中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 学位论文
题名:
密码算法的故障攻击与防御对策研究
作者: 许囡囡
答辩日期: 2008-05-30
导师: 冯登国
专业: 计算机软件与理论
授予单位: 中国科学院研究生院
授予地点: 中国科学院软件研究所
学位: 硕士
关键词: 密码算法 ; 分组密码 ; RSA ; 故障攻击 ; 防御措施
其他题名: Fault Attack on Cryptographic Algorithms and the Algorithmic Countermeasures
部门归属: 信息安全国家重点实验室
摘要: 密码算法是信息安全领域的重要研究内容,算法的安全性由诸多因素决定,包括算法自身的数学特性以及实现安全性等。近年来,基于实现的算法攻击获得了广泛关注并已成为研究热点之一。故障攻击是一种基于实现的攻击方法,当算法执行过程中受到意外或恶意干扰而偏离其正常流程时,攻击者以及分析人员可以根据由此产生的故障信息来获取设备内部隐藏的秘密信息。因此,为了抵御故障攻击,就需要在密码算法的实现中采用一定策略或方法来保护有关的秘密信息。本论文主要研究分组密码算法和使用中国剩余定理实现的RSA算法的故障攻击以及算法级防御对策,并取得了以下几个方面的研究结果: (1) 给出了一种针对ARIA算法的故障攻击方法。ARIA算法是一种于2003年被提出的分组密码,2004年被选定为韩国国家标准。本文对ARIA算法的加密和解密过程分别进行故障诱导,并应用差分故障攻击方法来恢复出密钥。对于ARIA-128,平均约需8对正误密文和8对正误明文就可以恢复出完整的种子密钥;而对于ARIA-192/256,该分析方法分别约需32对正误密文和40对正误密文来恢复完整的种子密钥。 (2) 给出了一种针对Camellia算法的故障攻击方法。Camellia算法于2000年被提出,并于2005年被国际标准化组织IETF批准为在SSL/TLS安全协议中使用的国际标准算法。本文对Camellia算法的加密过程进行故障诱导,并应用差分故障攻击方法来恢复种子密钥。对于Camellia-128,需要64对正误密文来恢复出种子密钥;而对于Camellia-192/256,则需要96对正误密文来恢复出种子密钥。 (3) 系统总结了对于使用中国剩余定理方法实现的RSA算法的故障攻击方法以及相关的防御措施,并对各防御措施的安全性和有效性进行了分析。
英文摘要: Cryptographic algorithms have played fundamental roles in information security. The security of a cryptographic algorithm depends on many aspects, including the mathematical properties of the algorithm itself, the implementation security, etc. Recently, cryptoanalysis techniques based on implementation has received wide-spread attention and are becoming one of the research focuses. Fault attack is one typical kind of implementation based attacks. The faulty information can be used to obtain the secret information hidden inside the cryptographic devices, when the execution procedure of the algorithm is casually or purposedly disturbed to deviate from the normal flow. As a result, some countermeasures should be employed in order to resist fault attack and protect the secret information from being leaked. The thesis focuses on fault attacks against both block ciphers and the RSA cipher implemented using the Chinese Remainder Theorem, as well as the countermeasures. Several research results obtained are as follows. (1) A differential fault attack on block cipher ARIA is proposed. ARIA was proposed in 2003, and was selected as the standard block cipher of Korea in 2004. Using the idea of differential analysis, we induce faults during the encryption and decryption of ARIA and analyze the faulty outputs. For ARIA-128, about 8 faulty ciphertexts and 8 faulty plaintexts on average are required to recover the seed key. For ARIA-192, the num of faulty ciphertexts is 32, and for ARIA-256, the num of faulty ciphertexts is 40. (2) A differential fault attack on block cipher Camellia is proposed. Camellia was proposed in 2003, and was accepted as the international standard cipher using in SSL/TSL security protocols by international organization for standardization IETF. We induce faults during encryption and analyze the faulty ciphertexts. For Camellia-128, 64 faulty ciphertexts are required to recover the seed key. For Camellia-192/256, 96 faulty ciphertext are required. (3) Summarization of fault attacks on CRT-RSA and the related countermeasures are given, together with the analysis of the security and efficiency of the countermeasures.
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/7066
Appears in Collections:信息安全国家重点实验室_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
10001_200428015029035许囡囡_paper.pdf(656KB)----限制开放-- 联系获取全文

Recommended Citation:
许囡囡. 密码算法的故障攻击与防御对策研究[D]. 中国科学院软件研究所. 中国科学院研究生院. 2008-05-30.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[许囡囡]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[许囡囡]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace