一种全新旁路攻击的分析与防御策略的研究
|
摘要
近年来,研究者注意到可能利用加密算法的实现和加密设备操作环境的特性对密码系统进行攻击,并将此类攻击方式命名为旁路攻击。旁路攻击主要是对加密协议执行时的各种物理信息的泄漏进行分析,而非传统密码分析中的基于数学方法的分析。
差分行为分析是基于差分能量攻击和差分错误攻击的一种新的攻击方式,该攻击具有两种攻击的部分优点,同时所要求的提供的整个加密流程的信息少于上述两种算法,研究者从理论上分析了该攻击方法在AES上的实现,并给出了部分运算结果。
使用差分行为分析,对我国无线局域网WAPI中的加密算法SMS4进行攻击。SMS4算法是我国官方公布的第一个商用密码算法,采用了SPN型结构,理论上,差分行为分析可以有效的还原出SMS4的轮密钥。
针对差分行为分析在AES和SMS4上的理论分析和仿真实验,提出防御差分能量攻击和差分错误攻击的策略,并可以以此为基础,从理论上提出针对差分行为分析的安全防御策略,并且仅仅少量增加的复杂度和计算开销。
In recent years, researchers may use to achieve more and noted the characteristics and operating environment attacks. Side-Channel attacks, primarily through its protocol implementation of information disclosure, rather than traditional password-based protocol specification of the mathematical basis for analysis. A new side-channel attack presented here: differential behavior analysis. Differential behavior analysis is based on the differential power attack and differential fault attacks, a new attack, the attacker has some advantages of the two attacks, while providing the required information on the entire encryption process is less than the above two methods, the paper theoretical analysis of the attack on the AES implementation, and gives the part of the operation result.
the use of differential behavior analysis on China's WAPI wireless LAN encryption algorithm in SMS4 analyzed, and theoretically verified its feasibility. SMS4 algorithm is the official publication of the first commercial cryptographic algorithms, using the SP-type structure, this differential behavior analysis of the feasibility of the SMS4 on a theoretical analysis.
For the differential behavior analysis on the implementation of AES and SMS4 analyzes the attack: Differential Power attack and differential fault attacks, and according to the two attacks against the defense strategy, in theory, analysis of proposed security for the differential behavior defense strategy, and analysis of the possible increase in complexity and computational overhead.
差分行为分析是基于差分能量攻击和差分错误攻击的一种新的攻击方式,该攻击具有两种攻击的部分优点,同时所要求的提供的整个加密流程的信息少于上述两种算法,研究者从理论上分析了该攻击方法在AES上的实现,并给出了部分运算结果。
使用差分行为分析,对我国无线局域网WAPI中的加密算法SMS4进行攻击。SMS4算法是我国官方公布的第一个商用密码算法,采用了SPN型结构,理论上,差分行为分析可以有效的还原出SMS4的轮密钥。
针对差分行为分析在AES和SMS4上的理论分析和仿真实验,提出防御差分能量攻击和差分错误攻击的策略,并可以以此为基础,从理论上提出针对差分行为分析的安全防御策略,并且仅仅少量增加的复杂度和计算开销。
In recent years, researchers may use to achieve more and noted the characteristics and operating environment attacks. Side-Channel attacks, primarily through its protocol implementation of information disclosure, rather than traditional password-based protocol specification of the mathematical basis for analysis. A new side-channel attack presented here: differential behavior analysis. Differential behavior analysis is based on the differential power attack and differential fault attacks, a new attack, the attacker has some advantages of the two attacks, while providing the required information on the entire encryption process is less than the above two methods, the paper theoretical analysis of the attack on the AES implementation, and gives the part of the operation result.
the use of differential behavior analysis on China's WAPI wireless LAN encryption algorithm in SMS4 analyzed, and theoretically verified its feasibility. SMS4 algorithm is the official publication of the first commercial cryptographic algorithms, using the SP-type structure, this differential behavior analysis of the feasibility of the SMS4 on a theoretical analysis.
For the differential behavior analysis on the implementation of AES and SMS4 analyzes the attack: Differential Power attack and differential fault attacks, and according to the two attacks against the defense strategy, in theory, analysis of proposed security for the differential behavior defense strategy, and analysis of the possible increase in complexity and computational overhead.
引文
[1]. D.Hankerson,A.Menezes,S.Vanstone. Guide to Elliptic Curve Cryptography(第一版).张焕国等译.北京:电子工业出版社.2005.8.225.
[2]. C.Koc,C.Paar.Cryptographic Hardware and Embedded Systems-CHES'99,Volume 1717 of Lecture Notes in Computer Science.Springer-Verlag.2000.
[3]. P.Kocher , J.Jaffe,B.Jun.Differential power analysis.Advances in Cryptology CRYPTO’99(LNCS 1666).1999:388-397.
[4]. J.Coron.Resistance against differential power analysis for elliptic curve cryptosystems CHES’99(LNCS 1717).1999:292-302.
[5]. S.Chari , C.Jutla , J.Rao.P.Rochatgi,Towards sound approaches to counteract power-analysis attacks, Advances in Cryptology CRYPTO’99 (LNCS 1666).1999:398-412.
[6]. P.Kocher.Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems, Advances in Cryptology CRYPTO’96(LNCS 1109).1996:104-113.
[7]. YongBin Zhou , DengGuo Feng.Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing.Physical Security Testing Workshop,2005:36-29.
[8]. C.Koc , C.Paar.Cryptographic Hardware and Embedded Systems CHES'99 ,Springer-Verlag,2000,103.
[9].卢开澄.计算机密码学——计算机网络中的数据保密与安全(第三版).北京:清华大学出版社,2003.
[10].张涛,范明珏.旁路信息的分级泄漏模型与安全性分析.Application Research of Computers.计算机应用研究,2008.6: 22.
[11]. Micalis, Reyzn L. Physically observable cryptography.Proc ofTCC. 2004:278-296.
[12]. Stander.F, Malkin.T, Yung M. A formal practice- orientedmodel for the analysis of side-channel attacks. version 1. 4.[EB/OL]. [2006-12-04]. http: //eprint. iacr.org/2006 /139. pdf.
[13]. J.Black, H. Urtubia。Side-channel attacks on symmetric encryption schemes: the case for authenticated encryption. Procof11 USENIX Security Symposium, 2002,27:327~338
[14]. Attack and Improvement of a Secure S-Box Calculation Based on theFourier Transform,Jean-S′ebastien Coron, Christophe Giraud, Emmanuel Prouff, and Matthieu Rivain,“Cryptographic Hardware and Embedded Systems”,2008,333~347.
[15]. High-Speed True Random Number Generation with Logic Gates,Only, Markus Dichtl and Jovan Dj. Goli′, Cryptographic Hardware and Embedded Systems,2007,245-247
[16]. Wade Trappe,Lawrence C.Washington,密码.学与编码理论.王金龙等译.北京:人民邮电出版社,2008.4.151~158
[17]. Peter Linz.形式语言与自动机导论.孙家啸等译.北京:机械工业出版社,2005. 473~475.
[18]. WILLIAM STALLINGS,“CRYPTOGRAPHY AND NETWORK SECURITY Fourth Edition”,2007.2, 473~475
[19].周玉洁,冯登国.公开密钥算法及其快速实现.石家庄:国防工业出版社,2002., 122~123
[20]. Dieter Gollamnn.计算机安全学(第一版).张晓松译,,2008, 213~215
[21]. Andreas Enge.椭圆曲线及其在密码学中的应用-导引.董军武等译.北京:科学出版社.2007.12.473~475。
[22].卢开澄,卢华明.椭圆曲线密码算法导引.北京:清华大学出版社,2008。, 93~105。
[23]. Eduardo Fernandez, Rita Summers, Christopher Wood. Database security and integrity. Boston: Addison-Wesley Longman Publishing Company, 1981. 4~24
[24]. Jay Beale, Renaud Deraison, Haroon Meer et al. Nessus Network Auditing. USA: Syngress Publishing Company Inc, 2004. 18~46
[25]. Imperva Inc. Scuba by Imperva: Complete Database Security Assessment. http://www.imperva.com/docs/DS_ScubabyImperva_0707LK.pdf
[26]. Safety-Lab. Shadow Database Scanner. http://www.safety-lab.com/en/products/6.htm
[27]. Victor Lee, John Stankovic, Sang Son. Intrusion Detection in Real-time Database Systems via Time Signatures. in: Proceedings of the Sixth IEEE Real Time Technology and Applications Symposium. Washington: IEEE Computer Society, 2000. 124~133
[28]. Brandon Bray. Compiler Security Checks In Depth. http://msdn.microsoft.com/en-us/library/aa290051.aspx
[29]. Barton Miller, Louis Fredriksen, Bryan So. An empirical study of the reliability of UNIX utilities. Communications of the Association for Computing Machinery, 1990, 33(12): 32~44
[30]. Barton Miller, David Koski, Cjin Lee et al. Fuzz Revisited: A Reexamination of the Reliability of UNIX Utilities and Services. ftp://grilled.cs.wisc.edu/technical_papers/fuzz-revisted.pdf
[31]. Justin Forrester, Barton Miller. An Empirical Study of the Robustness of Windows NT Applications Using Random Testing. in: Proceedings of the 4th USENIX Windows System Symposium - Volume 4. Berkeley: USENIX Association, 2000. 1~6
[32]. Barton Miller, Gregory Cooksey, Fredrick Moore. An Empirical Study of the Robustness of MacOS Applications Using Random Testing. in: Proceedings of the 1st international workshop on Random testing. New York: ACM, 2006. 46~54
[33]. Oulu University Secure Programming Group. PROTOS Security Testing of Protocol Implementations. http://www.ee.oulu.fi/research/ouspg/protos/index.html
[34]. Dave Aite. The Advantages of Block-Based Protocol Analysis for Security Testing. http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.pdf
[35]. Taeghyoon Kim, Sungmoon Cheong, Dohoon Lee. Effective Fault Injection Model for Variant Network Traffic. in: Proceedings of 2007 International Conference on Convergence Information Technology. Washington: IEEE Computer Society, 2007. 1189~1188
[36]. Rune Hammersland, Einar Snekkenes. Fuzz testing of web applications. http://www.aqualab.cs.northwestern.edu/HotWeb08/papers/Hammersland-FTW.pdf
[37]. Younghan Choi, Hyoungchun Kim, Dohoon Lee. An Empirical Study for Security of Windows DLL Files Using Automated API Fuzz Testing. in: Proceedings of the 10th International Conference on Advanced Communication Technology, Volume 2.Washington: IEEE Computer Society, 2008. 1473~1475
[38]. Manuel Mendonca, Nuno Neves. Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities. in: Proceedings of the 10th IEEE High Assurance Systems Engineering Symposium. Washington: IEEE Computer Society, 2007. 379~380
[39]. The MITRE Corporation. About CVE. http://cve.mitre.org/about/index.html
[40]. The MITRE Corporation. Common Vulnerabilities and Exposures List. http://cve.mitre.org/cve/index.html
[41]. Michael Sutton, Adam Greene, Pedram Amini. Fuzzing: Brute Force Vulnerability Discovery. USA: Addison-Wesley Professional, 2007. 21~69
[42]. Peter Oehlert. Violating Assumptions with Fuzzing. IEEE Security and Privacy, 2005, 3(2): 58~62
[43]. Younghan Choi, Hyoungchun Kim, Dohoon Lee. Tag-Aware Text File Fuzz Testing for Security of a Software System. in: Proceedings of the 2007 International Conference on Convergence Information Technology. Washington: IEEE Computer Society, 2007. 2254~2259.
[44]. G.J.Simmons.Authentication Theory/coding Theory.Advances in Cryptology CRYPTO’84. Berlin,Springer–Verlag,1985,pp.411–431.
[45].李玮.若干分组密码算法的故障攻击研究.:博士学位论文。上海交通大学:上海交通大学图书馆,2009.
[46].沈增晖. AES的边带信道分析及防范方法研究:硕士学位论文。中南大学:中南大学图书馆,2008.
[2]. C.Koc,C.Paar.Cryptographic Hardware and Embedded Systems-CHES'99,Volume 1717 of Lecture Notes in Computer Science.Springer-Verlag.2000.
[3]. P.Kocher , J.Jaffe,B.Jun.Differential power analysis.Advances in Cryptology CRYPTO’99(LNCS 1666).1999:388-397.
[4]. J.Coron.Resistance against differential power analysis for elliptic curve cryptosystems CHES’99(LNCS 1717).1999:292-302.
[5]. S.Chari , C.Jutla , J.Rao.P.Rochatgi,Towards sound approaches to counteract power-analysis attacks, Advances in Cryptology CRYPTO’99 (LNCS 1666).1999:398-412.
[6]. P.Kocher.Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems, Advances in Cryptology CRYPTO’96(LNCS 1109).1996:104-113.
[7]. YongBin Zhou , DengGuo Feng.Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing.Physical Security Testing Workshop,2005:36-29.
[8]. C.Koc , C.Paar.Cryptographic Hardware and Embedded Systems CHES'99 ,Springer-Verlag,2000,103.
[9].卢开澄.计算机密码学——计算机网络中的数据保密与安全(第三版).北京:清华大学出版社,2003.
[10].张涛,范明珏.旁路信息的分级泄漏模型与安全性分析.Application Research of Computers.计算机应用研究,2008.6: 22.
[11]. Micalis, Reyzn L. Physically observable cryptography.Proc ofTCC. 2004:278-296.
[12]. Stander.F, Malkin.T, Yung M. A formal practice- orientedmodel for the analysis of side-channel attacks. version 1. 4.[EB/OL]. [2006-12-04]. http: //eprint. iacr.org/2006 /139. pdf.
[13]. J.Black, H. Urtubia。Side-channel attacks on symmetric encryption schemes: the case for authenticated encryption. Procof11 USENIX Security Symposium, 2002,27:327~338
[14]. Attack and Improvement of a Secure S-Box Calculation Based on theFourier Transform,Jean-S′ebastien Coron, Christophe Giraud, Emmanuel Prouff, and Matthieu Rivain,“Cryptographic Hardware and Embedded Systems”,2008,333~347.
[15]. High-Speed True Random Number Generation with Logic Gates,Only, Markus Dichtl and Jovan Dj. Goli′, Cryptographic Hardware and Embedded Systems,2007,245-247
[16]. Wade Trappe,Lawrence C.Washington,密码.学与编码理论.王金龙等译.北京:人民邮电出版社,2008.4.151~158
[17]. Peter Linz.形式语言与自动机导论.孙家啸等译.北京:机械工业出版社,2005. 473~475.
[18]. WILLIAM STALLINGS,“CRYPTOGRAPHY AND NETWORK SECURITY Fourth Edition”,2007.2, 473~475
[19].周玉洁,冯登国.公开密钥算法及其快速实现.石家庄:国防工业出版社,2002., 122~123
[20]. Dieter Gollamnn.计算机安全学(第一版).张晓松译,,2008, 213~215
[21]. Andreas Enge.椭圆曲线及其在密码学中的应用-导引.董军武等译.北京:科学出版社.2007.12.473~475。
[22].卢开澄,卢华明.椭圆曲线密码算法导引.北京:清华大学出版社,2008。, 93~105。
[23]. Eduardo Fernandez, Rita Summers, Christopher Wood. Database security and integrity. Boston: Addison-Wesley Longman Publishing Company, 1981. 4~24
[24]. Jay Beale, Renaud Deraison, Haroon Meer et al. Nessus Network Auditing. USA: Syngress Publishing Company Inc, 2004. 18~46
[25]. Imperva Inc. Scuba by Imperva: Complete Database Security Assessment. http://www.imperva.com/docs/DS_ScubabyImperva_0707LK.pdf
[26]. Safety-Lab. Shadow Database Scanner. http://www.safety-lab.com/en/products/6.htm
[27]. Victor Lee, John Stankovic, Sang Son. Intrusion Detection in Real-time Database Systems via Time Signatures. in: Proceedings of the Sixth IEEE Real Time Technology and Applications Symposium. Washington: IEEE Computer Society, 2000. 124~133
[28]. Brandon Bray. Compiler Security Checks In Depth. http://msdn.microsoft.com/en-us/library/aa290051.aspx
[29]. Barton Miller, Louis Fredriksen, Bryan So. An empirical study of the reliability of UNIX utilities. Communications of the Association for Computing Machinery, 1990, 33(12): 32~44
[30]. Barton Miller, David Koski, Cjin Lee et al. Fuzz Revisited: A Reexamination of the Reliability of UNIX Utilities and Services. ftp://grilled.cs.wisc.edu/technical_papers/fuzz-revisted.pdf
[31]. Justin Forrester, Barton Miller. An Empirical Study of the Robustness of Windows NT Applications Using Random Testing. in: Proceedings of the 4th USENIX Windows System Symposium - Volume 4. Berkeley: USENIX Association, 2000. 1~6
[32]. Barton Miller, Gregory Cooksey, Fredrick Moore. An Empirical Study of the Robustness of MacOS Applications Using Random Testing. in: Proceedings of the 1st international workshop on Random testing. New York: ACM, 2006. 46~54
[33]. Oulu University Secure Programming Group. PROTOS Security Testing of Protocol Implementations. http://www.ee.oulu.fi/research/ouspg/protos/index.html
[34]. Dave Aite. The Advantages of Block-Based Protocol Analysis for Security Testing. http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.pdf
[35]. Taeghyoon Kim, Sungmoon Cheong, Dohoon Lee. Effective Fault Injection Model for Variant Network Traffic. in: Proceedings of 2007 International Conference on Convergence Information Technology. Washington: IEEE Computer Society, 2007. 1189~1188
[36]. Rune Hammersland, Einar Snekkenes. Fuzz testing of web applications. http://www.aqualab.cs.northwestern.edu/HotWeb08/papers/Hammersland-FTW.pdf
[37]. Younghan Choi, Hyoungchun Kim, Dohoon Lee. An Empirical Study for Security of Windows DLL Files Using Automated API Fuzz Testing. in: Proceedings of the 10th International Conference on Advanced Communication Technology, Volume 2.Washington: IEEE Computer Society, 2008. 1473~1475
[38]. Manuel Mendonca, Nuno Neves. Fuzzing Wi-Fi Drivers to Locate Security Vulnerabilities. in: Proceedings of the 10th IEEE High Assurance Systems Engineering Symposium. Washington: IEEE Computer Society, 2007. 379~380
[39]. The MITRE Corporation. About CVE. http://cve.mitre.org/about/index.html
[40]. The MITRE Corporation. Common Vulnerabilities and Exposures List. http://cve.mitre.org/cve/index.html
[41]. Michael Sutton, Adam Greene, Pedram Amini. Fuzzing: Brute Force Vulnerability Discovery. USA: Addison-Wesley Professional, 2007. 21~69
[42]. Peter Oehlert. Violating Assumptions with Fuzzing. IEEE Security and Privacy, 2005, 3(2): 58~62
[43]. Younghan Choi, Hyoungchun Kim, Dohoon Lee. Tag-Aware Text File Fuzz Testing for Security of a Software System. in: Proceedings of the 2007 International Conference on Convergence Information Technology. Washington: IEEE Computer Society, 2007. 2254~2259.
[44]. G.J.Simmons.Authentication Theory/coding Theory.Advances in Cryptology CRYPTO’84. Berlin,Springer–Verlag,1985,pp.411–431.
[45].李玮.若干分组密码算法的故障攻击研究.:博士学位论文。上海交通大学:上海交通大学图书馆,2009.
[46].沈增晖. AES的边带信道分析及防范方法研究:硕士学位论文。中南大学:中南大学图书馆,2008.