CN112287354A - Bypass attack simulation system of password chip - Google Patents
Bypass attack simulation system of password chip Download PDFInfo
- Publication number
- CN112287354A CN112287354A CN202011186957.1A CN202011186957A CN112287354A CN 112287354 A CN112287354 A CN 112287354A CN 202011186957 A CN202011186957 A CN 202011186957A CN 112287354 A CN112287354 A CN 112287354A
- Authority
- CN
- China
- Prior art keywords
- bypass
- bypass leakage
- curve
- leakage
- leakage information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/30—Circuit design
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computing Systems (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Evolutionary Computation (AREA)
- Geometry (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention belongs to the technical field of security testing, and particularly relates to a bypass attack simulation system of a cryptographic chip. The bypass attack simulation system comprises: a system configuration module, a simulator and an analyzer; the invention adopts the idea of software and hardware collaborative design, and designs a simulation evaluation scheme of bypass attack by a method of separating a leakage simulation mechanism and a security analysis strategy. The simulation realization and the analysis of the bypass leakage are separated, and the bypass leakage is packaged by adopting a component technology, so that the method has stronger flexibility. Different bypass leakage information and attack strategies can be added into the environment in a component mode, so that a tester can flexibly select test data and an analysis strategy according to test requirements, and the bypass attack can be simulated and analyzed in the design stage of the cryptographic chip.
Description
Technical Field
The invention belongs to the technical field of security testing, and particularly relates to a bypass attack simulation system of a cryptographic chip.
Background
The bypass attack is a security test method, namely, existing security holes (or cracking secrets) are found through testing leakage information of a password chip. The analysis method needs the support of a corresponding bypass simulation tool, namely, the simulation technology is used for simulating bypass leakage information when the cryptographic chip runs in the design stage.
The test methods of the bypass attack can be divided into two categories: the method comprises a bypass attack test method in the later stage of chip production and a bypass attack test method in the chip design stage.
The method for analyzing the bypass attack in the later stage of chip production is a commonly used method and is mainly characterized in that the safety of the bypass attack is tested and analyzed after the chip is produced, and the main test object is a produced chip product. The analysis method has the problems that the safety test period is long, errors are easy to occur, the performance of the defense method cannot be checked in the early stage of design, and the like, can generate a series of negative influences on the safety test of the bypass attack to a certain extent, and directly influences the time of the product on the market.
The method for testing the security of the bypass attack at the later stage of the production of the password chip becomes the bottleneck in the process of developing the password chip. In order to alleviate this contradiction, it is necessary to perform test analysis on the security of the bypass attack in the design stage of the cryptographic chip to improve the security test efficiency, so that part of the security hidden troubles can be detected by the designer at the initial stage of design.
Disclosure of Invention
Technical problem to be solved
The technical problem to be solved by the invention is as follows: the bypass attack is a powerful physical security analysis method, the security evaluation of the bypass attack of the cryptographic chip is generally carried out at the later stage of production, but the security evaluation of the bypass attack at the later stage of production has the defects of time consumption, easy error, high cost and the like. In order to improve efficiency, it is necessary to perform bypass attack security evaluation in the design phase, which needs to be supported by a corresponding bypass simulation tool. Aiming at the characteristic that the bypass attack needs corresponding support of a bypass simulation tool, a design scheme of a bypass attack simulation environment needs to be provided.
(II) technical scheme
In order to solve the above technical problem, the present invention provides a bypass attack simulation system for a cryptographic chip, the bypass attack simulation system comprising: a system configuration module, a simulator and an analyzer;
the system configuration module is used for setting the initial operating environment of the simulator module and the analyzer module according to the parameters input by the user;
the simulator is used for running an algorithm program on a virtual hardware platform, establishing a bypass leakage information database according to a pre-established bypass information leakage model, analyzing an encryption algorithm instruction selected from a password algorithm library and generating a corresponding bypass leakage curve;
the analyzer is used for analyzing the bypass leakage curve, taking a bypass leakage information file with a unified format of a bypass leakage information database as input, not being limited by a data source of the bypass leakage curve, carrying out early-stage processing on the bypass leakage information generated by the simulator or the bypass leakage information measured from real physical equipment, calculating an average bypass leakage curve according to the selected discrimination function diversity, and drawing a curve graph.
The system configuration module uses two data structures to respectively cache configuration parameters input from a user interface, and then respectively generates an initialization configuration file simulator. ini of the simulator and an initialization configuration file analyzer. ini of the analyzer according to the configuration parameters.
Wherein the simulator comprises: the system comprises a cryptographic algorithm library, a bypass leakage analysis submodule, a bypass information generation submodule and a curve drawing module;
the bypass information generation submodule is used for establishing a bypass leakage information database according to a pre-established bypass information leakage model;
the bypass leakage analysis submodule is used for establishing a mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic according to the encryption algorithm instruction in the cryptographic algorithm library and the bypass leakage information characteristic in the bypass leakage information database;
and the curve drawing module is used for comprehensively analyzing the established bypass leakage information database and the mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic, and drawing and generating a bypass leakage curve corresponding to the whole operation process of the cryptographic algorithm.
The bypass leakage analysis submodule establishes a mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic according to the encryption algorithm instruction in the cryptographic algorithm library and the bypass leakage information characteristic in the bypass leakage information database, and comprises the following steps:
the characteristics of bypass leakage information and an encryption algorithm instruction in a machine instruction form have a close relationship, and the leaked information is different when different machine instructions are executed; even if the same machine instruction exists, the bypass leakage information characteristics are different when the operation data are different; in order to establish the relation between the encryption algorithm instruction and the bypass leakage information characteristic, firstly, a compiling tool is utilized to compile the encryption algorithm instruction to generate an optimized machine instruction code; the machine instructions are then used as an index to query the bypass leakage information database for entries corresponding to the leakage information characteristics.
Wherein the analyzer comprises: the system comprises a distinguishing function library, a curve diversity submodule, a curve analysis submodule and a drawing submodule;
the distinguishing function library is used for storing different distinguishing functions; because the encryption algorithms are different, the corresponding distinguishing functions are realized differently, and therefore, a distinguishing function library is used for storing the different distinguishing functions;
the curve diversity sub-module is used for selecting a specified distinguishing function from a distinguishing function library according to the setting of the system configuration module, and performing pre-processing on bypass leakage information generated by a simulator or bypass leakage information measured from real physical equipment, namely distributing data of bypass leakage curves to different sets;
the curve analysis submodule is used for respectively solving the average signal of the data of the bypass leakage curves in different sets, calculating the average bypass leakage curve and then solving the average difference signal of the two sets;
the drawing submodule is used for generating a corresponding analysis curve graph by utilizing the output result of the curve analysis submodule and providing a more intuitive analysis result.
(III) advantageous effects
Compared with the prior art, the method carries out test analysis on the security of the bypass attack in the design stage of the cryptographic chip, overcomes the defects of the analysis method of the bypass attack in the later production stage, and provides a corresponding bypass simulation tool for the strategy. The invention adopts the idea of software and hardware collaborative design, and designs a simulation evaluation scheme of bypass attack by a method of separating a leakage simulation mechanism and a security analysis strategy. The simulation realization and the analysis of the bypass leakage are separated, and the bypass leakage is packaged by adopting a component technology, so that the method has stronger flexibility. Different bypass leakage information and attack strategies can be added into the environment in a component mode, so that a tester can flexibly select test data and an analysis strategy according to test requirements, and the bypass attack can be simulated and analyzed in the design stage of the cryptographic chip.
Drawings
FIG. 1 is a diagram of a bypass attack simulation environment architecture.
FIG. 2 is a flow diagram of a system configuration module.
Detailed Description
In order to make the objects, contents, and advantages of the present invention clearer, the following detailed description of the embodiments of the present invention will be made in conjunction with the accompanying drawings and examples.
In order to solve the problems in the prior art, the present invention provides a bypass attack simulation system for a cryptographic chip, as shown in fig. 1, the bypass attack simulation system includes: a system configuration module, a simulator and an analyzer;
the system configuration module is used for setting the initial operating environment of the simulator module and the analyzer module according to the parameters input by the user; as shown in fig. 2;
the simulator is used for running an algorithm program on a virtual specific hardware platform, establishing a bypass leakage information database according to a pre-established bypass information leakage model, analyzing an encryption algorithm instruction selected from a password algorithm library and generating a corresponding bypass leakage curve;
the analyzer is used for analyzing the bypass leakage curve, taking a bypass leakage information file with a unified format of a bypass leakage information database as input, not being limited by a data source of the bypass leakage curve, carrying out early-stage processing on the bypass leakage information generated by the simulator or the bypass leakage information measured from real physical equipment, calculating an average bypass leakage curve according to the selected discrimination function diversity, and drawing a curve graph.
The system configuration module uses two data structures to respectively cache configuration parameters input from a user interface, and then respectively generates an initialization configuration file simulator. ini of the simulator and an initialization configuration file analyzer. ini of the analyzer according to the configuration parameters. The key names of different simulation platforms are stored by different key name files, the key name files are written in advance, each key name corresponds to a key value stored in the structures of SIMULATOR _ PARAM and ANALYZER _ PARAM, and a system configuration module generates a configuration file by taking the data as input.
Wherein the simulator comprises: the system comprises a cryptographic algorithm library, a bypass leakage analysis submodule, a bypass information generation submodule and a curve drawing module;
the bypass information generation submodule is used for establishing a bypass leakage information database according to a pre-established bypass information leakage model; there are two ways to build the bypass leakage information database: firstly, modeling leakage characteristics of the bypass by using a mathematical model of the leakage characteristics, such as execution time, power consumption and the like; secondly, through a large amount of experiments, real bypass leakage information when different hardware platforms execute each instruction is tested, and the instruction and the leakage characteristic are corresponding to form a characteristic library. For a Template Attack method (Template attach), a second method is mainly adopted to establish a leakage feature library;
the bypass leakage analysis submodule is used for establishing a mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic according to the encryption algorithm instruction in the cryptographic algorithm library and the bypass leakage information characteristic in the bypass leakage information database;
and the curve drawing module is used for comprehensively analyzing the established bypass leakage information database and the mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic, and drawing and generating a bypass leakage curve corresponding to the whole operation process of the cryptographic algorithm.
The bypass leakage analysis submodule establishes a mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic according to the encryption algorithm instruction in the cryptographic algorithm library and the bypass leakage information characteristic in the bypass leakage information database, and comprises the following steps:
the characteristics of bypass leakage information and an encryption algorithm instruction in a machine instruction form have a close relationship, and the leaked information is different when different machine instructions are executed; even if the same machine instruction exists, the bypass leakage information characteristics are different when the operation data are different; in order to establish the relation between the encryption algorithm instruction and the bypass leakage information characteristic, firstly, a compiling tool is utilized to compile the encryption algorithm instruction to generate an optimized machine instruction code; the machine instructions are then used as an index to query the bypass leakage information database for entries corresponding to the leakage information characteristics.
Wherein the analyzer comprises: the system comprises a distinguishing function library, a curve diversity submodule, a curve analysis submodule and a drawing submodule;
the distinguishing function library is used for storing different distinguishing functions; because the encryption algorithms are different, the corresponding distinguishing functions are realized differently, and therefore, a distinguishing function library is used for storing the different distinguishing functions;
the curve diversity sub-module is used for selecting a specified distinguishing function from a distinguishing function library according to the setting of the system configuration module, and performing pre-processing on bypass leakage information generated by a simulator or bypass leakage information measured from real physical equipment, namely distributing data of bypass leakage curves to different sets;
the curve analysis submodule is used for respectively solving the average signal of the data of the bypass leakage curves in different sets, calculating the average bypass leakage curve and then solving the average difference signal of the two sets;
the drawing submodule is used for generating a corresponding analysis curve graph by utilizing the output result of the curve analysis submodule and providing a more intuitive analysis result.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.
Claims (5)
1. A bypass attack simulation system for a cryptographic chip, the bypass attack simulation system comprising: a system configuration module, a simulator and an analyzer;
the system configuration module is used for setting the initial operating environment of the simulator module and the analyzer module according to the parameters input by the user;
the simulator is used for running an algorithm program on a virtual hardware platform, establishing a bypass leakage information database according to a pre-established bypass information leakage model, analyzing an encryption algorithm instruction selected from a password algorithm library and generating a corresponding bypass leakage curve;
the analyzer is used for analyzing the bypass leakage curve, taking a bypass leakage information file with a unified format of a bypass leakage information database as input, not being limited by a data source of the bypass leakage curve, carrying out early-stage processing on the bypass leakage information generated by the simulator or the bypass leakage information measured from real physical equipment, calculating an average bypass leakage curve according to the selected discrimination function diversity, and drawing a curve graph.
2. The system for simulating bypass attack on a cryptographic chip as recited in claim 1, wherein the system configuration module uses two data structures to respectively cache the configuration parameters inputted from the user interface, and then respectively generates an initialization configuration file simulator.
3. The cryptographic chip bypass attack simulation system of claim 1, wherein the simulator comprises: the system comprises a cryptographic algorithm library, a bypass leakage analysis submodule, a bypass information generation submodule and a curve drawing module;
the bypass information generation submodule is used for establishing a bypass leakage information database according to a pre-established bypass information leakage model;
the bypass leakage analysis submodule is used for establishing a mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic according to the encryption algorithm instruction in the cryptographic algorithm library and the bypass leakage information characteristic in the bypass leakage information database;
and the curve drawing module is used for comprehensively analyzing the established bypass leakage information database and the mapping relation table of the encryption algorithm instruction and the bypass leakage information characteristic, and drawing and generating a bypass leakage curve corresponding to the whole operation process of the cryptographic algorithm.
4. The system for simulating bypass attack on a cryptographic chip as claimed in claim 3, wherein the bypass leakage analysis sub-module, according to the encryption algorithm command in the cryptographic algorithm library and the bypass leakage information characteristic in the bypass leakage information database, in the process of establishing the mapping relationship table between the encryption algorithm command and the bypass leakage information characteristic:
the characteristics of bypass leakage information and an encryption algorithm instruction in a machine instruction form have a close relationship, and the leaked information is different when different machine instructions are executed; even if the same machine instruction exists, the bypass leakage information characteristics are different when the operation data are different; in order to establish the relation between the encryption algorithm instruction and the bypass leakage information characteristic, firstly, a compiling tool is utilized to compile the encryption algorithm instruction to generate an optimized machine instruction code; the machine instructions are then used as an index to query the bypass leakage information database for entries corresponding to the leakage information characteristics.
5. The cryptographic chip bypass attack simulation system of claim 1, wherein the analyzer comprises: the system comprises a distinguishing function library, a curve diversity submodule, a curve analysis submodule and a drawing submodule;
the distinguishing function library is used for storing different distinguishing functions; because the encryption algorithms are different, the corresponding distinguishing functions are realized differently, and therefore, a distinguishing function library is used for storing the different distinguishing functions;
the curve diversity sub-module is used for selecting a specified distinguishing function from a distinguishing function library according to the setting of the system configuration module, and performing pre-processing on bypass leakage information generated by a simulator or bypass leakage information measured from real physical equipment, namely distributing data of bypass leakage curves to different sets;
the curve analysis submodule is used for respectively solving the average signal of the data of the bypass leakage curves in different sets, calculating the average bypass leakage curve and then solving the average difference signal of the two sets;
the drawing submodule is used for generating a corresponding analysis curve graph by utilizing the output result of the curve analysis submodule and providing a more intuitive analysis result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011186957.1A CN112287354A (en) | 2020-10-29 | 2020-10-29 | Bypass attack simulation system of password chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011186957.1A CN112287354A (en) | 2020-10-29 | 2020-10-29 | Bypass attack simulation system of password chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112287354A true CN112287354A (en) | 2021-01-29 |
Family
ID=74352600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011186957.1A Pending CN112287354A (en) | 2020-10-29 | 2020-10-29 | Bypass attack simulation system of password chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112287354A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101639885A (en) * | 2009-08-26 | 2010-02-03 | 成都卫士通信息产业股份有限公司 | Safe preparation method for cipher chip to resist against bypass attack |
| CN102546150A (en) * | 2012-02-07 | 2012-07-04 | 中国科学院软件研究所 | Cryptographic-equipment-oriented energy leakage acquisition method and system |
| CN103812642A (en) * | 2014-01-24 | 2014-05-21 | 天津大学 | Security detection method for design of cryptographic algorithm hardware |
| CN110460425A (en) * | 2019-09-24 | 2019-11-15 | 北京银联金卡科技有限公司 | A kind of attack method and system towards side channelization codes energy leakage signal |
-
2020
- 2020-10-29 CN CN202011186957.1A patent/CN112287354A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101639885A (en) * | 2009-08-26 | 2010-02-03 | 成都卫士通信息产业股份有限公司 | Safe preparation method for cipher chip to resist against bypass attack |
| CN102546150A (en) * | 2012-02-07 | 2012-07-04 | 中国科学院软件研究所 | Cryptographic-equipment-oriented energy leakage acquisition method and system |
| CN103812642A (en) * | 2014-01-24 | 2014-05-21 | 天津大学 | Security detection method for design of cryptographic algorithm hardware |
| CN110460425A (en) * | 2019-09-24 | 2019-11-15 | 北京银联金卡科技有限公司 | A kind of attack method and system towards side channelization codes energy leakage signal |
Non-Patent Citations (1)
| Title |
|---|
| 张涛: "一种面向密码芯片的旁路攻击关键技术研究", 《中国优秀博硕士论文全文数据库 信息科技辑》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mancini et al. | SyLVaaS: System level formal verification as a service | |
| CN101853200B (en) | High-efficiency dynamic software vulnerability exploiting method | |
| CN103052943A (en) | Source code conversion method and source code conversion program | |
| JP2007012003A (en) | System for providing development environment of feature-oriented software product line | |
| US9367427B2 (en) | Embedding and executing trace functions in code to gather trace data | |
| KR20130091096A (en) | Simulation apparatus and method for verifying hybrid system | |
| US10133871B1 (en) | Method and system for identifying functional attributes that change the intended operation of a compiled binary extracted from a target system | |
| CN114399019A (en) | Neural network compiling method, system, computer device and storage medium | |
| CN111831562A (en) | Fuzzy test case generation method based on machine learning, computer equipment and readable storage medium for operating method | |
| Pill et al. | Simultate: A toolset for fault injection and mutation testing of simulink models | |
| US20210406004A1 (en) | System and method for implementing a code audit tool | |
| CN111309589A (en) | Code security scanning system and method based on code dynamic analysis | |
| Pop et al. | Integrated debugging of Modelica models | |
| CN113836023B (en) | Compiler security testing method based on architecture cross check | |
| CN106293687A (en) | The control method of a kind of flow process of packing, and device | |
| Chaves et al. | Octave and python: High-level scripting languages productivity and performance evaluation | |
| CN103150445B (en) | The method for decomposing of a kind of MATLAB model variable and device | |
| Chirigati et al. | Packing experiments for sharing and publication | |
| CN115033434B (en) | Method and device for calculating kernel performance theoretical value and storage medium | |
| KR102110735B1 (en) | Method and system for re-generating binary for vulnerability detection | |
| CN112287354A (en) | Bypass attack simulation system of password chip | |
| Shrestha et al. | Replicability study: Corpora for understanding simulink models & projects | |
| US8954310B2 (en) | Automatic designation of equivalent variable values | |
| CN110210046A (en) | Application program and dedicated instruction set processor integration agile design method | |
| CN111539099A (en) | Simulink model verification method based on program variation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210129 |