CN110176970A - Signal quality evaluation method aiming at cryptographic chip bypass attack - Google Patents

Signal quality evaluation method aiming at cryptographic chip bypass attack Download PDF

Info

Publication number
CN110176970A
CN110176970A CN201910523740.6A CN201910523740A CN110176970A CN 110176970 A CN110176970 A CN 110176970A CN 201910523740 A CN201910523740 A CN 201910523740A CN 110176970 A CN110176970 A CN 110176970A
Authority
CN
China
Prior art keywords
plaintext
sequence
fixed
random
signal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910523740.6A
Other languages
Chinese (zh)
Inventor
李雄伟
陈开颜
张阳
谢方方
李艳
王晓晗
马佳巍
宋世杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Army Engineering University of PLA
Original Assignee
Army Engineering University of PLA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Army Engineering University of PLA filed Critical Army Engineering University of PLA
Priority to CN201910523740.6A priority Critical patent/CN110176970A/en
Publication of CN110176970A publication Critical patent/CN110176970A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B17/00Monitoring; Testing
    • H04B17/30Monitoring; Testing of propagation channels
    • H04B17/309Measuring or estimating channel quality parameters
    • H04B17/336Signal-to-interference ratio [SIR] or carrier-to-interference ratio [CIR]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Complex Calculations (AREA)

Abstract

The invention relates to a signal quality evaluation method aiming at bypass attack of a cryptographic chip, which comprises the following steps: inputting a random plaintext sequence into a password chip, and inserting a fixed plaintext sequence into the random plaintext sequence according to a certain mode; sampling the bypass signal of the cipher chip to obtain a bypass signal matrix W with m rows and n columns. Dividing a bypass signal matrix W into a fixed plaintext track and a random plaintext track according to the insertion rule of a fixed plaintext by using a behavior unit, storing the divided fixed plaintext track into a fixed plaintext group, and storing the divided random plaintext track into a random plaintext group; respectively calculating the variance of each column in the two signal groups, and calculating the corresponding signal-to-noise ratio value of each column of the bypass signal matrix W according to the obtained values; and judging the quality of the bypass signal according to the signal-to-noise ratio value corresponding to each column of the obtained bypass signal matrix W. The method and the device can accurately evaluate the quality of the bypass signal of the cipher chip to be attacked on the premise of unknown keys.

Description

A kind of signal quality evaluating method for crypto chip bypass attack
Technical field
The present invention relates to a kind of by-passing signal method for evaluating quality, specifically a kind of to be directed to crypto chip bypass attack Signal quality evaluating method.
Background technique
With the arrival of information age, the importance of information security becomes increasingly conspicuous.In order to protect information security, present information System generallys use encryption method and handles secret information.By many years research and development, the mathematics safety of cryptographic algorithm Abundant verifying has been obtained.However, cryptographic algorithm needs IC chip as realization carrier, including general micro process The forms such as device, special encryption chip are referred to as " crypto chip ".In recent years, the safety of crypto chip receives bypass Attack seriously threatens.The letter such as electric current can be consumed in integrated circuit operational process and generates electromagnetic radiation, heat radiation, light radiation Number, i.e. by-passing signal (Side Channel Signal, also referred to as side channel signal).It is demonstrated experimentally that the variation of by-passing signal with The compact internal structure of integrated circuit is related, has not only included operation correlation, but also include data dependence.Bypass attack method is just It is that the data in crypto chip ciphering process are speculated using the data dependence of by-passing signal, thus breaking cryptographic keys, A variety of cryptographic systems are successfully cracked.The implementation of bypass attack is highly dependent on the by-passing signal of crypto chip.By-passing signal matter Amount is higher, and the sample size needed is fewer, and the success rate of attack is higher, and required attack time is shorter.Conversely, the sample then needed Quantity is more, and attack is also more difficult to success.By-passing signal acquisition usually requires longer time with analysis.If by-passing signal Sampling condition is excessively poor, and the sample size for needing to acquire will greatly increase, and the time for acquiring and analyzing, which will also greatly increase, (up to be counted Hour or even a couple of days), in some instances it may even be possible to it can not success attack.Therefore, when acquiring by-passing signal, if it is possible to what is collected By-passing signal quality is assessed, and adjustment acquisition system can be determined the need for according to assessment result, and can estimate attack institute The sample size needed (according to the correlation between the related coefficient of the propositions such as Guilley and by-passing signal signal-to-noise ratio).But now There are no by-passing signal of the relevant technology to crypto chip to carry out quality evaluation.
Summary of the invention
It is an object of the invention to provide a kind of signal quality evaluating methods for crypto chip bypass attack, to solve The problem of method of quality evaluation is carried out to crypto chip by-passing signal currently not yet.
The present invention is implemented as follows: a kind of signal quality evaluating method for crypto chip bypass attack, including with Lower step:
A. random plaintext sequence is inputted to crypto chip, and is inserted into fixation according to certain mode in random plaintext sequence Plaintext sequence is with the length of machine plaintext sequence and fixed plaintext sequence is all n;
B. the by-passing signal of crypto chip is sampled, samples and obtains m by-passing signal track, in every bars track Comprising n sample point, the by-passing signal matrix W of m row n column is thus obtained;
C. by by-passing signal matrix W with behavior unit according to the insertion rule of fixed plaintext divide into fixed plaintext track with Random plaintext track, the fixation plaintext track separated is deposited into fixed plaintext group, and the random plaintext track separated is stored in Into random plaintext group;
D. the variance respectively arranged in fixed plaintext group and random plaintext group is calculated, by-passing signal square is calculated according to obtained value The corresponding snr value of each column of battle array W;
E. the quality of by-passing signal is judged according to the corresponding snr value of each column of obtained by-passing signal matrix W.
In step a, fixed plaintext sequence is inserted into using fixed intervals mode, if interval coefficient be k, every k-1 item with Machine plaintext sequence is inserted into a fixed plaintext sequence.
The fixed plaintext sequence being inserted into step a is full 0 value sequence or complete 1 value sequence.
In step a, k value appropriate is chosen according to sampling total amount, makes the fixation plaintext sequence being inserted into random plaintext sequence Number of columns is moderate, and general fixed plaintext sequence quantity is no less than 50.
In step d, the variance for organizing a certain column in plain text at random is signal entirety variance, the fixed side for organizing corresponding column in plain text Difference is noise variance, and signal entirety variance is subtracted each other with noise variance, should divided by fixed group in plain text with the absolute value of obtained difference The variance of column calculates in by-passing signal matrix W in this way to obtain the snr value of respective column in by-passing signal matrix W The snr value of each column.
In step e, if the snr value of certain data column is significantly higher than other data column in by-passing signal matrix W, Then show to reorganize in data column and significant data dependence occur, there is preferable signal quality;Otherwise, show to collect By-passing signal is second-rate, needs to adjust sampling system or the more massive by-passing signal of acquisition.
The present invention devises the mode for fixing and intersecting with random plaintext send in plain text, corresponding by fixed encryption in plain text The variance of noise is calculated in by-passing signal, is calculated by the corresponding by-passing signal of random encryption in plain text comprising data wave Dynamic and noise aliquot signal entirety variance, is calculated the signal-to-noise ratio of each signaling point later.It as a result, can be in unknown key Under the premise of the by-passing signal quality of encryption chip is assessed, and according to assessment result to by-passing signal acquisition system carry out It improves, sample size needed for bypass attack is estimated, the conventional efficient of bypass attack is improved.It simultaneously can also be according to the present invention Energy point associated with the data in crypto chip calculating process is determined, so that the implementation for subsequent bypass attack provides position and refers to Draw.
Detailed description of the invention
Fig. 1 is flow chart of the invention.
Fig. 2 is the signal-to-noise ratio variation diagram related coefficient corresponding with correct key is used being calculated using the method for the present invention Situation of change.
Specific embodiment
As shown in Figure 1, the present invention the following steps are included:
A. random plaintext sequence is inputted to crypto chip, and is inserted into fixation according to certain mode in random plaintext sequence The length of plaintext sequence, random plaintext sequence and fixed plaintext sequence is all n;
B. the by-passing signal of crypto chip is sampled, samples and obtains m by-passing signal track, in every bars track Comprising n sample point, the by-passing signal matrix W of m row n column is thus obtained;
C. by by-passing signal matrix W with behavior unit according to the insertion rule of fixed plaintext divide into fixed plaintext sequence with Random plaintext sequence, the fixation plaintext track separated is deposited into fixed plaintext group, and the random plaintext track separated is stored in Into random plaintext group;
D. the variance respectively arranged in fixed plaintext group and random plaintext group is calculated, by-passing signal square is calculated according to obtained value The corresponding snr value of each column of battle array W;
E. the quality of by-passing signal is judged according to the corresponding snr value of each column of obtained by-passing signal matrix W.
Wherein, in step a, fixed intervals mode can be used and be inserted into fixed plaintext sequence, can also be inserted using other Enter mode and is inserted into fixed plaintext sequence.When being inserted into fixed plaintext sequence using fixed intervals mode, if interval coefficient is k, often A fixed plaintext sequence is inserted into every the random plaintext sequence of k-1 item.Specifically use following process:
Total m item plaintext sequence is inputted to crypto chip in a manner mentioned above, and corresponding by-passing signal track is carried out Acquisition.
In step a, need to be inserted into fixed plaintext sequence, and common classical fixed plaintext sequence includes full 0 value sequence Or complete 1 value sequence etc..It simultaneously when being inserted into fixed plaintext sequence, needs to choose k value appropriate according to sampling total amount, make random bright The moderate number for the fixation plaintext sequence being inserted into literary sequence, general fixed plaintext sequence quantity are no less than 50.Work as insert number When measuring excessive, sampling efficiency can be reduced;When insertion quantity is too small, statistical result can be made to lose accuracy.
In step c, after obtaining by-passing signal matrix W (m row n column), it is grouped by following processes:
K value in this process is identical as the k value in step a, to distinguish the letter of bypass corresponding to fixed plaintext sequence Number and random plaintext corresponding to by-passing signal, and the by-passing signal track distinguished is grouped deposits through the above steps It puts, so as to the calculating of next step.
In step d, the variance for organizing a certain column in plain text at random is signal entirety variance, the fixed side for organizing corresponding column in plain text Difference is noise variance, and signal entirety variance is subtracted each other with noise variance, should divided by fixed group in plain text with the absolute value of obtained difference The variance of column calculates in by-passing signal matrix W in this way to obtain the snr value of respective column in by-passing signal matrix W The snr value of each column.Its detailed process is as follows:
In step e, if the snr value of certain data column is significantly higher than other data column in by-passing signal matrix W, Then show to reorganize in data column and significant data dependence occur, there is preferable signal quality;Otherwise, show to collect By-passing signal is second-rate, needs to adjust sampling system or the more massive by-passing signal of acquisition.
Basic principle of the invention is as follows:
Start with first from the composition model of crypto chip by-passing signal:
wtotal=wop+wdata+wconst+wnoise
wtotalFor the gross energy for acquiring by-passing signal, whole Normal Distribution is denoted as wtotal:Its It is made of multiple components: wopIt represents operation and relies on component, the control unit energy consumption in general corresponding circuits;wdataRepresent number According to relying on component, energy consumed by data processor in corresponding circuits.Studies have shown that for the data changed at random and Speech, the variable Normal Distribution might as well assume its obediencewconstRepresent the perseverance of holding circuit basic status Determine component;wnoiseRepresent noise component(s) comprising a variety of components such as power supply noise, clocking noise, thermal noise, quantizing noise, The whole normal distribution obeyed mean value and be 0, is denoted as
When acquiring by-passing signal, keep operation and data constant, then wop、wdataAnd wconstIt is constant.At this point, bypass letter Variance in number is mainly reflected in noise variance, i.e.,Keep operation constant, when only changing data at random, then wopAnd wconstIt remains unchanged, the variance in by-passing signal is made of data variance and noise variance two parts, simultaneously as making an uproar Sound component component associated with the data is mutually indepedent, thenIn practical by-passing signal collection process,It is unknown.ButWithIt can be by the method for the invention to sampling condition and encrypting plaintext It is controlled, to obtain the unbiased estimator of the two.δ in the present invention2Random isδ in the present invention2Const is ForAnd δ2random-δ2Const can be obtainedIt obtainsSignal-to-noise ratio can be calculated.
As shown in Fig. 2, the figure is that the signal-to-noise ratio variation diagram that method according to the present invention is calculated and use are correctly close The corresponding related coefficient variation diagram of key.By two figures of comparison it is found that the SNR value that is calculated by the method for the invention with just True key is corresponding and related coefficient has preferable consistency, demonstrates the validity of the method for the present invention.

Claims (6)

1. a kind of signal quality evaluating method for crypto chip bypass attack, which comprises the following steps:
A. random plaintext sequence is inputted to crypto chip, and is inserted into fixed plaintext according to certain mode in random plaintext sequence The length of sequence, random plaintext sequence and fixed plaintext sequence is all n;
B. the by-passing signal of crypto chip is sampled, sampling obtain m by-passing signal track, include in every bars track Thus n sample point obtains the by-passing signal matrix W of m row n column;
C. by-passing signal matrix W is divided into fixed plaintext track and random according to the insertion rule of fixed plaintext with behavior unit The fixation plaintext track separated is deposited into fixed plaintext group by plaintext track, by the random plaintext track separated be deposited into In machine plaintext group;
D. the variance respectively arranged in fixed plaintext group and random plaintext group is calculated, by-passing signal matrix W is calculated according to obtained value It is each to arrange corresponding snr value;
E. the quality of by-passing signal is judged according to the corresponding snr value of each column of obtained by-passing signal matrix W.
2. the signal quality evaluating method according to claim 1 for crypto chip bypass attack, which is characterized in that In step a, fixed plaintext sequence is inserted into using fixed intervals mode, if interval coefficient is k, every the random plaintext sequence of k-1 item It is inserted into a fixed plaintext sequence.
3. the signal quality evaluating method according to claim 1 for crypto chip bypass attack, which is characterized in that The fixed plaintext sequence being inserted into step a is full 0 value sequence or complete 1 value sequence.
4. the signal quality evaluating method according to claim 2 for crypto chip bypass attack, which is characterized in that In step a, k value appropriate is chosen according to sampling total amount, makes the fixation plaintext sequence moderate number being inserted into random plaintext sequence, General fixed plaintext sequence quantity is no less than 50.
5. the signal quality evaluating method according to claim 1 for crypto chip bypass attack, which is characterized in that In step d, the variance for organizing a certain column in plain text at random is signal entirety variance, and the fixed variance for organizing corresponding column in plain text is noise side Difference, signal entirety variance are subtracted each other with noise variance, organize the variance of the column divided by fixed plaintext with the absolute value of obtained difference, from And the snr value of respective column in by-passing signal matrix W is obtained, the noise of each column in by-passing signal matrix W is calculated in this way Ratio.
6. the signal quality evaluating method according to claim 1 for crypto chip bypass attack, which is characterized in that In step e, if the snr value of certain data column is significantly higher than other data column in by-passing signal matrix W, show to reorganize There is significant data dependence in data column, there is preferable signal quality;Otherwise, show the by-passing signal matter collected It measures poor, needs to adjust sampling system or the more massive by-passing signal of acquisition.
CN201910523740.6A 2019-06-17 2019-06-17 Signal quality evaluation method aiming at cryptographic chip bypass attack Pending CN110176970A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910523740.6A CN110176970A (en) 2019-06-17 2019-06-17 Signal quality evaluation method aiming at cryptographic chip bypass attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910523740.6A CN110176970A (en) 2019-06-17 2019-06-17 Signal quality evaluation method aiming at cryptographic chip bypass attack

Publications (1)

Publication Number Publication Date
CN110176970A true CN110176970A (en) 2019-08-27

Family

ID=67697424

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910523740.6A Pending CN110176970A (en) 2019-06-17 2019-06-17 Signal quality evaluation method aiming at cryptographic chip bypass attack

Country Status (1)

Country Link
CN (1) CN110176970A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110932841A (en) * 2019-11-27 2020-03-27 北京智慧云测信息技术有限公司 System and method for searching optimal acquisition position of electromagnetic side information

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110932841A (en) * 2019-11-27 2020-03-27 北京智慧云测信息技术有限公司 System and method for searching optimal acquisition position of electromagnetic side information

Similar Documents

Publication Publication Date Title
CN110460425B (en) Attack method and system for side channel password energy leakage signal
CN103679008B (en) A kind of efficient secure chip power consumption attack test method
WO2016049983A1 (en) User keyboard key-pressing behavior mode modeling and analysis system, and identity recognition method thereof
CN108776582B (en) Quantum tunneling effect-based true random number sequence generation method
CN106687916A (en) True random number generator
CN104636764B (en) A kind of image latent writing analysis method and its device
Phoon et al. Practical inverse approach for forecasting nonlinear hydrological time series
CN106302433A (en) A kind of network flow method of detecting watermarks based on predicting network flow and entropy and system
CN110176970A (en) Signal quality evaluation method aiming at cryptographic chip bypass attack
CN111934852A (en) AES password chip electromagnetic attack method and system based on neural network
Lu et al. An HTTP flooding detection method based on browser behavior
CN102945222A (en) Poor information measurement data gross error discrimination method based on Grey System Theory
CN112787984B (en) Vehicle-mounted network anomaly detection method and system based on correlation analysis
CN108536866A (en) The hidden key user's analysis method of microblogging based on topic entropy of transition
Crisanti et al. Fluctuation relation for weakly ergodic aging systems
CN101727308B (en) Generation method of true random number in integrated circuit
CN117688584A (en) SSD solid state disk main control chip security key generation method and system
Park et al. Analysis of entropy estimator of true random number generation using beta source
Bartmann et al. On the design of an authentication system based on keystroke dynamics using a predefined input text
Zhang et al. A highly effective DPA attack method based on genetic algorithm
KR101070368B1 (en) Apparatus for customer clustering using automatic metering data and method thereof
Tamarit et al. Quasistationary trajectories of the mean-field XY Hamiltonian model: A topological perspective
KR100994848B1 (en) Method and apparatus for high speed code acquisition in optical code division multiple access system
CN116388956B (en) Side channel analysis method based on deep learning
CN111310198B (en) Heterogeneous data privacy protection and reliability judgment method in mobile group perception

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190827

RJ01 Rejection of invention patent application after publication