CN110460425A - A kind of attack method and system towards side channelization codes energy leakage signal - Google Patents
A kind of attack method and system towards side channelization codes energy leakage signal Download PDFInfo
- Publication number
- CN110460425A CN110460425A CN201910902511.5A CN201910902511A CN110460425A CN 110460425 A CN110460425 A CN 110460425A CN 201910902511 A CN201910902511 A CN 201910902511A CN 110460425 A CN110460425 A CN 110460425A
- Authority
- CN
- China
- Prior art keywords
- energy
- key
- sub
- conjecture
- curve
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides attack method and system towards side channelization codes energy leakage signal, establishes and assumes energy consumption matrix and guessed using sub-key by energy data classification.Classification results and energy leakage curve average after data processing obtains statistical value, obtain conjecture sub-key in the circuit sectionalizer value at time point.Judge whether to traverse all conjecture sub-keys, energy datum is traversed on all time points.If completion selects maximum circuit sectionalizer value, corresponding abscissa is sub-key, it is compared with true key to judge whether encryption device is safe.The present invention does not need to do it model hypothesis in the attack process to energy leakage signal and independent of any fixation or scale model, and only the distribution characteristics by analysing energy leakage signal in different sub-key conjectures is to restore the true key of encryption device.Due to directly analyzing the distribution of leakage signal and not depending on linear measurement mode, the nonlinear characteristic of energy leakage signal can be sufficiently excavated.
Description
Technical field
The present invention relates to the analysis of side channelization codes, mathematical statistics and field of information security technology, more particularly to it is a kind of towards
The attack method and system of side channelization codes energy leakage signal.
Background technique
As shown in Figure 1, encryption device is when running cryptographic algorithm, since the energy response of cmos device always will lead to password
Equipment can leak information relevant to cryptographic algorithm, and leakage information includes but is not limited to: electromagnetic information, energy loss information, sound
Message breath etc..The above leakage information of side channelization codes analysis and utilization and in conjunction with circuit sectionalizer can succeed decryption algorithm key letter
Breath, constitutes a serious threat in actual use to encryption device.
This threat in order to prevent, encryption device are needed before being put into production by safety certification.Statistical analysis as shown in Figure 2
Module, in the prior art usually using leak detection or directly attack key in the way of relevant assessment is carried out to it, so
Can the superiority and inferiority for attacking the method (i.e. circuit sectionalizer) of key be directly related to encryption device and effectively be authenticated and encryption device
Assessment result it is whether outstanding.
Specifically, the purpose of circuit sectionalizer be analyzed jointly using conjecture key, median and actual leakage information it is close
True key in decoding apparatus.For in the side Multiple Channel Analysis method of encryption device, more commonly used at present is based on equal value difference DOM
The differential power analysis method DPA (Differential power analysis) of (Difference of mean), it is based on skin
Your inferior relative coefficient correlation energy spectrometer CPA (Correlation power analysis) and based on the template portrayed point
It analyses TA (Template attacks).
DPA is the side Multiple Channel Analysis method being suggested earliest, since primitive curve is divided into two classes and in practical operation by it
In it is simple and convenient, but it only makes it that can not give full play to all information of median to lead to efficiency ratio using the characteristics of two classification
It is relatively low.The drawbacks of correlation coefficient analysis CPA can overcome two classification of DPA to bring, however due to being analyzed in practical CPA
The energy model based on ratio has been introduced in journey so CPA is not when some cmos circuits do not meet this energy model
It is applicable in.Template attack is acknowledged as most effective means and can portray to carry out matching attack in arbitrary situation after leak model.
The premise of this attack pattern is: analyst possesses one and is used to portray with by the equipment as attack equipment, and in template
The large-scale sparse and singular matrix of matching stage, which is inverted, brings very big challenge to calculating.
So how to encryption device key carry out safety certification during not by energy model, meter
The limitation of calculation amount and equipment becomes urgent problem to be solved.
Summary of the invention
The present invention provides a kind of attack method and system towards side channelization codes energy leakage signal, to solve right
The key of encryption device carries out the problem of limitation during safety certification by energy model, calculation amount and equipment.
To achieve the goals above, technical solution of the present invention provides a kind of towards side channelization codes energy leakage signal
Attack method, comprising: collecting energy leakage signal, the median for selecting energy model and being attacked.It establishes and assumes energy consumption
Matrix is simultaneously guessed using sub-key by energy data classification, and classification results are obtained.Using AD (Anderson-Darling) to institute
It states classification results and primary energy curve carries out data processing, obtain statistical value.It averages to statistical value, obtains conjecture sub-key
In the circuit sectionalizer value at time point.Judge whether to traverse all conjecture sub-keys, if then judging whether on all time points
The energy datum is traversed, if otherwise classifying on the time point not traversed to energy datum.If traversal is completed, from several areas
Divide in device value and select maximum circuit sectionalizer value, corresponding abscissa is sub-key.To sub-key and true key be compared with
Judge whether encryption device is safe.
As a preferred embodiment of the above technical solution, preferably, collecting energy leakage signal, comprising: generate one when acquisition every time
Random data is encrypted or is decrypted to the random data, and the energy leakage curve generated when to encryption or decryption is adopted
Collection;Repeated acquisition movement, collected energy leakage matrix are energy leakage signal;Wherein, energy leakage signal includes a plurality of
Energy leakage curve, every energy leakage curve are made of positive integer time point.
As a preferred embodiment of the above technical solution, assume energy consumption matrix preferably, establishing and utilize sub-key conjecture will
Energy datum classification, obtains classification results, comprising: conjecture sub-key and clear data is chosen, according to conjecture sub-key and plaintext
Data, which are established, assumes energy consumption matrix;Classified according to hypothesis energy consumption matrix to energy datum, obtains classification results;It calculates
Complexity: O (n2Q·2BS·T);Wherein, n is the item number of energy leakage curve, and Q is the sampling precision of oscillograph, and BS is point
The block length of group password, T are sampling number included by every energy leakage curve.Wherein, energy datum is energy leakage
Data corresponding to time point on curve.
As a preferred embodiment of the above technical solution, it preferably, being classified according to hypothesis energy consumption matrix to energy datum, obtains
The classification results, comprising: according to the time point t on the primary energy curve, take t to arrange from energy leakage curve P;From vacation
If taking the corresponding row of each conjecture sub-key in energy consumption matrix;According to t column row pair corresponding with conjecture sub-key
Energy datum is classified, and classification results are obtained.
As a preferred embodiment of the above technical solution, preferably, carrying out data to classification results and primary energy curve using AD
Processing, obtains statistical value, specifically: difference of each classification results respectively with primary energy curve respective column is obtained by AD;
Wherein, each classification results obtain a difference when primary energy curve respective column is solved with it, and difference is statistical value.
As a preferred embodiment of the above technical solution, preferably, averaging to statistical value, conjecture sub-key is obtained at time point
Circuit sectionalizer value, further includes: energy datum classification is carried out to each conjecture sub-key, is obtained respectively according to its corresponding classification results
Every class statistical value;It averages to every class statistical value, obtains each conjecture sub-key in the circuit sectionalizer value at time point.
As a preferred embodiment of the above technical solution, preferably, judging whether to traverse all conjecture sub-keys, if then judging
Whether the energy datum is traversed on all time points, comprising: completed if not traversed to all conjecture sub-keys, to not
The conjecture sub-key of traversal carries out energy datum classification;It does not traverse at all time points if guessing in sub-key, is not traversing
Time point on to energy datum classify.
As a preferred embodiment of the above technical solution, preferably, being compared to sub-key and true key to judge that password is set
It is standby whether safe, comprising: to compare sub-key and true key to judge in this attack process under energy leakage matrix
Whether successful attack goes out true key.
Technical solution of the present invention additionally provides a kind of attacking system towards side channelization codes energy leakage signal, comprising:
Signal acquisition and energy model selecting unit are used for collecting energy leakage signal, select energy model, select the centre to be attacked
Value;A random data is generated when acquisition every time, random data is encrypted or is decrypted, the energy generated when to encryption or decryption
Leakage curve is acquired;Repeated acquisition movement, collected energy leakage matrix are energy leakage signal;Wherein, energy is let out
Dew letter includes a plurality of energy leakage curve, and every energy leakage curve is made of positive integer time point.
Taxon is assumed energy consumption matrix and using sub-key conjecture by energy data classification for establishing, is obtained
Classification results;Energy consumption matrix is assumed specifically for choosing and establishing according to conjecture sub-key and clear data;According to hypothesis
Energy consumption matrix classifies to energy datum, obtains classification results;Wherein, the energy datum is the signal acquisition and energy
Measure data corresponding to the time point on the energy leakage curve that model selection unit obtains.
Statistical value acquiring unit, classification results and primary energy curve for being obtained using AD to taxon are counted
According to processing, statistical value is obtained;Specifically, obtaining difference of each classification results respectively with primary energy curve respective column by AD
Value;Wherein, each classification results obtain a difference when primary energy curve respective column is solved with it, and the difference is
Statistical value.
Circuit sectionalizer value acquiring unit, the statistical value for obtaining to statistical value acquiring unit are averaged, and it is close to obtain conjecture
Circuit sectionalizer value of the key at time point;Specifically, energy datum classification is carried out to each conjecture sub-key, according to its corresponding classification
As a result every class statistical value is obtained respectively;It averages to every class statistical value, obtains each conjecture sub-key in the area at time point
Divide device value.
Ergodic judgement unit, for judge whether to all conjecture sub-keys traverse, if then judge whether sometimes
Between put it is upper the energy datum is traversed, the otherwise then conjecture sub-key progress energy datum classification to not traversing;It is also used to, if
Guess in sub-key and do not traversed at all time points, then classifies on the time point not traversed to energy datum.
Sub-key acquiring unit obtains single if completing for Ergodic judgement unit judges traversal from the circuit sectionalizer value
Maximum circuit sectionalizer value is selected in several circuit sectionalizer values that member obtains, corresponding abscissa is sub-key.
Security judgment unit, sub-key and true key for obtaining to sub- key acquiring unit are compared to sentence
Breaking in this attack process, whether successful attack goes out true key under the energy leakage matrix, if otherwise judging encryption device
Safety.
As a preferred embodiment of the above technical solution, preferably, taxon includes: that column obtain subelement, for according to
Time point t on primary energy curve takes t to arrange from energy leakage curve P.Row obtains subelement, is used for from the hypothesis energy
The corresponding row of each conjecture sub-key is taken in amount absorption matrix.Classification results obtain subelement, for obtaining son according to column
The t columns and rows that unit obtains obtain the corresponding row of conjecture sub-key that subelement obtains and classify to the energy datum,
Obtain the classification results.
Technical solution of the present invention provides a kind of attack method towards side channelization codes energy leakage signal and is, acquires
Energy leakage signal selects energy model;It establishes and assumes energy consumption matrix and guessed using sub-key by energy data classification.
Data processing is carried out to classification results and primary energy curve, is averaged after obtaining statistical value to it, conjecture sub-key is obtained and exists
The circuit sectionalizer value at time point.Judge whether to traverse all conjecture sub-keys, if to energy datum time on all time points
It goes through, energy datum classification otherwise is carried out to the conjecture sub-key not traversed;If traversal is completed, selected most from several circuit sectionalizer values
Big circuit sectionalizer value, corresponding abscissa are sub-key.Sub-key and true key are compared to judge that encryption device is
No safety.
The present invention provides by distribution characteristics of the analysing energy leakage signal in different sub-key conjecture with
Recover the private key of encryption device.The present invention is readily applicable to independent of any fixed model or scale model
" cluster " (Cluster) model in the Multiple Channel Analysis of side.In addition, the present invention is disobeyed due to being the direct distribution for analyzing leakage signal
Any linear measurement mode of Lai Yu, it is possible to sufficiently excavate the nonlinear characteristic of energy leakage signal.Compared with prior art,
Good effect of the present invention are as follows: to not needing to do leakage signal any model hypothesis in the attack process of energy leakage signal,
Independent of scale model, and universal model can be extended to;Secondly, directly dividing based on leakage signal Statistical Distribution Characteristics
Analysis significantly more efficient can utilize leakage signal and reduce information loss.Further, method complexity of the invention is O (n
2Q·2BST), linear with used energy curve item number n, technical solution of the present invention is apparent from complexity
It is low, the small advantage of calculation amount.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to make one simply to introduce, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the side channel leakage signal schematic representation that encryption device described in background technique generates.
Fig. 2 is circuit sectionalizer schematic diagram.
Fig. 3 is that a kind of process that the attack method embodiment towards side channelization codes energy leakage signal provides of the present invention is shown
It is intended to one.
Fig. 4 is that a kind of process that the attack method embodiment towards side channelization codes energy leakage signal provides of the present invention is shown
It is intended to two.
Fig. 5 is the flow diagram of step 206 in Fig. 4.
Fig. 6 is primary energy curve.
Fig. 7 is the attack result figure of technical solution of the present invention.
Fig. 8 is a kind of structural schematic diagram of the attacking system towards side channelization codes energy leakage signal of the present invention.
Fig. 9 is the structural schematic diagram of taxon in Fig. 8.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Fig. 3 is flow diagram one provided in an embodiment of the present invention, for summarizing technical solution of the present invention, is such as schemed
Shown in 3:
Step 101, collecting energy leakage signal, the median for selecting energy model and being attacked.
A random data is generated when acquisition every time, random data is encrypted or is decrypted, acquisition is encrypted or produced when decrypting
Raw energy leakage curve.Repeated acquisition movement, collected energy leakage matrix are energy leakage signal.
Wherein, energy leakage signal includes a plurality of energy leakage curve, and every energy leakage curve is by several time points group
At.
Step 102 is established and assumes energy consumption matrix and guessed using sub-key by energy data classification.
Conjecture sub-key and clear data are chosen, is established according to conjecture sub-key and clear data and assumes energy consumption square
Battle array.Classified according to hypothesis energy consumption matrix to energy datum, obtains classification results.
It is specific: based on the time point t on primary energy curve, t to be taken to arrange from energy leakage curve P.From hypothesis energy
The corresponding row of conjecture sub-key is taken in amount absorption matrix;Energy datum is carried out according to t column row corresponding with conjecture sub-key
Classification.
Wherein, the energy datum is data corresponding to the time point on energy leakage curve.
Step 103 carries out data processing to the classification results and primary energy curve using AD, obtains statistical value.
Each classification results difference with primary energy curve respective column respectively is obtained by AD (Anderson-Darling)
Value.Wherein, each classification results obtain a difference when primary energy curve respective column is solved with it, and difference is statistics
Value.
Step 104 averages to statistical value, obtains conjecture sub-key in the circuit sectionalizer value at time point.
Energy datum classification is carried out to each conjecture sub-key, obtains the system of every class respectively according to its corresponding classification results
Evaluation.It averages to these statistical values, obtains each conjecture sub-key in the circuit sectionalizer value at time point.
Step 105 judges whether to traverse all conjecture sub-keys, if it is not, return step 102 is to conjecture not traversed
Key carries out energy datum classification.
Step 106 judges whether to traverse energy datum on all time points, if it is not, return step 102 is not traversing
Time point on to energy datum classify.
If step 107 traverses the energy datum on all time points and completes, selected from several circuit sectionalizer values maximum
Circuit sectionalizer value, corresponding abscissa are sub-key.
Step 108 is compared the sub-key and true key to judge whether encryption device is safe.
Sub-key and true key are compared with judge in this attack process under the energy leakage matrix whether
Successful attack goes out true key.
Technical solution of the present invention is described in detail in a current specific embodiment, the flow chart of declarative procedure such as Fig. 4 institute
Show:
For attacking AES-128 key, intermediate state data and key length are 8 bits.
Step 201, collecting energy leakage signal.
A random data m is randomly generated in the AES key of fixed password equipment every timei, using encryption device to miIt carries out
The corresponding energy leakage curve P with time change of encryption acquisitioni, to miIt carries out an encryption or decryption is primary, oscillograph acquisition adds
Close or decrypting process energy leakage curve Pi.It repeats to generate random number repetition n times, oscillograph acquires all encrypting and decrypting processes
Energy leakage curve P, obtain corresponding energy leakage matrix P ∈ RN×T.Wherein, every energy leakage curve is by several
Time point T composition.
Step 202, the selection intermediate value function f and energy model PM (Power Model) to be attacked.
Intermediate value function f can be the value that can be speculated by plaintext or by the presumable value of ciphertext.Due to ADSD not base
In any scale model, so being only required to be a kind of disaggregated model herein, this disaggregated model can be according to the cluster side of priori
Method obtains, and can also be generated according to general Hamming weight model or Hamming distance model, it might even be possible to be produced by bit model
It is raw.
Energy model PM can be it is any it is significant on classification " cluster " (Cluster) model be also possible to least significant bit
Bit model, be not limited to traditional Hamming weight model and Hamming distance model.
Clear data M is mapped to hypothesis energy consumption, and compares all sub-keys of output with primary energy curve
The circuit sectionalizer value of conjecture:
The nonlinear change of the AES-128 first round is selected to export as the point of attack and Hamming weight model (Hamming
Weight, HW) it is energy model, specific attack process is described as follows:
Step 203 takes key conjecture value g and i-th of clear data M [i].g(0≤g≤255)
Step 204 establishes the hypothesis energy consumption matrix H P that size is 256*N.
Energy consumption matrix is assumed specifically, establishing according to key the conjecture value g and clear data M [i] in step 203
HP repeats each key conjecture g (0≤g≤255) to take i (1≤i≤N), later, for i (1≤i≤N), repeats following
It calculates:
It calculatesHP is indicated are as follows:
Wherein, the number of g is limited, M [i] (1≤i≤N).
Step 205 generates the circuit sectionalizer value matrix ds that size is 256*T', wherein T'< T.
For each key conjecture value g (0≤g≤255), repeat the above steps.
Computation complexity: O (n2Q·2BST), wherein n represents the item number that collecting energy reveals curve, and Q is oscillograph
Sampling precision, BS represents the block length of block cipher, and T represents the sampling number that every curve is included, it can be seen that, this
Inventive technique scheme is that n is linear numerical, and the complexity for being apparent from technical solution of the present invention is low.
Step 206 classifies to energy datum according to hypothesis energy consumption matrix H P.
Wherein, energy datum is data corresponding to each time point on energy leakage curve.For each sub-key
Energy leakage plot P is divided into several classifications by key conjecture value g, is utilized instruments of inspection AD (Anderson Darling) point
The distribution difference of these classifications and primary energy curve is not calculated, and is averaged the differentiation of the candidate value as current sub-key
Device value ds (DistinguisherScore)
Step 206 is further described, as shown in Figure 5:
Step 2061, to the time point t on primary energy curve, the sampling P [:] [t] that takes t to arrange from energy leakage curve
(energy datum).
For example, time point is if t1Take t1Arrange P [:] [t1], if t2Take t2Arrange P [:] [t2] ... if tnTnArrange P
[:][tn]。
Step 2062 takes the corresponding row HP [g] [:] of each key conjecture value g from HP [g] [i].
Such as: g1Under conjecture, it is assumed that energy datum is HP [g1] [:], g2Under conjecture, it is assumed that energy datum is HP [g2]
[:]…gnUnder conjecture, it is assumed that energy datum is HP [gn][:]。
Step 2063 classifies to P [:] [t] according to HP [g] [:].
Specifically, P [:] [t] is divided into 9 class P using the g row HP [g] [:] of hypothesis energy consumption1,...,P9, this is
Classification results.
Step 2064, merging point result and P [:] [t] obtain sequence Y.
Step 207, the statistical value that all categories z and primary energy curve are found out using AD.
Specifically, P1Merging with P [:] [t] then can solve st [1], P using formula2Merge then benefit with P [:] [t]
St [2] can be solved with formula, and so on, PzMerging with P [:] [t] then can solve st [z] using formula.
Statistical value:
Wherein, each statistical value st [i] is solved.Wherein YtIt represents after merging the classification divided and primary energy curve
Element number less than or equal to small t-th, the classification P that behalf dividesiElement number.For all j (1≤j≤9), weight
It is multiple to calculate.
Step 208 is averaged after summing to above-mentioned statistical value.
Mean value is assigned to current key conjecture value g in the circuit sectionalizer value of current location t by step 209:
Ds [g] [t] is the average value of above-mentioned st.
Step 210 repeats 206 to 209 and obtains the circuit sectionalizer value ds of all key conjecture value g.
Step 211 judges whether to complete conjecture sub-key g traversal, and return step 206 is to conjecture not traversed if not
Key carries out energy datum classification.
Step 212 judges whether to traverse energy datum on all time points, and return step 206 is not traversing if not
Time point on to energy datum classify.
Step 213 selects obtained all circuit sectionalizer values according to maximum principle, and maximum circuit sectionalizer value is corresponding
Abscissa is sub-key.
The corresponding abscissa of the maximum value for the circuit sectionalizer matrix for taking above-mentioned steps to obtain is that this attacks obtained sub-key.
Step 214 is compared sub-key and true key to judge whether encryption device is safe.
It may determine that this time attack energy leakage in energy leakage matrix specifically, sub-key and original cipher key are compared
Whether successful attack goes out key in the case that curved line number is N.For each N, repeated acquisition repeats to attack according to above-mentioned steps
Available present invention success rate curve graph relevant to N.
The present invention also provides a kind of attacking systems towards side channelization codes energy leakage signal, and structural schematic diagram is as schemed
Shown in 8, comprising:
Signal acquisition and energy model selecting unit 71 are used for collecting energy leakage signal, select energy model, and selection is wanted
The median of attack;A random data is generated when acquisition every time, the random data is encrypted or decrypted, to encryption or solution
The energy leakage curve generated when close is acquired;Repeated acquisition movement, collected energy leakage matrix are that the energy is let out
Reveal signal;Wherein, the energy leakage letter includes a plurality of energy leakage curve, and every energy leakage curve is by positive integer
Time point composition.
Taxon 72 is assumed energy consumption matrix and using sub-key conjecture by energy data classification for establishing, is obtained
To classification results.Energy consumption matrix is assumed specifically for choosing and establishing according to conjecture sub-key and clear data;According to vacation
If energy consumption matrix classifies to energy datum, classification results are obtained;Wherein, energy datum is signal acquisition and energy model
Data corresponding to the time point on energy leakage curve that selecting unit 71 obtains.
Statistical value acquiring unit 73, classification results and energy curve for being obtained using AD to taxon 72 are counted
According to processing, statistical value is obtained;Specifically, obtaining difference of each classification results respectively with the energy curve respective column by AD
Value;Wherein, each classification results obtain a difference when energy curve respective column is solved with it, and the difference is described
Statistical value.
Circuit sectionalizer value acquiring unit 74, the statistical value for obtaining to statistical value acquiring unit 73 are averaged, are guessed
Circuit sectionalizer value of the sub-key at time point;Specifically, energy datum classification is carried out to each conjecture sub-key, it is corresponding according to its
Classification results obtain every class statistical value respectively;It averages to every class statistical value, obtains each conjecture sub-key in the institute at time point
State circuit sectionalizer value.
Ergodic judgement unit 75 traverses all conjecture sub-keys for judging whether, if then judging whether all
The energy datum is traversed on time point, otherwise returns to taxon 72, energy number is carried out to the conjecture sub-key not traversed
According to classification;It is also used to, if not traversing at all time points in conjecture sub-key, returns to taxon 72 in the time not traversed
Classify on point to energy datum.
Sub-key acquiring unit 76 obtains single if completing for the judgement traversal of Ergodic judgement unit 75 from circuit sectionalizer value
Maximum circuit sectionalizer value is selected in several circuit sectionalizer values that member 74 obtains, corresponding abscissa is sub-key.
Security judgment unit 77, sub-key and true key for obtaining to sub- key acquiring unit 76 are compared
To judge whether successful attack goes out true key under energy leakage matrix in this attack process, if otherwise judging encryption device
Safety.
As shown in figure 8, taxon 72 includes:
Column obtain subelement 81, for taking t from energy leakage curve P according to the time point t on primary energy curve
Column.
Row obtains subelement 82, for taking the corresponding row of each conjecture sub-key from hypothesis energy consumption matrix.
Classification results obtain subelement 83, obtain subelement for obtaining the t columns and rows that subelement 81 obtains according to column
The 82 corresponding rows of conjecture sub-key obtained classify to energy datum, obtain classification results.
Technical solution of the present invention provides a kind of attack method towards side channelization codes energy leakage signal and is, acquires
Energy leakage signal selects energy model;It establishes and assumes energy consumption matrix and guessed using sub-key by energy data classification.
Data processing is carried out to classification results and primary energy curve, is averaged after obtaining statistical value to it, conjecture sub-key is obtained and exists
The circuit sectionalizer value at time point.Judge whether to traverse all conjecture sub-keys, if to energy datum time on all time points
It goes through, energy datum classification otherwise is carried out to the conjecture sub-key not traversed;If traversal is completed, selected most from several circuit sectionalizer values
Big circuit sectionalizer value, corresponding abscissa are sub-key.Sub-key and true key are compared to judge that encryption device is
No safety.
The present invention provides by distribution characteristics of the analysing energy leakage signal in different sub-key conjecture with
Recover the private key of encryption device.The present invention is readily applicable to independent of any fixed model or scale model
" cluster " (Cluster) model in the Multiple Channel Analysis of side.In addition, the present invention is disobeyed due to being the direct distribution for analyzing leakage signal
Any linear measurement mode of Lai Yu, it is possible to sufficiently excavate the nonlinear characteristic of energy leakage signal.Compared with prior art,
Good effect of the present invention are as follows: to not needing to do leakage signal any model hypothesis in the attack process of energy leakage signal,
Independent of scale model, and universal model can be extended to;Secondly, directly dividing based on leakage signal Statistical Distribution Characteristics
Analysis significantly more efficient can utilize leakage signal and reduce information loss.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of attack method towards side channelization codes energy leakage signal, which is characterized in that the described method includes:
Collecting energy leakage signal, the median for selecting energy model and being attacked;
It establishes and assumes energy consumption matrix and guessed using sub-key by energy data classification, obtain classification results;
Data processing is carried out to the classification results and primary energy curve using AD, obtains statistical value;
It averages to the statistical value, obtains conjecture sub-key in the circuit sectionalizer value at time point;
Judge whether to traverse all conjecture sub-keys, if then judging whether on all time points to the energy datum time
It goes through, if otherwise classifying on the time point not traversed to energy datum;
It is completed if being traversed on all time points to the energy datum, maximum circuit sectionalizer is selected from several circuit sectionalizer values
Value, corresponding abscissa are sub-key;
The sub-key and true key are compared to judge whether encryption device is safe.
2. the attack method according to claim 1 towards side channelization codes energy leakage signal, which is characterized in that described
Collecting energy leakage signal, comprising:
A random data is generated when acquisition every time, the random data is encrypted or decrypted, is generated when to encryption or decryption
Energy leakage curve be acquired;
Repeated acquisition movement, collected energy leakage matrix are the energy leakage signal;
Wherein, the energy leakage signal includes a plurality of energy leakage curve, and every energy leakage curve is by positive integer
Time point composition.
3. the attack method according to claim 2 towards side channelization codes energy leakage signal, which is characterized in that described
It establishes and assumes energy consumption matrix and guessed using sub-key by energy data classification, obtain classification results, comprising:
Conjecture sub-key and clear data are chosen, is established according to the conjecture sub-key and the clear data and assumes energy consumption
Matrix;
Classified according to the hypothesis energy consumption matrix to energy datum, obtains the classification results;
Computation complexity: O (n2Q·2BS·T);
Wherein, n is the item number of the energy leakage curve, and Q is the sampling precision of oscillograph, and BS is that the grouping of block cipher is long
Degree, T are sampling number included by every energy leakage curve;Wherein, the energy datum is, on the energy leakage curve
Time point corresponding to data.
4. the attack method according to claim 3 towards side channelization codes energy leakage signal, which is characterized in that described
Classified according to the hypothesis energy consumption matrix to energy datum, obtain the classification results, comprising:
According to the time point t on the primary energy curve, t is taken to arrange from energy leakage curve P;
The corresponding row of each conjecture sub-key is taken from the hypothesis energy consumption matrix;
Row corresponding with the conjecture sub-key is arranged according to the t to classify to the energy datum, obtains the classification
As a result.
5. the attack method according to claim 1 towards side channelization codes energy leakage signal, which is characterized in that described
Data processing is carried out to the classification results and primary energy curve using AD, obtains statistical value, specifically:
Difference of each classification results respectively with the primary energy curve respective column is obtained by AD;
Wherein, each classification results obtain a difference, the difference when primary energy curve respective column is solved with it
For the statistical value.
6. the attack method towards side channelization codes energy leakage signal according to claim 4 and 5, which is characterized in that
It is described to average to the statistical value, conjecture sub-key is obtained in the circuit sectionalizer value at time point, further includes:
Energy datum classification is carried out to each conjecture sub-key, obtains every class statistical value respectively according to its corresponding classification results;
It averages to every class statistical value, obtains each conjecture sub-key in the circuit sectionalizer value at time point.
7. the attack method according to claim 1 towards side channelization codes energy leakage signal, which is characterized in that described
Judge whether to traverse all conjecture sub-keys, if then judging whether to traverse the energy datum on all time points,
Otherwise energy datum classification then is carried out to the conjecture sub-key not traversed;, comprising:
If not completing to all conjecture sub-key traversals, energy datum classification is carried out to the conjecture sub-key not traversed;
It does not traverse at all time points if guessing in sub-key, classifies on the time point not traversed to energy datum.
8. the attack method according to claim 2 towards side channelization codes energy leakage signal, which is characterized in that described
The sub-key and true key are compared to judge whether encryption device is safe, comprising:
The sub-key and true key are compared with judge in this attack process under the energy leakage matrix whether
Successful attack goes out true key.
9. a kind of attacking system towards side channelization codes energy leakage signal, can be realized according to claims 1-8
A kind of method, comprising:
Signal acquisition and energy model selecting unit are used for collecting energy leakage signal, select energy model, what selection to be attacked
Median;A random data is generated when acquisition every time, the random data is encrypted or decrypted, is produced when to encryption or decryption
Raw energy leakage curve is acquired;Repeated acquisition movement, collected energy leakage matrix are the energy leakage signal;
Wherein, the energy leakage signal includes a plurality of energy leakage curve, and every energy leakage curve is by the positive integer time
Point composition;
Taxon assumes energy consumption matrix and using sub-key conjecture by energy data classification for establishing, is classified
As a result;Energy consumption matrix is assumed specifically for choosing and establishing according to conjecture sub-key and clear data;According to the hypothesis
Energy consumption matrix classifies to energy datum, obtains the classification results;Wherein, the energy datum is the signal acquisition
And data corresponding to the time point on the energy leakage curve of energy model selecting unit acquisition;
Statistical value acquiring unit, classification results and primary energy curve for being obtained using AD to the taxon are counted
According to processing, statistical value is obtained;Specifically, it is corresponding with the primary energy curve respectively to obtain each classification results by AD
The difference of column;Wherein, each classification results obtain a difference when primary energy curve respective column is solved with it, described
Difference is the statistical value;
Circuit sectionalizer value acquiring unit, the statistical value for obtaining to the statistical value acquiring unit are averaged, and it is close to obtain conjecture
Circuit sectionalizer value of the key at time point;Specifically, energy datum classification is carried out to each conjecture sub-key, according to its corresponding classification
As a result every class statistical value is obtained respectively;It averages to every class statistical value, obtains each conjecture sub-key in the institute at time point
State circuit sectionalizer value;
Ergodic judgement unit traverses all conjecture sub-keys for judging whether, if then judging whether at all time points
On the energy datum is traversed, if otherwise carrying out energy datum classification to the conjecture sub-key that does not traverse;It is also used to, if conjecture
It does not traverse, then classifies to energy datum on the time point not traversed at all time points in sub-key;
Sub-key acquiring unit obtains if completing for Ergodic judgement unit judges traversal from the circuit sectionalizer value acquiring unit
Maximum circuit sectionalizer value is selected in several circuit sectionalizer values taken, corresponding abscissa is sub-key;
Security judgment unit, sub-key and true key for obtaining to the sub-key acquiring unit are compared to sentence
Breaking in this attack process, whether successful attack goes out true key under the energy leakage matrix, if otherwise judging encryption device
Safety.
10. the attacking system according to claim 9 towards side channelization codes energy leakage signal, the taxon packet
It includes:
Column obtain subelement, for taking t to arrange from energy leakage curve P according to the time point t on the primary energy curve;
Row obtains subelement, for taking the corresponding row of each conjecture sub-key from the hypothesis energy consumption matrix;
Classification results obtain subelement, obtain for obtaining the t columns and rows acquisition subelement that subelement obtains according to the column
The corresponding row of the conjecture sub-key classify to the energy datum, obtain the classification results.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910902511.5A CN110460425B (en) | 2019-09-24 | 2019-09-24 | Attack method and system for side channel password energy leakage signal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910902511.5A CN110460425B (en) | 2019-09-24 | 2019-09-24 | Attack method and system for side channel password energy leakage signal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110460425A true CN110460425A (en) | 2019-11-15 |
| CN110460425B CN110460425B (en) | 2023-05-09 |
Family
ID=68492600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910902511.5A Active CN110460425B (en) | 2019-09-24 | 2019-09-24 | Attack method and system for side channel password energy leakage signal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110460425B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110932841A (en) * | 2019-11-27 | 2020-03-27 | 北京智慧云测信息技术有限公司 | System and method for searching optimal acquisition position of electromagnetic side information |
| CN111211886A (en) * | 2020-04-20 | 2020-05-29 | 成都信息工程大学 | Energy analysis detection method for SM2 decryption algorithm |
| CN111351992A (en) * | 2020-02-20 | 2020-06-30 | 南方电网科学研究院有限责任公司 | Chip security assessment method based on electromagnetic side channel analysis and related device |
| CN111614459A (en) * | 2020-05-29 | 2020-09-01 | 上海交通大学 | Side channel analysis method for BLE key negotiation protocol |
| CN112287354A (en) * | 2020-10-29 | 2021-01-29 | 天津津航计算技术研究所 | Bypass attack simulation system of password chip |
| CN112769540A (en) * | 2021-01-11 | 2021-05-07 | 广东技术师范大学 | Method, system, equipment and storage medium for diagnosing side channel information leakage |
| CN114614966A (en) * | 2022-02-21 | 2022-06-10 | 南京航空航天大学 | Side channel analysis method for sparse polynomial multiplication in LAC scheme |
| CN115250172A (en) * | 2022-09-22 | 2022-10-28 | 千纳微电子技术(南通)有限公司 | Side channel protection method and system under dynamic frequency switching |
| CN115270204A (en) * | 2022-09-28 | 2022-11-01 | 南方电网数字电网研究院有限公司 | Detection method, system, storage medium and equipment for chip circuit information leakage |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2014006484A (en) * | 2012-06-27 | 2014-01-16 | Tokai Rika Co Ltd | Side-channel evaluation device and side-channel evaluation method |
| CN106156615A (en) * | 2016-06-21 | 2016-11-23 | 上海观源信息科技有限公司 | Based on class separability sentence away from bypass circuit sectionalizer method and system |
| CN108604981A (en) * | 2015-12-11 | 2018-09-28 | 巴黎矿业电信学院 | Method and apparatus for estimating secret value |
| US20180323958A1 (en) * | 2017-05-03 | 2018-11-08 | Seagate Technology, Llc | Defending against a side-channel information attack in a data storage device |
-
2019
- 2019-09-24 CN CN201910902511.5A patent/CN110460425B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2014006484A (en) * | 2012-06-27 | 2014-01-16 | Tokai Rika Co Ltd | Side-channel evaluation device and side-channel evaluation method |
| CN108604981A (en) * | 2015-12-11 | 2018-09-28 | 巴黎矿业电信学院 | Method and apparatus for estimating secret value |
| CN106156615A (en) * | 2016-06-21 | 2016-11-23 | 上海观源信息科技有限公司 | Based on class separability sentence away from bypass circuit sectionalizer method and system |
| US20180323958A1 (en) * | 2017-05-03 | 2018-11-08 | Seagate Technology, Llc | Defending against a side-channel information attack in a data storage device |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110932841A (en) * | 2019-11-27 | 2020-03-27 | 北京智慧云测信息技术有限公司 | System and method for searching optimal acquisition position of electromagnetic side information |
| CN111351992B (en) * | 2020-02-20 | 2022-08-02 | 南方电网科学研究院有限责任公司 | Chip security assessment method based on electromagnetic side channel analysis and related device |
| CN111351992A (en) * | 2020-02-20 | 2020-06-30 | 南方电网科学研究院有限责任公司 | Chip security assessment method based on electromagnetic side channel analysis and related device |
| CN111211886B (en) * | 2020-04-20 | 2020-07-14 | 成都信息工程大学 | Energy analysis detection method for SM2 decryption algorithm |
| CN111211886A (en) * | 2020-04-20 | 2020-05-29 | 成都信息工程大学 | Energy analysis detection method for SM2 decryption algorithm |
| CN111614459A (en) * | 2020-05-29 | 2020-09-01 | 上海交通大学 | Side channel analysis method for BLE key negotiation protocol |
| CN111614459B (en) * | 2020-05-29 | 2021-08-06 | 上海交通大学 | Side channel analysis method for BLE key negotiation protocol |
| CN112287354A (en) * | 2020-10-29 | 2021-01-29 | 天津津航计算技术研究所 | Bypass attack simulation system of password chip |
| CN112769540A (en) * | 2021-01-11 | 2021-05-07 | 广东技术师范大学 | Method, system, equipment and storage medium for diagnosing side channel information leakage |
| CN112769540B (en) * | 2021-01-11 | 2023-05-05 | 广东技术师范大学 | Diagnosis method, system, equipment and storage medium for side channel information leakage |
| CN114614966A (en) * | 2022-02-21 | 2022-06-10 | 南京航空航天大学 | Side channel analysis method for sparse polynomial multiplication in LAC scheme |
| CN115250172A (en) * | 2022-09-22 | 2022-10-28 | 千纳微电子技术(南通)有限公司 | Side channel protection method and system under dynamic frequency switching |
| CN115250172B (en) * | 2022-09-22 | 2022-12-27 | 千纳微电子技术(南通)有限公司 | Method and system for protecting side channel under dynamic frequency switching |
| CN115270204A (en) * | 2022-09-28 | 2022-11-01 | 南方电网数字电网研究院有限公司 | Detection method, system, storage medium and equipment for chip circuit information leakage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110460425B (en) | 2023-05-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110460425A (en) | A kind of attack method and system towards side channelization codes energy leakage signal | |
| Zhang et al. | An efficient image encryption scheme based on S-boxes and fractional-order differential logistic map | |
| CN103166752B (en) | Round function is selected to be the application that object of attack carries out the channel energy analysis of SM4 cryptographic algorithm side | |
| Boriga et al. | A new fast image encryption scheme based on 2D chaotic maps | |
| CN108604981B (en) | Method and apparatus for estimating secret value | |
| CN103227717B (en) | The input of round key XOR is selected to carry out the method that SM4 cryptographic algorithm side channel energy is analyzed | |
| CN107508678A (en) | The side-channel attack method of RSA masks defence algorithm based on machine learning | |
| CN103530474A (en) | AES (advanced encryption standard) algorithm circuit oriented method for testing differential power attack | |
| CN104978363B (en) | The detection method and system of a kind of Encryption Algorithm | |
| CN104836666A (en) | Power analysis attack method for SM2 decryption algorithm | |
| Toktas et al. | A robust bit-level image encryption based on Bessel map | |
| CN113806781B (en) | 2D-LCLM-based energy Internet data packet encryption method | |
| CN104796250A (en) | Side channel attack method for implementation of RSA (Rivest, Shamir and Adleman) cipher algorithms M-ary | |
| Fei et al. | An image encryption algorithm based on mixed chaotic dynamic systems and external keys | |
| Shao et al. | Chaotic image encryption using piecewise-logistic-sine map | |
| CN116073988A (en) | Hybrid denoising-based method for detecting energy analysis attack resistance | |
| CN104780051A (en) | Side channel attack method for SM2 public key cryptography encryption algorithm | |
| CN111934852A (en) | AES password chip electromagnetic attack method and system based on neural network | |
| CN106156615B (en) | Based on class separability sentence away from bypass circuit sectionalizer method and system | |
| Hu et al. | An effective differential power attack method for advanced encryption standard | |
| Kim et al. | Image-based anomaly detection technique: algorithm, implementation and effectiveness | |
| CN108155984B (en) | Reverse engineering analysis method for cryptographic algorithm cluster based on energy analysis | |
| CN105897401B (en) | General differential power consumption analysis method and system based on bit | |
| CN106357378A (en) | Key detection method applied to SM2 signature and system thereof | |
| Babu et al. | Higher dimensional chaos for Audio encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |