ISCAS OpenIR  > 信息安全国家重点实验室  > 学位论文
Subject: 计算机科学技术其他学科
Author: 李建堂
Issued Date: 2011-05-26
Supervisor: 周永彬
Major: 信息安全
Degree Grantor: 中国科学院研究生院
Place of Degree Grantor: 北京
Degree Level: 硕士
Keyword: 密码实现,能量分析攻击,物理安全性,指令级模拟,评估
Abstract: 侧信道攻击是密码分析研究中的一个重要分支。研究实践表明,即使算法自身在数学意义下是安全的,密码实现所泄露的侧信息依然可能导致严重的安全隐患。能量分析攻击是一类典型的侧信道分析方法,对密码实现的实际安全性造成了严重威胁,这种攻击方式效果显著,广受关注,是当前侧信道攻击领域的研究热点之一。密码算法实现的物理安全性评估,尤其是设计阶段的物理安全性评估,例如对各种能量分析攻击的实际威胁与防御措施的有效性进行客观的比较与评估等,迫切需要基础方法和基础工具的支撑。为评估密码实现的物理安全性,刻画密码实现的侧信息泄漏机制,本文对密码实现能量消耗的软件模拟方法和关键技术进行研究,旨在对密码实现抵御能量分析攻击的能力进行分析与评估,为密码系统的设计与分析提供基础方法和支撑工具支持。本文主要贡献如下:
第三、为验证上述方法的正确性与可行性,本文使用IMScale系统进行了大量的攻击实验与对比分析研究。具体地,本文以运行于Atmel 89C52微处理器上的一个未受保护的AES算法为例,基于IMScale系统进行能量消耗模拟,利用模拟能量迹实施了DPA攻击和CPA攻击,并使用成功率、猜测熵等量化度量指标比较并评估了这两种经典分析方法的有效性;此外,本文还针对AES的一种掩码实现进行能量消耗模拟,分别实施了采用标准积和绝对差值作为联合函数的两种2阶DPA攻击,采用成功率对二者在汉明重量模型下的有效性进行评估。上述实验结果均与已有理论及实验结论完全吻合,这有力地证明了指令级能量消耗软件模拟方法的正确性与可行性。
English Abstract:

Side-channel attack is an important branch of cryptanalysis. Extensive researches and numerous practices have shown that side-channel information leaked by cryptographic implementations could lead to crucial security issues, even though the underlying cryptographic algorithms themselves are mathematically secure. Power analysis attack, widely accepted to be one of the most important side-channel attacks, poses serious threats to the physical security of cryptographic implementations. It works remarkably well in practical settings, and arouses wide concerns and immediately becomes the hot research topic in the field of
side-channel attacks. In order to assess the physical security of cryptographic implementations, especially within design phases, some fundamental approaches and basic supporting tools appear to be highly desirable. Besides, such tools are also necessary for performing fair comparisons among various power analysis attacks and different countermeasures. Motivated by this, we investigate the power consumption software simulation methods and key technologies for power analysis attack, aiming to analyze and assess the practical resistance of cryptographic implementations in the presence of power analysis attacks. The central purpose of our work is to provide some basic methods and fundamental tools
for the design and analysis of the implementations of cryptosystems. The main contributions of this paper are threefold.

Firstly, we propose an instruction-level power consumption software simulation approach, aiming to analyze and assess the resistance of cryptographic implementations in the presence of power analysis attacks. The main idea of our approach is to simulate the instruction executions of assemble codes of cryptographic implementations and then to map the processed data (including data transmission on the bus, data changes in RAM, and etc.) during the instruction execution to specific power consumption, according to the customized power model of target device. The simulated power consumption is produced in this way so as to characterize the dependency of the power consumption on thecorresponding processed data.

Secondly, we design and develop one prototype system of power consumption simulations for cryptographic implementations, called IMScale. One of the most attractive technical features of IMScale is that it fairly supports the customization of diverse power models and different levels of noise, which enables the simulation of a wide spectrum of crypto devices. At the same time, IMScale is capable of supporting the simulations of both unprotected and protected implementations of symmetric ciphers and asymmetric ciphers as well. Besides, IMScale can be easily extended to support cryptographic implementations based on X86, DSP and other hardware platforms, even though it is only tailed for implementations based on C51 hardware platform for the time being. This highly desirable scalability is due to the extensible modular architecture design of IMScale.

Thirdly, in order validate the correctness and feasibility of our approaches, we use IMScale to carry out a series of experiments against an unprotected AES implementation on an 8-bit Atmel 89C52 microcontroller, followed by extensive DPA and CPA attacks, using the simulated power traces. The effectiveness of these two attacks is measured by quantitative metrics such as success rate and guessing entropy. Moreover, we also perform 2O-DPA attacks, using normalized product and absolute difference as combining functions, against a masked AES implementation. The effectiveness of 2O-DPA attacks using these two combining functions under HW model is measured by success rate. The results of our experiments show that the results from the comparison between DPA and CPA and the evaluations of them, and the results of 2O-DPA attacks as well, are completely consistent with known results, which firmly validate the correctness and feasibility of our instruction-level power consumption software simulation approach.

Language: 中文
Content Type: 学位论文
Appears in Collections:信息安全国家重点实验室_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
thesis_li.pdf(2592KB)----限制开放 联系获取全文

Recommended Citation:
李建堂. 密码实现能量消耗指令级模拟系统的设计与实现[D]. 北京. 中国科学院研究生院. 2011-05-26.
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[李建堂]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[李建堂]‘s Articles
Related Copyright Policies
Social Bookmarking
Add to CiteULike Add to Connotea Add to Add to Digg Add to Reddit
所有评论 (0)
内 容:
Email:  *
验证码:   刷新
标 题:
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.



Valid XHTML 1.0!
Copyright © 2007-2021  中国科学院软件研究所 - Feedback
Powered by CSpace