary voting test in order to overcome the inaccuracy from glitch and voltage instability, which we called "second-order binary voting test". Then, we improve the trinary voting test of Bogdanov, which can increase the efficiency of collision detection.
6. After analyzing all kinds of block ciphers roundly, a "3-in-1" barrel shifter and its four implementation schemes are proposed. According to the synthesis and optimization in FPGA, we know that the time and area is reduced by 19.7% and 31.9% than the ones of classical "4-in-1" scheme respectively and the new schemes are of great practical use.
遗憾地是,由于理论技术落后和缺乏监管力度等问题,许多公司的密码SoC都未经过严谨的安全性论证就推向了市场,致使它们的客户经济损失惨重,甚至一些通过国际权威认证的产品,其内部密码SoC也出现了严重的安全问题。2009年,IEEE Symposium on Security and Privacy最佳论文奖授予了Garcia等人,他们破解了全世界发行量高达数十亿张的Mifare Classic Card,该卡被破解的主要原因是芯片中的加密算法的密钥长度太短(48bit),以及错误处理时将暴露明文信息的设计漏洞。尽管国内一些专家声明“用户不必恐慌”[89],并声称国内上亿张Mifare Classic Card不会受到影响,但在2010年中国密码年会上,华南理工大学的密码学者们还是宣布破解了“羊城通”地铁卡。2010年,IEEE Symposium on Security and Privacy最佳论文奖授予了Murdoch等人[70],他们破解了英国人普遍使用的INGENICO 13300和Dione Xtreme两种口令输入设备PED (PIN Entry Device),尽管这两款终端都已经通过了VISA的PED评估。但是它们的防篡改设计并不完善,敌手通过对硬件设备的篡改监听到了密码SoC与Ic卡之间交换的未加密的数据,因而成功地伪造了银行卡。因密码SoC设计不当而造成泄密的事件屡见不鲜,如何科学地评估一个密码产品的安全性?本文将以密码SoC为核心给出一种安全性证明方案。
密码SoC与外部模块之间执行的交互协议会直接影响到密码产品的安全性,例如密码SoC的主要应用之一——保密U盘类产品目前面临着巨大安全威胁。2004年,FreeOTFE开发小组设计了移动存储设备管理软件来对U盘中的数据进行加密,但Windows用户态的加密面临着病毒、逆向工程等诸多威胁。2009年,Sophos公司采用口令对U盘的用户进行身份认证,却无法防止敌手将U盘中Flash芯片拆下,采用特定设备直接读取数据。2009年,CE-Infosys公司基于密码SoC设计了一套个人移动存储安全解决方案CompuSec Mobilc[21],它实现了存储加密和签名,但该产品仅面向个人用户,缺乏通用性。2010年,爱国者公司和Kingston公司分别推出了L8267安全版[8]保密U盘和DataTraveler5000保密U盘,均采用了口令认证和闪存加密,已经广泛推广使用,但其密码SoC设计方案并未公开,其外部USB总线很可能仍然存在安全漏洞。同年,Kingston公司对旗下三款DataTraveler保密型闪盘实施了召回,尽管它们中有的已经通过了FIPS 140-2 Level 2认证,但由于这些产品的驱动程序在处理口令时存在瑕疵,德国SySS公司编写了一套软件破解了其中的加密技术。目前,保密U盘产品存在着USB总线监听、大规模群组应用、腐化攻击等主要问题,本文将给出这三个问题的一种解决方案。
侧信道攻击是密码SoC遭遇的主要威胁之一,只要密码芯片存在,就有侧信道攻击的威胁。自1996年Kocher在美密会上提出了计时攻击[57]的概念以来,侧信道攻击领域得到迅猛发展,能量分析攻击是该领域最实际、最容易实现的攻击方法。1999年,Kocher提出了简单能量分析(SPA)、差分能量分析(DPA)和高阶差分能量分析的思想[58],同年,Goubin(?)(?)Chari分别提出了最早的掩码方案[22,39],以抵抗能量分析攻击。随后,2003年Schramm在FSE上提出的碰撞攻击[77]和2004年Brier在CHES上提出的相关能量分析成为近年来该方向的研究热点。掩码技术与各种能量分析攻击之问的对抗愈演愈烈,目前高阶DPA方法被公认为能够有效地攻击掩码实现,2005年,Joye等人设计了一种最优的二阶DPA方法,能够高效地破解AES算法的掩码实现。在碰撞攻击方法上,2008年Bogdanov提出了多组差分碰撞检测技术,然而,掩码技术仍然能很好地抵抗碰撞攻击,本文将提出一种碰撞检测模型,并对掩码进行有效的攻击。
近年来,密码产品的安全模型与工程实现规范、接口与应用协议的安全、密码算法实现的侧信道攻击等已成为密码SoC的关键技术问题,研究这些方向具有非常重要的实际意义。本文分别对密码产品的安全模型、保密U盘的攻击与防御、软件层密钥管理、能量分析攻击中的碰撞攻击与碰撞检测、密码算法可重构中的桶形移位器等技术进行了深入的研究,主要创新点可以概括为:
1.将自底向上的密码工程设计思想与通用可组合安全模型相结合,建立了以密码SoC为核心的密码产品的通用安全框架。提出了一种自底向上地证明由硬件、软件、协议构成的密码SoC、密码模块、密码产品的安全性的思想,并指出了密码模块之间的通用可组合特性。根据该安全评估模型,给出了一些密码SoC和密码产品的设计原则。
2.设计和实现了一种新型USB总线监听攻击方案,它能够有效地攻击市面上绝大多数保密U盘中密码SoC协议上的缺陷。归纳了目前保密U盘面临的总线监听威胁、群组应用问题、抗腐化攻击问题,相应地设计了一套以密码SoC为核心的群组保密U盘密码安全策略、以及一种具体的认证与密钥协商协议,有效地解决了这三个问题。
3.针对碰撞攻击难以破解密码SoC中算法的掩码实现的现状,提出了一种新的碰撞攻击区分模型,以AES算法的掩码实现为例设计了具体的攻击步骤。经过效率分析和实验得知,它能够有效地攻击2006年Herbst提出的AES算法掩码实现方案。此外,提出了“关键点投票法”和“二阶二元投票法”,以克服能量分析攻击的碰撞检测过程中面临的毛刺误差、关键点数量不足等问题。同时,对Bogdanov的“三元投票法”进行了改进,使碰撞检测的效率大大提高。
此外,本文提出了一种基于功能驱动程序的密钥管理机制,在抗腐化攻击、抗病毒、抗逆向工程等方面比传统应用层实现方法具有显著的优势;提出了适用于密码算法可重构设计的“三合一”桶形移位器,及其四种实现方案,与传统的“四合一”方案相比,延迟时间和面积均有大幅减少,在密码SoC中有较高应用价值。
With the development of cryptographic technology and integrated circuit, the per-formance, security, and application of cryptographic SoC (System on a Chip) which is the core component have become one of the most important marks of information security's development level. Although some specifications and standards for security requirements of cryptographic module have been published, there are few standards or constraint for the concrete cryptography engineering implementation. No scientific evaluation standards can be used for cryptographic device, that's why some interfaces and buses encounter all kinds of security problem and side channel attack technology develops rapidly.
Regrettably, because of the lag in technology and lack of supervision, some cryp-tographic devices are marketed without a rigorous security evaluation. As a result, their client suffers heavy losses. Even some devices which have passed international canonical certification also face a serious security problem. In 2009, Garcia et al. were awarded the best paper of IEEE Symposium on Security and Privacy because of their work of breaking the Mifare Classic Card whose circulation is up to several billion in the world. In 2010 cryptographic annual meeting of China, a cryptographer from South China University of Technology announced his group had broken the subway card used in Guangzhou. In 2010, Murdoch et al. were awarded the best paper of IEEE Sym-posium on Security and Privacy. They broke two well used PIN Entry Devices named INGENICO 13300 and Dione Xtreme in UK, though the two terminals have passed the certification of VISA. Because of their flaw of tamper resistant, an adversary can modify the device and monitor the non-encrypted data between the terminal and IC card.
With the exception of smart cards, secure USB flash disks face serious security threats. In 2004, FrceOTFE group designed mobile device management software to encrypt the USB disk, but there were too many threats such as virus and reverse en-gineering in Windows user mode. In 2009, Sophos Company employed password for authentication, but the adversary can still assemble the flash disk and read the data with the help of specific device. In 2009, CE-Infosys designed a personal mobile storage security solution CompuSec Mobile which implemented storage encryption and signa-ture, but this product was only for personal users and short of universality. In 2010, Aigo and Kingston respectively issued secure flash disk named L8267 secure version and DataTraveler 5000.Both of them adopted password authentication and flash en-cryption, which had been popularized widely. However, their design schemes were not made public, so there might be some security problems. In the same year, Kingston recalled three DataTraveler disk because their driver had some flaws which was broken by SySS Company. At present, secure USB disks encounter some problems:USB bus monitor, application for big group, and corruption attack.
Since Kocher proposed timing attack in Crypto'96, the side channel attacks against cryptographic device have developed rapidly. Power analysis attack is the most practical method in this field. In 1999, Simple Power Analysis, Differential Power Analysis, and High-order Differential Power Analysis were presented by Kocher. In the same year, Goubin and Chari respectively proposed the earliest masking schemes which could resist the power analysis attack. Soon after, the Collision Attack pro-posed by Schramm in FSE'03 and the Correlation Power Analysis proposed by Brier in CHES'04 became research hotspots in this direction. The counterwork between masking and power analysis attack has become very intense in recent years. In the present, high-order DPA is regarded as the best way against masking. In 2005, Joye et al. designed a optimal second-order DPA which can efficiently break the masked AES. In the direction of collision attack, Bogdanov presented Multiple-Differential Collision Attacks, but the masking is still against the collision attack effectively.
In the past few years, the security model of cryptographic SoC, cryptography engi-neering implementation standard, secure interface technology, and side channel attack have become important directions in cryptography engineering. The Research on these key technologies of cryptographic SoC has great significance. In this paper, we study security model of cryptographic device, attacks and countermeasures of secure USB flash disk, key management in software layer, collision attack and detection, and barrel shifter in cryptographic algorithm's reconfigurability in detail. The main innovations are as follows:
1. The bottom-up idea in cryptography engineering is combined with the univer-sally composable security model. A security proof idea which can prove the security of cryptographic module consisting of software, hardware, and proto-cols is presented. According to the security model, some design principles of cryptographic devices are given.
2. A USB bus monitor attack is designed and implemented, which can attack the overwhelming majority of USB flash disk effectively. Some problems such as monitored bus, application in big group, corruption attack, and so on are gen-eralized. Accordingly, a set of cryptographic security strategy for group secure flash disk and a concrete authenticated key exchange protocol are designed. As a result, the aforementioned three problems are solved effectively, and security evaluation and efficiency analysis are given.
3. A key management scheme based on function driver and its implementation tech-nology is proposed. After analysis, our scheme has a outstanding superiority for resisting virus, corruption, and reverse engineering, so the software implementa-tion of cryptography engineering has regulations to abide by.
4. In the situation that collision attack is hard to break the masking, a new distin-guisher for collision attack is presented. Taking the masked AES implementation for example, some concrete attack steps are designed. After the experiments and efficiency analysis, we can conclude that our scheme can attack the masked AES implementation scheme proposed by Herbst in 2006 effectively.
5. A method named key point voting test is proposed, which can overcome the problem of glitch and lack of key point in collision detection of power analysis. Accordingly, this method can be combined with Bogdanov's binary voting test in order to overcome the inaccuracy from glitch and voltage instability, which we called "second-order binary voting test". Then, we improve the trinary voting test of Bogdanov, which can increase the efficiency of collision detection.
6. After analyzing all kinds of block ciphers roundly, a "3-in-1" barrel shifter and its four implementation schemes are proposed. According to the synthesis and optimization in FPGA, we know that the time and area is reduced by 19.7% and 31.9% than the ones of classical "4-in-1" scheme respectively and the new schemes are of great practical use.
引文
[1]M. Akkar, R. Bevan, P. Dischamp, D. Moyart, Power Analysis, What Is Now Possible.. ASIACRYPT 2000, LNCS, vol.1976, pp.489-502, Springer, Heidelberg,2000.
[2]M. Akkar, C. Giraud, An Implementation of DES and AES, Secure against Some Attacks. CHES 2001, LNCS, vol.2162, pp.309-318, Springer, Heidelberg,2001.
[3]M. Akkar, L. Goubin, A Generic Protection against High-Order Differential Power Analy-sis. FSE 2003, LNCS, vol.2887, pp.192-205, Springer, Heidelberg,2003.
[4]J. H. Allen, S. Barnum, R. J. Ellison, G. McGraw, N. R. Mead, Software Security Engineer-ing:A Guide for Project Managers. Addison-Wesley Professional,2008.
[5]Altera, Product Specification:Cyclone FPGA Family Data Sheet, http://www.altera.com, 2003.
[6]R. J. Anderson, Security Engineering:A Guide to Building Dependable Distributed Sys-terns. Wiley,2003.
[7]E. Barker, W. Barker, W. Burr, W. Polk, M. Smid, Recommendation for Key Management-Part 1:General (Revised), NIST Special Publication 800-57, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf,2007.
[8]Beijing Huaqi Information Digital Technology Company, Introduction of Aigo USB Flash Disk L8267 Secure Version. http://www.aigo.com/ProductInformation-867.aspx,2010.
[9]D. E. Bell, L. J. LaPadula, Secure Computer System:A Mathematical Model. Hanscom AFB, Bedford, MA, Rep. ESD-TR-73-278, vol.2, ESD/AFSC,1973.
[10]M. Bellare, P. Rogaway, Random Oracles Are Practical:A Paradigm for Designing efficient protocols. First ACM conference on Computer and Communications Security, pp.62-73, ACM press, New York,1993.
[11]K. J. Biba, Integrity Considerations for Secure Computer Systems. ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA,1977.
[12]E. Biham, A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems. Crypto 97, LNCS, vol.1294, pp.513-525, Springer, Heidelberg,1997.
[13]A. Bogdanov, Improved Side-Channel Collision Attacks on AES. SAC 2007, LNCS, vol. 4876, pp.84-95, Springer, Heidelberg,2007.
[14]A. Bogdanov, Multiple-Differential Side-Channel Collision Attacks on AES. CHES 2008, LNCS, vol.5154, pp.30-44, Springer, Heidelberg,2008.
[15]E. Brier, C. Clavier, F. Olivier, Correlation Power Analysis with a Leakage Model. CHES 2004, LNCS, vol.3156, pp.16-29, Springer, Heidelberg,2004.
[16]M. Burrow, M. Abadi, R. Needham, A Logic of Authentication. Proceedings of the Royal Society of London, Series A, Mathematical and Physical Sciences, Vol.426, Issue 1871, pp.233-271,1989.
[17]R. Canetti, Universal Composable Security:A New Paradigm for Cryptographic Protocols. 42nd Annual Syposium on Foundations of Computer Science, pp.136-145,2001.
[18]R. Canetti, S. Chari, S. Halevi, B. Pfitzmann, et al., Composable Security Analysis of OS Services. Cryptology ePrint Archive, http://eprint.iacr.org/2010/213.pdf,2010.
[19]R. Canetti, S. Halevi, J. Katz, Y. Lindell, P. MacKenzie, Universally Composable Password-Based Key Exchange. EUROCRYPT 2005, LNCS, vol.3494, pp.404-421, Springer, Hei-delberg,2005.
[20]R. Canetti, H. Krawczyk, Universally Composable Notions of Key Exchange and Secure Channels. Eurocrypt 2002, LNCS, vol.2332, pp.337-351, Springer, Heidelberg,2002.
[21]CE-Infosys, Data Sheet of CompuSec Mobile Hardware Security for Notebooks. http://www.ce-infosys.com.sg/english/pdf/datasheets/CompuSec_Mobile.pdf,2009.
[22]S. Chari, C. Jutla, J. Rao, P. Rohatgi, Towards Sound Approaches to Counteract Power-Analysis Attacks. CRYPTO 1999, LNCS, vol.1666, pp.398-412, Springer, Heidelberg, 1999.
[23]S. Chari, J. R. Rao, P. Rohatgi, Template Attacks. CHES 2002, LNCS, vol.2523, pp.13-28, Springer, Heidelberg,2003.
[24]H. Chen, D. Wagner, MOPS:An Infrastructure for Examining Security Properties of Soft-ware. Proceedings of the 9th ACM conference on Computer and communications security, pp.235-244, ACM Press, New York,2002.
[25]Common Criteria Project/ISO, Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/TEC 15408). http://www.commoncriteria.org,1999.
[26]Compaq, Hewlett-Packard, Intel, Lucent, Microsoft, NEC, Philips, Universal serial bus specification revision 2.0. http://www.usb.org/developers/docs,2000.
[27]Y. G. Desmedt, Threshold Cryptography. European Transactions on Telecommunications, vol.5, No.4, pp.449-457,1994.
[28]Y. Desmedt, Y. Frankel, Threshold Cryptosystems. Crypto 1989, pp.307-315, Springer, Heidelberg,1989.
[29]D. Dolev, A. Yao:On the Security of Public Key Protocols. IEEE Trans on Information Theory, vol.29, No.2, pp.198-208, IEEE Press, New York,1983.
[30]EMC Corporation, RSA Key Manager and Tokenization, http://www.rsa.com/products/envision/success/10530_MEDFUS_CP_1109.pdf,2009.
[31]T. Espiner, Kingston Flash Drives Suffer Password Flaw. ZDNet UK, http://www.zdnet.co.uk/news/security-threats/2010/01/04,2010.
[32]N. Ferguson, B. Schneier, T. Kohno, Cryptography Engineering:Design Principles and Practical Applications. Wiley,2010.
[33]J. Foster, Sockets, Shellcode, Porting, and Coding:Reverse Engineering Exploits and Tool Coding for Security Professionals. Syngress,2005.
[34]FreeOTFE Develop Group, FreeOTFE User Manual. http://www.freeotfe.org/user-manual.html,2004.
[35]F. Garcia, P. Rossum, R. Vcrdult, R. Schreur, Wirelessly Pickpocketing a Mifare Classic Card.30th IEEE Symposium on Security and Privacy, pp.3-15,2009.
[36]J. Gebusia, Data Encryption on File Servers. Securing Electronic Business Processes, Vieweg, pp.38-48,2007.
[37]O. Goldreich, Foundations of Cryptography. Weizmann Inst. of Science,1995.
[38]S. Goldwasser, S. Micali, C.Rackoff, The knowledge Complexity of Interactive Proof Sys-tems, SIAM Journal on Comput., Vol 18, No.1, pp.186-208,1989.
[39]L. Goubin, J. Patarin, DES and Differential Power Analysis-The Duplication Method. CHES 1999, LNCS, vol.1717, pp.158-172, Springer, Heidelberg,1999.
[40]R. Hartenstein, A Decade of Reconfigurable Computing:A Visionary Retrospective. Pro-ceedings of the Conference on Design, Automation and Test in Europe, pp.642-649, IEEE Press, Piscataway, NJ,2001.
[41]C. Herbst, E. Oswald, S. Mangard, An AES Smart Card Implementation Resistant to Power Analysis Attacks, ACNS 2006, LNCS, vol.3989, pp.239-252, Springer, Heidelberg,2006.
[42]Y. Hilewitz, Advanced Bit Manipulation Instructions:Architecture, Implementation, and Applications," PhD Dissertation, Princeton University,2008.
[43]S. Hirose, K. Matsuura, Key Agreement Protocols Resistant to a Denial-of-service Attack, IEICE Transactions on Information and Systems, E84D (4), pp.477-484,2001.
[44]J. Hu, X. Shen, VHDL Implementation of Barrel Shifter Based on Partial Decoding Mode. Microelectronics and Computer, vol.20, No.2, pp.34-35,2003.
[45]Industrial and Commercial Bank of China Limited, Operating Guide of the Second Gener-ation U-Shield, http://www.icbc.com.cn/ICBC/html/download/dkq/khzsazsc_tdr.doc,2010.
[46]Infineon, Datasheet of SLE66C42P and SLE66CLX641P, http://www.infineon.com/cms/en/product/index.html,2001.
[47]ISO/IEC, Identification Cards-Integrated Circuit Cards-Part 8:Commands for Security Operations. ISO/IEC 7816-8:2004,2004.
[48]ISO/IEC, Information technology-Identification cards - Integrated circuit(s) cards with contacts-Part 4:Interindustry commands for interchange. ISO/IEC 7816-4:1995,1995.
[49]ISO/IEC, Information Technology-Security Techniques-Encryption Algorithms-Part 3:Block Ciphers. ISO/IEC 18033-3,2005.
[50]D. Johnson, A. Menezes, S. Vanstone, The Elliptic Curve Digital Signature Algorithm (ECDSA), International Journal of Information Security,1(1), pp:36-63, Springer, Hei-delberg,2001.
[51]M. Joye, P. Paillier, B. Schoenmakers, On Second-Order Differential Power Analysis. CHES 2005, LNCS, vol.3659, pp.293-308, Springer, Heidelberg,2005.
[52]J. Katz, Universally Composable Multi-party Computation Using Tamper-Proof Hardware. EUROCRYPT 2007, LNCS, vol.4515, pp.115-128, Springer, Heidelberg,2007.
[53]C. Kaufman, Internet Key Exchange (IKEv2) Protocol, http://tools.ietf.org/rfc/rfc4306.txt, 2005.
[54]A. Kaycm, S. Akl, P. Martin, Adaptive Cryptographic Access Control, Springer, Heidel-berg,2010.
[55]Kingston Technology Corporation, DataTravcler Family-USB Flash Drives. http://www.kingston.com/flash/datatraveler_home.asp,2010.
[56]N. Koblitz, A. Menezes, Another Look at Provable Security. Journal of Cryptology, vol.20, pp.3-37,2007.
[57]P. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. Crypto 96, pp.104-113, Springer, Heidelberg,1996.
[58]P. Kocher, J. Jaffe, B, Jun, Differential Power Analysis, Crypto 1999, LNCS, vol.1666, pp. 388-397, Springer, Heidelberg,1999.
[59]H. Krawczyk, SIGMA:The "SIGn-and-Mac" Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols. CRYTPO 2003, LNCS, vol.2729, pp.400-425, Springer, Heidelberg,2003.
[60]W. S. Liao, P. A. Hsiung, FVP:a Formal Verification Platform for SoC. Proceeding of IEEE. International SOC Conference, pp.21-24, IEEE Press, New York,2003.
[61]W. Marrero, E. Clarke, S. Jha, Model Checking for Cryptographic Protocols. Proc of DI-MACS Workshop on Design and Formal Verification of Security Protocols, Piscataway, NJ, pp.147-166,1997.
[62]S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks:Revealing the Secrets of Smart Cards. Springer, Heidelberg,2007.
[63]W. Mao, Modern Cryptography:Theory and Practice. Prentice-Hall, PTR,2004.
[64]D. Mazieres, M. Kaminsky, M. F. Kaashoek, E. Witchel, Separating Key Management from File System Security. ACM SIGOPS Operating Systems Review, Vol.33, No.5, pp.124-139,1999.
[65]A.J. Mcnczes, P.C. Van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, Boca Raton,1997.
[66]T.S. Messerges, Securing the AES Finalist Against Power Analysis Attacks. FSE 2000, LNCS, vol.1978, pp.150-164, Springer, Heidelberg,2000.
[67]Microsoft, Microsoft CryptoAPI and Cryptographic Service Providers. http://technet.microsoft.com/en-us/library/cc962093.aspx,2000.
[68]A. Moradi, O. Mischke, T. Eisenbarth, Correlation-Enhanced Power Analysis Collision Attack. CHES 2010, LNCS, vol.6225, pp.125-139, Springer, Heidelberg,2010.
[69]Motorola, Datasheet of MPC180, http://www.motorolasolutions.com/US-EN,2001.
[70]S. Murdoch, S. Drimer, R. Anderson, M. Bond, Chip and PIN is Broken. IEEE Symposium on Security and Privacy, pp.433-446, IEEE Press, New York,2010.
[71]National Institute of Standards and Technology, FTPS 140-2:Security Requirement for Cryptogoraphic Modules, http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, 2001.
[72]E. Oswald, S. Mangard, C. Hcrbst, S. Tillich, Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. CT-RSA 2006, LNCS, vol.3860, pp.192-207, Springer, Heidelberg,2006.
[73]Philips Semiconductor, Data Sheet of PDIUSBP11A Universal Serial Bus Transceiver. http://www.semiconductors.philips.com/documents/data_sheet/PDTUSBP11A_3.pdf,2001.
[74]M.R. Pillmeier, M.J. Schulte, E.G. Walters Ⅲ, Design Alternatives for Barrel Shifters. Pro-ceedings of SPIE:Advanced Signal Processing Algorithms, Architectures, and Implemen-tations Ⅻ, vol.4791, pp.436-447, Seattle, Washington,2002.
[75]S. Ravi, A. Raghunathan, P. Kocher, S. Hattangady, Security in Embedded Systems:Design Challenges. ACM Transactions on Embedded Computing Systems, Volume 3, Issue 3, pp. 461-491, New York,2004..
[76]K. Schramm, G. Leander, P. Felke, C. Paar, A Collision-Attack on AES Combining Side Channel-and Differential-Attack. CHES 2004, LNCS, vol.3156, pp.163-175, Springer, Heidelberg,2004.
[77]K. Schramm, T. Wollinger, C. Paar, A New Class of Collision Attacks and Its Application to DES. FSE 2003, LNCS, vol.2887, pp.206-222, Springer, Heidelberg,2003.
[78]J. Silverman, Advanced Topics in the Arithmetic of Elliptic Curves. Springer, Heidelberg, 2010.
[79]Sophos Plc, Data Sheet of Safe Guard Removable Media. http://www.sophos.com/sophos/docs/eng/factshts/sophos-safeguard-removablemedia-dsus.pdf,2009.
[80]A. Sveshnikov, R. Silverman, Problems in Probability Theory, Mathematical Statistics and Theory of Random Functions. Dover Publications, New York,1979.
[81]Syss, Cryptographically Secure? SySS Cracks a USB Flash Drive, http://www.syss.de, 2010.
[82]Visa International, Visa Integrated Circuit Card-Card Specification, Version 1.4.0. http://www.scardsoft.com/documents/VISA/ICC_Card.pdf,2001.
[83]P. Viscarola, Windows NT device driver development,1st edition. USA CA:New Riders Publishing,1998.
[84]Wikipedia, Internet of Things. http://en.wikipedia.org/wiki/Internet_of_Things,2011.
[85]X. Yu, T. Meng, Z. Dai, X. Yang, Design and Implementation of Reconfigurable Shift Unit using FPGAs. Proceedings of International Symposium on Pervasive Computing and Applications, pp.543-545,2006.
[86]J. Zhan, N. Sang, G. Xiong, Formal Co-verification for SoC Design with Colored Petri Net. Embedded Software and Systems 2005, LNCS, vol.3605, pp.188-195, Springer, Heidel-berg,2005.
[87]白国强,陈弘毅等,高速椭圆曲线密码专用芯片THECC/233-100,国家科技成果数据库,2005。
[88]郭炜,郭筝,谢憬,SoC设计方法与实现,电子工业出版社,北京,2007。
[89]慧聪网,专家深度剖析非接触式IC卡片应用安全性,http://info.secu.hc360.com/2009/04/210847155132.shtml,2009。
[90]劳动和社会保障部,社会保障(个人)卡规范,LB002-2000,2000.
[91]李峥,张鲁国,刘彦峰,密码工程基础。电子技术学院出版社,郑州,2008。
[92]茆诗松,概率论与数理统计(第三版),中国统计出版社,北京,2007。
[93]天一集成,IC芯片,ECC密码算法芯片及IP核。http://www.aone.cn/chanpin.asp?id=3,2005。
[94]钱学森,科学的艺术与艺术的科学。人民文学出版社,北京,1994。
[95]唐韶华,对“羊城通”地铁卡的实际攻击。http://www.cacrnet.org.cn/upload/fckeditor/芯片论坛PPT.rar,2010。
[96]严蔚敏,吴伟民,数据结构。清华大学出版社,北京,2000。
[97]叶世芬,安全芯片物理防护研究。杭州:浙江大学,2005。
[98]中国广播网,黑客冒充网银血洗数千万资金,消费者切记细核信息。http://www.cnr.cn/jingji/315/gz/201103/t20110315_507793495.html,2011。
[99]周润景,基于Quartus Ⅱ的数字系统Verilog HDL设计实例详解。电子工业出版社,北京,2010。
[100]朱燕,木马“踏破”网银U盾,30秒窃30万。新京报电子版2011年04月15日,2011。
[2]M. Akkar, C. Giraud, An Implementation of DES and AES, Secure against Some Attacks. CHES 2001, LNCS, vol.2162, pp.309-318, Springer, Heidelberg,2001.
[3]M. Akkar, L. Goubin, A Generic Protection against High-Order Differential Power Analy-sis. FSE 2003, LNCS, vol.2887, pp.192-205, Springer, Heidelberg,2003.
[4]J. H. Allen, S. Barnum, R. J. Ellison, G. McGraw, N. R. Mead, Software Security Engineer-ing:A Guide for Project Managers. Addison-Wesley Professional,2008.
[5]Altera, Product Specification:Cyclone FPGA Family Data Sheet, http://www.altera.com, 2003.
[6]R. J. Anderson, Security Engineering:A Guide to Building Dependable Distributed Sys-terns. Wiley,2003.
[7]E. Barker, W. Barker, W. Burr, W. Polk, M. Smid, Recommendation for Key Management-Part 1:General (Revised), NIST Special Publication 800-57, http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf,2007.
[8]Beijing Huaqi Information Digital Technology Company, Introduction of Aigo USB Flash Disk L8267 Secure Version. http://www.aigo.com/ProductInformation-867.aspx,2010.
[9]D. E. Bell, L. J. LaPadula, Secure Computer System:A Mathematical Model. Hanscom AFB, Bedford, MA, Rep. ESD-TR-73-278, vol.2, ESD/AFSC,1973.
[10]M. Bellare, P. Rogaway, Random Oracles Are Practical:A Paradigm for Designing efficient protocols. First ACM conference on Computer and Communications Security, pp.62-73, ACM press, New York,1993.
[11]K. J. Biba, Integrity Considerations for Secure Computer Systems. ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA,1977.
[12]E. Biham, A. Shamir, Differential Fault Analysis of Secret Key Cryptosystems. Crypto 97, LNCS, vol.1294, pp.513-525, Springer, Heidelberg,1997.
[13]A. Bogdanov, Improved Side-Channel Collision Attacks on AES. SAC 2007, LNCS, vol. 4876, pp.84-95, Springer, Heidelberg,2007.
[14]A. Bogdanov, Multiple-Differential Side-Channel Collision Attacks on AES. CHES 2008, LNCS, vol.5154, pp.30-44, Springer, Heidelberg,2008.
[15]E. Brier, C. Clavier, F. Olivier, Correlation Power Analysis with a Leakage Model. CHES 2004, LNCS, vol.3156, pp.16-29, Springer, Heidelberg,2004.
[16]M. Burrow, M. Abadi, R. Needham, A Logic of Authentication. Proceedings of the Royal Society of London, Series A, Mathematical and Physical Sciences, Vol.426, Issue 1871, pp.233-271,1989.
[17]R. Canetti, Universal Composable Security:A New Paradigm for Cryptographic Protocols. 42nd Annual Syposium on Foundations of Computer Science, pp.136-145,2001.
[18]R. Canetti, S. Chari, S. Halevi, B. Pfitzmann, et al., Composable Security Analysis of OS Services. Cryptology ePrint Archive, http://eprint.iacr.org/2010/213.pdf,2010.
[19]R. Canetti, S. Halevi, J. Katz, Y. Lindell, P. MacKenzie, Universally Composable Password-Based Key Exchange. EUROCRYPT 2005, LNCS, vol.3494, pp.404-421, Springer, Hei-delberg,2005.
[20]R. Canetti, H. Krawczyk, Universally Composable Notions of Key Exchange and Secure Channels. Eurocrypt 2002, LNCS, vol.2332, pp.337-351, Springer, Heidelberg,2002.
[21]CE-Infosys, Data Sheet of CompuSec Mobile Hardware Security for Notebooks. http://www.ce-infosys.com.sg/english/pdf/datasheets/CompuSec_Mobile.pdf,2009.
[22]S. Chari, C. Jutla, J. Rao, P. Rohatgi, Towards Sound Approaches to Counteract Power-Analysis Attacks. CRYPTO 1999, LNCS, vol.1666, pp.398-412, Springer, Heidelberg, 1999.
[23]S. Chari, J. R. Rao, P. Rohatgi, Template Attacks. CHES 2002, LNCS, vol.2523, pp.13-28, Springer, Heidelberg,2003.
[24]H. Chen, D. Wagner, MOPS:An Infrastructure for Examining Security Properties of Soft-ware. Proceedings of the 9th ACM conference on Computer and communications security, pp.235-244, ACM Press, New York,2002.
[25]Common Criteria Project/ISO, Common Criteria for Information Technology Security Evaluation Version 2.1 (ISO/TEC 15408). http://www.commoncriteria.org,1999.
[26]Compaq, Hewlett-Packard, Intel, Lucent, Microsoft, NEC, Philips, Universal serial bus specification revision 2.0. http://www.usb.org/developers/docs,2000.
[27]Y. G. Desmedt, Threshold Cryptography. European Transactions on Telecommunications, vol.5, No.4, pp.449-457,1994.
[28]Y. Desmedt, Y. Frankel, Threshold Cryptosystems. Crypto 1989, pp.307-315, Springer, Heidelberg,1989.
[29]D. Dolev, A. Yao:On the Security of Public Key Protocols. IEEE Trans on Information Theory, vol.29, No.2, pp.198-208, IEEE Press, New York,1983.
[30]EMC Corporation, RSA Key Manager and Tokenization, http://www.rsa.com/products/envision/success/10530_MEDFUS_CP_1109.pdf,2009.
[31]T. Espiner, Kingston Flash Drives Suffer Password Flaw. ZDNet UK, http://www.zdnet.co.uk/news/security-threats/2010/01/04,2010.
[32]N. Ferguson, B. Schneier, T. Kohno, Cryptography Engineering:Design Principles and Practical Applications. Wiley,2010.
[33]J. Foster, Sockets, Shellcode, Porting, and Coding:Reverse Engineering Exploits and Tool Coding for Security Professionals. Syngress,2005.
[34]FreeOTFE Develop Group, FreeOTFE User Manual. http://www.freeotfe.org/user-manual.html,2004.
[35]F. Garcia, P. Rossum, R. Vcrdult, R. Schreur, Wirelessly Pickpocketing a Mifare Classic Card.30th IEEE Symposium on Security and Privacy, pp.3-15,2009.
[36]J. Gebusia, Data Encryption on File Servers. Securing Electronic Business Processes, Vieweg, pp.38-48,2007.
[37]O. Goldreich, Foundations of Cryptography. Weizmann Inst. of Science,1995.
[38]S. Goldwasser, S. Micali, C.Rackoff, The knowledge Complexity of Interactive Proof Sys-tems, SIAM Journal on Comput., Vol 18, No.1, pp.186-208,1989.
[39]L. Goubin, J. Patarin, DES and Differential Power Analysis-The Duplication Method. CHES 1999, LNCS, vol.1717, pp.158-172, Springer, Heidelberg,1999.
[40]R. Hartenstein, A Decade of Reconfigurable Computing:A Visionary Retrospective. Pro-ceedings of the Conference on Design, Automation and Test in Europe, pp.642-649, IEEE Press, Piscataway, NJ,2001.
[41]C. Herbst, E. Oswald, S. Mangard, An AES Smart Card Implementation Resistant to Power Analysis Attacks, ACNS 2006, LNCS, vol.3989, pp.239-252, Springer, Heidelberg,2006.
[42]Y. Hilewitz, Advanced Bit Manipulation Instructions:Architecture, Implementation, and Applications," PhD Dissertation, Princeton University,2008.
[43]S. Hirose, K. Matsuura, Key Agreement Protocols Resistant to a Denial-of-service Attack, IEICE Transactions on Information and Systems, E84D (4), pp.477-484,2001.
[44]J. Hu, X. Shen, VHDL Implementation of Barrel Shifter Based on Partial Decoding Mode. Microelectronics and Computer, vol.20, No.2, pp.34-35,2003.
[45]Industrial and Commercial Bank of China Limited, Operating Guide of the Second Gener-ation U-Shield, http://www.icbc.com.cn/ICBC/html/download/dkq/khzsazsc_tdr.doc,2010.
[46]Infineon, Datasheet of SLE66C42P and SLE66CLX641P, http://www.infineon.com/cms/en/product/index.html,2001.
[47]ISO/IEC, Identification Cards-Integrated Circuit Cards-Part 8:Commands for Security Operations. ISO/IEC 7816-8:2004,2004.
[48]ISO/IEC, Information technology-Identification cards - Integrated circuit(s) cards with contacts-Part 4:Interindustry commands for interchange. ISO/IEC 7816-4:1995,1995.
[49]ISO/IEC, Information Technology-Security Techniques-Encryption Algorithms-Part 3:Block Ciphers. ISO/IEC 18033-3,2005.
[50]D. Johnson, A. Menezes, S. Vanstone, The Elliptic Curve Digital Signature Algorithm (ECDSA), International Journal of Information Security,1(1), pp:36-63, Springer, Hei-delberg,2001.
[51]M. Joye, P. Paillier, B. Schoenmakers, On Second-Order Differential Power Analysis. CHES 2005, LNCS, vol.3659, pp.293-308, Springer, Heidelberg,2005.
[52]J. Katz, Universally Composable Multi-party Computation Using Tamper-Proof Hardware. EUROCRYPT 2007, LNCS, vol.4515, pp.115-128, Springer, Heidelberg,2007.
[53]C. Kaufman, Internet Key Exchange (IKEv2) Protocol, http://tools.ietf.org/rfc/rfc4306.txt, 2005.
[54]A. Kaycm, S. Akl, P. Martin, Adaptive Cryptographic Access Control, Springer, Heidel-berg,2010.
[55]Kingston Technology Corporation, DataTravcler Family-USB Flash Drives. http://www.kingston.com/flash/datatraveler_home.asp,2010.
[56]N. Koblitz, A. Menezes, Another Look at Provable Security. Journal of Cryptology, vol.20, pp.3-37,2007.
[57]P. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. Crypto 96, pp.104-113, Springer, Heidelberg,1996.
[58]P. Kocher, J. Jaffe, B, Jun, Differential Power Analysis, Crypto 1999, LNCS, vol.1666, pp. 388-397, Springer, Heidelberg,1999.
[59]H. Krawczyk, SIGMA:The "SIGn-and-Mac" Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols. CRYTPO 2003, LNCS, vol.2729, pp.400-425, Springer, Heidelberg,2003.
[60]W. S. Liao, P. A. Hsiung, FVP:a Formal Verification Platform for SoC. Proceeding of IEEE. International SOC Conference, pp.21-24, IEEE Press, New York,2003.
[61]W. Marrero, E. Clarke, S. Jha, Model Checking for Cryptographic Protocols. Proc of DI-MACS Workshop on Design and Formal Verification of Security Protocols, Piscataway, NJ, pp.147-166,1997.
[62]S. Mangard, E. Oswald, T. Popp, Power Analysis Attacks:Revealing the Secrets of Smart Cards. Springer, Heidelberg,2007.
[63]W. Mao, Modern Cryptography:Theory and Practice. Prentice-Hall, PTR,2004.
[64]D. Mazieres, M. Kaminsky, M. F. Kaashoek, E. Witchel, Separating Key Management from File System Security. ACM SIGOPS Operating Systems Review, Vol.33, No.5, pp.124-139,1999.
[65]A.J. Mcnczes, P.C. Van Oorschot, S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, Boca Raton,1997.
[66]T.S. Messerges, Securing the AES Finalist Against Power Analysis Attacks. FSE 2000, LNCS, vol.1978, pp.150-164, Springer, Heidelberg,2000.
[67]Microsoft, Microsoft CryptoAPI and Cryptographic Service Providers. http://technet.microsoft.com/en-us/library/cc962093.aspx,2000.
[68]A. Moradi, O. Mischke, T. Eisenbarth, Correlation-Enhanced Power Analysis Collision Attack. CHES 2010, LNCS, vol.6225, pp.125-139, Springer, Heidelberg,2010.
[69]Motorola, Datasheet of MPC180, http://www.motorolasolutions.com/US-EN,2001.
[70]S. Murdoch, S. Drimer, R. Anderson, M. Bond, Chip and PIN is Broken. IEEE Symposium on Security and Privacy, pp.433-446, IEEE Press, New York,2010.
[71]National Institute of Standards and Technology, FTPS 140-2:Security Requirement for Cryptogoraphic Modules, http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf, 2001.
[72]E. Oswald, S. Mangard, C. Hcrbst, S. Tillich, Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers. CT-RSA 2006, LNCS, vol.3860, pp.192-207, Springer, Heidelberg,2006.
[73]Philips Semiconductor, Data Sheet of PDIUSBP11A Universal Serial Bus Transceiver. http://www.semiconductors.philips.com/documents/data_sheet/PDTUSBP11A_3.pdf,2001.
[74]M.R. Pillmeier, M.J. Schulte, E.G. Walters Ⅲ, Design Alternatives for Barrel Shifters. Pro-ceedings of SPIE:Advanced Signal Processing Algorithms, Architectures, and Implemen-tations Ⅻ, vol.4791, pp.436-447, Seattle, Washington,2002.
[75]S. Ravi, A. Raghunathan, P. Kocher, S. Hattangady, Security in Embedded Systems:Design Challenges. ACM Transactions on Embedded Computing Systems, Volume 3, Issue 3, pp. 461-491, New York,2004..
[76]K. Schramm, G. Leander, P. Felke, C. Paar, A Collision-Attack on AES Combining Side Channel-and Differential-Attack. CHES 2004, LNCS, vol.3156, pp.163-175, Springer, Heidelberg,2004.
[77]K. Schramm, T. Wollinger, C. Paar, A New Class of Collision Attacks and Its Application to DES. FSE 2003, LNCS, vol.2887, pp.206-222, Springer, Heidelberg,2003.
[78]J. Silverman, Advanced Topics in the Arithmetic of Elliptic Curves. Springer, Heidelberg, 2010.
[79]Sophos Plc, Data Sheet of Safe Guard Removable Media. http://www.sophos.com/sophos/docs/eng/factshts/sophos-safeguard-removablemedia-dsus.pdf,2009.
[80]A. Sveshnikov, R. Silverman, Problems in Probability Theory, Mathematical Statistics and Theory of Random Functions. Dover Publications, New York,1979.
[81]Syss, Cryptographically Secure? SySS Cracks a USB Flash Drive, http://www.syss.de, 2010.
[82]Visa International, Visa Integrated Circuit Card-Card Specification, Version 1.4.0. http://www.scardsoft.com/documents/VISA/ICC_Card.pdf,2001.
[83]P. Viscarola, Windows NT device driver development,1st edition. USA CA:New Riders Publishing,1998.
[84]Wikipedia, Internet of Things. http://en.wikipedia.org/wiki/Internet_of_Things,2011.
[85]X. Yu, T. Meng, Z. Dai, X. Yang, Design and Implementation of Reconfigurable Shift Unit using FPGAs. Proceedings of International Symposium on Pervasive Computing and Applications, pp.543-545,2006.
[86]J. Zhan, N. Sang, G. Xiong, Formal Co-verification for SoC Design with Colored Petri Net. Embedded Software and Systems 2005, LNCS, vol.3605, pp.188-195, Springer, Heidel-berg,2005.
[87]白国强,陈弘毅等,高速椭圆曲线密码专用芯片THECC/233-100,国家科技成果数据库,2005。
[88]郭炜,郭筝,谢憬,SoC设计方法与实现,电子工业出版社,北京,2007。
[89]慧聪网,专家深度剖析非接触式IC卡片应用安全性,http://info.secu.hc360.com/2009/04/210847155132.shtml,2009。
[90]劳动和社会保障部,社会保障(个人)卡规范,LB002-2000,2000.
[91]李峥,张鲁国,刘彦峰,密码工程基础。电子技术学院出版社,郑州,2008。
[92]茆诗松,概率论与数理统计(第三版),中国统计出版社,北京,2007。
[93]天一集成,IC芯片,ECC密码算法芯片及IP核。http://www.aone.cn/chanpin.asp?id=3,2005。
[94]钱学森,科学的艺术与艺术的科学。人民文学出版社,北京,1994。
[95]唐韶华,对“羊城通”地铁卡的实际攻击。http://www.cacrnet.org.cn/upload/fckeditor/芯片论坛PPT.rar,2010。
[96]严蔚敏,吴伟民,数据结构。清华大学出版社,北京,2000。
[97]叶世芬,安全芯片物理防护研究。杭州:浙江大学,2005。
[98]中国广播网,黑客冒充网银血洗数千万资金,消费者切记细核信息。http://www.cnr.cn/jingji/315/gz/201103/t20110315_507793495.html,2011。
[99]周润景,基于Quartus Ⅱ的数字系统Verilog HDL设计实例详解。电子工业出版社,北京,2010。
[100]朱燕,木马“踏破”网银U盾,30秒窃30万。新京报电子版2011年04月15日,2011。