摘要
近来随着旁路攻击SCA(Side Channel Attack)这种依靠加密过程中泄露的功耗,时间与电磁辐射等物理信息来破解密钥的分析方式被提出,加密算法与协议本身的更新已经无法提供足够的防护。因此目前的芯片设计中急需增加对旁路攻击的防护。
本文选取新的对称数据加密算法——高级加密标准AES(Advanced Encryption Standard)为加密芯片的基本算法,讨论并研究针对AES的旁路攻击的一种——差分功耗分析DPA(Differential Power Analysis)攻击的实现及其防范技术。
本文在介绍了AES与旁路攻击的基础上,引入差分功耗分析的原理和实现,并大致按照出现的时间顺序介绍了已有的防护手段和它们各自的特点,然后详细介绍本文使用的设计方案和具体实现,最后给出实验环境搭建方法和实验结果分析。实践证明本文的设计方案给基于AES的安全芯片提供了较好的针对DPA的防护。
Since the introduction of the so-called Side Channel Attack, which makes use of the information leaked through encryption process, such as power consumption, timing and electromagnetic radiation, solely updating encryption algorithm and protocol is not enough to provide security for encryption system. Thus presently in encryption chips design, special protection against Side Channel Attack should be considered.
In this thesis, AES(Advanced Encryption Standard)was chosen to be the encryption algorithm for the study of DPA(Differential Power Analysis), which is one type of Side Channel Attack. The main target of this thesis is to study how to carry DPA out and how to protect encryption systems against it.
After description of the basic knowledge of AES and SCA, the theory and implementation of DPA are introduced. Then historial studies of the anti-DPA methods are discussed and an improved detailed design is given. Finally the testing and measurement environment is given and the experiment result is analyzed. The experiment result shows that the chip design of this thesis can provide a relatively good protection against DPA for encryption chips using AES algorithm.
引文
[1] National Institute of Standards and Technology. FIPS-197: Advanced Encryption Standard, November 2001.
[2] Paul Kocher, Joshus Jaffe, and Benjamin Jun. Differential Power Analysis. In proceeding of Advances in Cryptology – CRYPTO ’99, pp. 388-397, Springer, 1999.
[3] Wolkerstorfer, J., Oswald, E., Lamberger, M.: An ASIC implementation of the AES S-Boxes. Proc. Topic in Cryptography – CT-RSA 2002. 2271 of Lecture Notes in Computer Science 2271 (2002) 67-78
[4] Elena Trichina and Tymur Korkishko. Small Size, Low Power, Side Channel-Immune AES Comprocessor: Design and Synthesis Results. In proceeding of the Fourth Conference on the Advanced Encryption Standard (AES), 2004.
[5] Elena Trichina and Tymur Korkishko. Secure AES Hardware Module for Resource Constrained Devices. In proceeding of Security in Ad-hoc and Sensor Networks: First European Workshop, ESAS 2004, pp. 215-229, Springer 2005.
[6] Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards Sound Approaches to Counteract Power-Analysis Attacks. In proceeding of Advances in Cryptology – CRYPTO ’99, pp. 398-412, Springer, 1999.
[7] Louis Goubin and Jacques Patarin. DES and Differential Power Analysis - The “Duplication" Method. In proceeding of Cryptographic Hardware and Embedded Systems - CHES ’99, pp. 158-172, Springer, 1999.
[8] Thomas S.messerge Using Second-Order Power Analysis to Attack DPA Resistant Software. CHES2000, LNCS 1965, pp. 238-251, Springer 2000.
[9] Mehdi-Laurent Akkar and Christophe Giraud. An Implementation of DES and AES, Secure against Some Attacks. In proceeding of Cryptographic Hardware and Embedded Systems: CHES 2001, pp. 309-318, Springer 2001.
[10] Johannes Blomer, Jorge Guajardo, and Volker Krummel. Provably Secure Masking of AES. In proceeding of Selected Areas in Cryptography: 11th International Workshop, SAC 2004, pp. 69-83, Springer 2005.
[11] Elisabeth Oswald, Stefan Mangard, Norbert Pramstaller, and Vincent Rijmen. A Side-Channel Analysis Resistant Description of the AES S-Box. In proceeding of Fast Software Encryption: 12th International Workshop, FSE 2005, pp. 413-423, Springer 2005.
[12] J. D. Golic and Ch. Tymen. Multiplicative Masking and Power Analysis of AES. In Burton S. Kaliski Jr., and Christof Paar, editors, Cryptographic Hardware and Embedded Systems -CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13-15, 2002, Revised Papers, volume 2535 of Lecture Notes in Computer Science (LNCS), pages 198{212.Springer, 2003.
[13] Paul Kocher, Joshua Jaffe, and Benjamin Jun “Introduction to Differential Power Analysis and Related Attacks”
[14] Siddika Berna Ors, Frank Gurkaynak, and Elisabeth Oswald “Power-Analysis Attack on an ASIC AES implementation”
[15] Thomas S. Messerges and Ezzy A. Dabbish. Investigations of Power Analysis Attacks on Smartcards. USENIX Workshop on Smartcard Technology, Chicago, Illinois, USA, May 10-11, 1999.
[16] Cryptography and Network Security—Principles and Practices, Third Edition [US] William Stallings
[17] Siddika Berna Ors, Elisabeth Oswald, and Bart Preneel. Power-Analysis Attacks on an FPGA – First Experimetnal Results. CHES 2003, LNCS 2779, pp35-50, Springer-Verlag, Berlin Heidelberg 2003.
[18] Elisabeth Oswald, Stenfan Mangard and Norbert Pramstaller. Secure and Efficient Masking of AES – A Misson Impossible ? IAIK – TR 2003/11/1 http://www.iaik.tu-graz.ac.at/reasearch/sca-lab/index.php
[19] E. Trichina. Combinational Logic Design for AES SubByte Transformation on Masked Data. Cryptology ePrint Archive, Report 2003/236, 2003.
[20] C. Clavier, J. Coron, and N. Dabbous, Differential Power Analysis in the Presence of Hardware Countermeasures, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2000, LNCS 1965, pp.252-263, Springer-Verlag, 2000.
[21] K. Itoh, M. Takenaka, and N. Torii, DPA Countermeasure Based on the Masking Method, International Conference on Information, Communications and Signal Processing - ICICS 2001, LNCS 2288, pp.440-456, Springer-Verlag, 2002.
[22] S. Yen, Amplified Differential Power Cryptanalysis on Rijndael Implementations with Exponentially Fewer Power Traces, Information Security and Privacy Australasian Conference - ACISP 2003, LNCS 2727, pp.106-117, Springer-Verlag, 2003.
[23] R. Bevan and E. Knudsen, Ways to Enhance Differential Power Analysis, Information Security and Cryptology – ICISC 2002, LNCS 2587, pp.327-342, 2003.
[24] J. Coron and L. Goubin, On Boolean and Arithmetic Masking against Differential Power Analysis, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2000, LNCS 1965, pp.231-237, Springer-Verlag, 2000.
[25] L. Goubin, A Sound Method for Switching between Boolean and Arithmetic Masking, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2001, LNCS 2162, pp.3-15, Springer- Verlag, 2001.
[26] J. Coron, A. Tchulkine, A New Algorithm for Switching from Arithmetic to Boolean Masking, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2003, LNCS 2779, pp.89-97, Springer-Verlag, 2003.
[27] Jacques J.A. Fournier, Simon Moore, Huiyun Li, Robert Mullins, and George Taylor. Security Evaluation of Asynchronous Circuits. (IST-1999-13515)
[28] J. Dhem, F. Koeune, P. Leroux, P. Mestr′e, J.Quisquater, and J. Willems, A Practical Implementation of the Timing Attack, UCL Crypto Group Technical Report http://users.belgacom.net/dhem/papers/CG1998 1.pdf, 1998.
[29] S. Skorobogatov and R. Anderson, Optical Fault Induction Attacks, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2002, LNCS 2523, pp.2-12, Springer-Verlag, 2003.
[30] S. Mangard, A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion, Information Security and Cryptology - ICISC 2002, LNCS 2587, pp.343-358, 2003.
[31] K. Gandolfi, C. Mourtel, and F. Olivier, Electromagnetic Analysis: Concrete Results, Workshop on Cryptographic Hardware and Embedded Systems - CHES 2001, LNCS 2162, pp.251-261, Springer-Verlag, 2001.
[32] Hwasun Chang and Kwangjo Kim, Securing AES against Second-Order DPA by simple Fixed-Value Masking, Computer Security Symposium 2003