English Abstract: | Side-channel attack is an important branch of cryptanalysis. Extensive researches and numerous practices have shown that side-channel information leaked by cryptographic implementations could lead to crucial security issues, even though the underlying cryptographic algorithms themselves are mathematically secure. Power analysis attack, widely accepted to be one of the most important side-channel attacks, poses serious threats to the physical security of cryptographic implementations. It works remarkably well in practical settings, and arouses wide concerns and immediately becomes the hot research topic in the field of side-channel attacks. In order to assess the physical security of cryptographic implementations, especially within design phases, some fundamental approaches and basic supporting tools appear to be highly desirable. Besides, such tools are also necessary for performing fair comparisons among various power analysis attacks and different countermeasures. Motivated by this, we investigate the power consumption software simulation methods and key technologies for power analysis attack, aiming to analyze and assess the practical resistance of cryptographic implementations in the presence of power analysis attacks. The central purpose of our work is to provide some basic methods and fundamental tools for the design and analysis of the implementations of cryptosystems. The main contributions of this paper are threefold. Firstly, we propose an instruction-level power consumption software simulation approach, aiming to analyze and assess the resistance of cryptographic implementations in the presence of power analysis attacks. The main idea of our approach is to simulate the instruction executions of assemble codes of cryptographic implementations and then to map the processed data (including data transmission on the bus, data changes in RAM, and etc.) during the instruction execution to specific power consumption, according to the customized power model of target device. The simulated power consumption is produced in this way so as to characterize the dependency of the power consumption on thecorresponding processed data. Secondly, we design and develop one prototype system of power consumption simulations for cryptographic implementations, called IMScale. One of the most attractive technical features of IMScale is that it fairly supports the customization of diverse power models and different levels of noise, which enables the simulation of a wide spectrum of crypto devices. At the same time, IMScale is capable of supporting the simulations of both unprotected and protected implementations of symmetric ciphers and asymmetric ciphers as well. Besides, IMScale can be easily extended to support cryptographic implementations based on X86, DSP and other hardware platforms, even though it is only tailed for implementations based on C51 hardware platform for the time being. This highly desirable scalability is due to the extensible modular architecture design of IMScale. Thirdly, in order validate the correctness and feasibility of our approaches, we use IMScale to carry out a series of experiments against an unprotected AES implementation on an 8-bit Atmel 89C52 microcontroller, followed by extensive DPA and CPA attacks, using the simulated power traces. The effectiveness of these two attacks is measured by quantitative metrics such as success rate and guessing entropy. Moreover, we also perform 2O-DPA attacks, using normalized product and absolute difference as combining functions, against a masked AES implementation. The effectiveness of 2O-DPA attacks using these two combining functions under HW model is measured by success rate. The results of our experiments show that the results from the comparison between DPA and CPA and the evaluations of them, and the results of 2O-DPA attacks as well, are completely consistent with known results, which firmly validate the correctness and feasibility of our instruction-level power consumption software simulation approach. |