中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 学位论文
学科主题: 计算机科学技术其他学科
题名:
密码实现能量消耗指令级模拟系统的设计与实现
作者: 李建堂
答辩日期: 2011-05-26
导师: 周永彬
专业: 信息安全
授予单位: 中国科学院研究生院
授予地点: 北京
学位: 硕士
关键词: 密码实现,能量分析攻击,物理安全性,指令级模拟,评估
摘要: 侧信道攻击是密码分析研究中的一个重要分支。研究实践表明,即使算法自身在数学意义下是安全的,密码实现所泄露的侧信息依然可能导致严重的安全隐患。能量分析攻击是一类典型的侧信道分析方法,对密码实现的实际安全性造成了严重威胁,这种攻击方式效果显著,广受关注,是当前侧信道攻击领域的研究热点之一。密码算法实现的物理安全性评估,尤其是设计阶段的物理安全性评估,例如对各种能量分析攻击的实际威胁与防御措施的有效性进行客观的比较与评估等,迫切需要基础方法和基础工具的支撑。为评估密码实现的物理安全性,刻画密码实现的侧信息泄漏机制,本文对密码实现能量消耗的软件模拟方法和关键技术进行研究,旨在对密码实现抵御能量分析攻击的能力进行分析与评估,为密码系统的设计与分析提供基础方法和支撑工具支持。本文主要贡献如下:
第一、提出了一种指令级能量消耗软件模拟方法,旨在对密码实现抵御能量分析攻击的能力进行分析与评估。该方法的基本思想是:将软件密码实现刻画为由处理器、存储器、总线等主要物理单元构成的集合,精确模拟密码算法汇编指令执行的具体细节,根据系统配置的各物理单元在能量消耗中所占比重及能量模型,将每一条指令执行过程中所处理的数据(包括总线数据传输、RAM数据变化等)映射为能量消耗值,以刻画密码算法执行过程中依赖于数据的能量消耗。
第二、基于所提出的指令级能量消耗软件模拟方法,本文设计并开发出一个密码算法实现能量消耗模拟原型系统IMScale。IMScale系统具有支持对能量模型及噪声模型的动态配置与刻画能力,因而具有很强的密码设备适应能力与能量信息泄漏机制刻画能力。同时,IMScale系统支持多种密码算法实现进行模拟,包括对称密码算法与非对称密码算法,也可以支持对密码算法的朴素实现及受保护实现进行模拟。目前,IMScale系统仅支持兼容C51系列微处理器平台;但是,由于IMScale系统具有可扩展的模块化体系结构,因而可以方便地扩展支持对x86、DSP等其他硬件平台的模拟。
第三、为验证上述方法的正确性与可行性,本文使用IMScale系统进行了大量的攻击实验与对比分析研究。具体地,本文以运行于Atmel 89C52微处理器上的一个未受保护的AES算法为例,基于IMScale系统进行能量消耗模拟,利用模拟能量迹实施了DPA攻击和CPA攻击,并使用成功率、猜测熵等量化度量指标比较并评估了这两种经典分析方法的有效性;此外,本文还针对AES的一种掩码实现进行能量消耗模拟,分别实施了采用标准积和绝对差值作为联合函数的两种2阶DPA攻击,采用成功率对二者在汉明重量模型下的有效性进行评估。上述实验结果均与已有理论及实验结论完全吻合,这有力地证明了指令级能量消耗软件模拟方法的正确性与可行性。
英文摘要:

Side-channel attack is an important branch of cryptanalysis. Extensive researches and numerous practices have shown that side-channel information leaked by cryptographic implementations could lead to crucial security issues, even though the underlying cryptographic algorithms themselves are mathematically secure. Power analysis attack, widely accepted to be one of the most important side-channel attacks, poses serious threats to the physical security of cryptographic implementations. It works remarkably well in practical settings, and arouses wide concerns and immediately becomes the hot research topic in the field of
side-channel attacks. In order to assess the physical security of cryptographic implementations, especially within design phases, some fundamental approaches and basic supporting tools appear to be highly desirable. Besides, such tools are also necessary for performing fair comparisons among various power analysis attacks and different countermeasures. Motivated by this, we investigate the power consumption software simulation methods and key technologies for power analysis attack, aiming to analyze and assess the practical resistance of cryptographic implementations in the presence of power analysis attacks. The central purpose of our work is to provide some basic methods and fundamental tools
for the design and analysis of the implementations of cryptosystems. The main contributions of this paper are threefold.

Firstly, we propose an instruction-level power consumption software simulation approach, aiming to analyze and assess the resistance of cryptographic implementations in the presence of power analysis attacks. The main idea of our approach is to simulate the instruction executions of assemble codes of cryptographic implementations and then to map the processed data (including data transmission on the bus, data changes in RAM, and etc.) during the instruction execution to specific power consumption, according to the customized power model of target device. The simulated power consumption is produced in this way so as to characterize the dependency of the power consumption on thecorresponding processed data.

Secondly, we design and develop one prototype system of power consumption simulations for cryptographic implementations, called IMScale. One of the most attractive technical features of IMScale is that it fairly supports the customization of diverse power models and different levels of noise, which enables the simulation of a wide spectrum of crypto devices. At the same time, IMScale is capable of supporting the simulations of both unprotected and protected implementations of symmetric ciphers and asymmetric ciphers as well. Besides, IMScale can be easily extended to support cryptographic implementations based on X86, DSP and other hardware platforms, even though it is only tailed for implementations based on C51 hardware platform for the time being. This highly desirable scalability is due to the extensible modular architecture design of IMScale.

Thirdly, in order validate the correctness and feasibility of our approaches, we use IMScale to carry out a series of experiments against an unprotected AES implementation on an 8-bit Atmel 89C52 microcontroller, followed by extensive DPA and CPA attacks, using the simulated power traces. The effectiveness of these two attacks is measured by quantitative metrics such as success rate and guessing entropy. Moreover, we also perform 2O-DPA attacks, using normalized product and absolute difference as combining functions, against a masked AES implementation. The effectiveness of 2O-DPA attacks using these two combining functions under HW model is measured by success rate. The results of our experiments show that the results from the comparison between DPA and CPA and the evaluations of them, and the results of 2O-DPA attacks as well, are completely consistent with known results, which firmly validate the correctness and feasibility of our instruction-level power consumption software simulation approach.

语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/10798
Appears in Collections:信息安全国家重点实验室_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
thesis_li.pdf(2592KB)----限制开放 联系获取全文

Recommended Citation:
李建堂. 密码实现能量消耗指令级模拟系统的设计与实现[D]. 北京. 中国科学院研究生院. 2011-05-26.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[李建堂]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[李建堂]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace