广西师范大学学报(自然科学版) ›› 2021, Vol. 39 ›› Issue (6): 33-43.doi: 10.16088/j.issn.1001-6600.2020081602

• 研究论文 • 上一篇    下一篇

面向AES密码硬件系统的马氏距离随机旁路攻击方法

张顺生, 罗玉玲*, 丘森辉   

  1. 广西师范大学 电子工程学院, 广西 桂林 541004
  • 收稿日期:2020-08-16 修回日期:2020-11-25 出版日期:2021-11-25 发布日期:2021-12-08
  • 通讯作者: 罗玉玲(1984—), 女, 湖北武汉人, 广西师范大学副教授, 博士。E-mail: yuling0616@mailbox.gxnu.edu.cn
  • 基金资助:
    国家自然科学基金(61801131); 广西高校中青年教师科研基础能力提升项目(2020KY02030); 广西研究生教育创新计划项目(YCSW2020100)

Stochastic Attack Method Based on Mahalanobis Distance against AES Cryptosystem

ZHANG Shunsheng, LUO Yuling*, QIU Senhui   

  1. School of Electronic Engineering, Guangxi Normal University, Guilin Guangxi 541004, China
  • Received:2020-08-16 Revised:2020-11-25 Online:2021-11-25 Published:2021-12-08

PDF (PC)

176

摘要: 随机模型是一种典型的有原型攻击,其所构建模板的协方差矩阵和传统模板攻击一样,可能会出现指数运算溢出和协方差矩阵不可逆的问题。此外,它需要控制参考设备多次随机设置明文和密钥,从而捕获能耗数据建立模板,这一过程限制了其使用范围。为了解决此问题,提出基于马氏距离的随机攻击方法,针对参考设备设置随机明文和固定密钥建立模板,并将马氏距离应用到随机模型中用于恢复密钥。实验中对基于Atmel XMEGA128D4 微控制器实现的AES密码算法实施攻击。结果表明:使用固定或随机密钥构建模板,具有相同分布的加密中间值,都可恢复正确密钥。对比传统模板攻击和通过相关能量分析,提出的攻击方法能够以更少的痕迹恢复正确密钥,使用约50条痕迹可达100%的成功率,可提升密码硬件系统安全性能分析效率。

关键词: 旁路攻击, 模板攻击, 随机模型, 马氏距离, 相关能量分析

Abstract: Stochastic Model (SM) is a typical profiling attack where in building template, the covariance matrix may become singular and cause exponentiation calculation, which is identical to traditional Template Attacks (TA). In addition, the reference device is fully controlled to set up random plaintexts and keys for many times, and captured power consumption data are used to build templates, which limits the usage of SM and traditional TA. In order to solve these problems, stochastic attack based on Mahalanobis distance is proposed in this paper. By studying the techniques of TA, the template is built on reference device where random plaintexts and fixed keys are used as the input, and Mahalanobis distance (statistical tool) is applied to SM to recover keys. The proposed algorithm is used to attack AES which is implemented on Atmel XMEGA128D4 microcontroller. Attack results indicate that the proposed attack method can verify that fixed or random keys have identical distribution of AES sensitive intermediate values when template is built, which can be used to restore the correct keys. Compared with CPA and traditional TA, the correct key can be recovered by the proposed attack algorithm with less power traces, and 100% of success rate can be reached with about 50 traces. The analyzing efficiency of hardware cryptosystem can be improved.

Key words: side channel attack, template attack, stochastic model, Mahalanobis distance, correlation power analysis

中图分类号: 

  • TN918.1
[1] LUO Y L,ZHOU R L,LIU J X,et al. A parallel image encryption algorithm based on the piecewise linear chaotic map and hyper-chaotic map[J]. Nonlinear Dynamics,2018,93:1165-1181. DOI:10.1007/s11071-018-4251-9.
[2] LUO Y L,TANG S B,QIN X S,et al. A double-image encryption scheme based on amplitude-phase encoding and discrete complex random transformation[J]. IEEE Access,2018,6:77740-77753. DOI:10.1109/access.2018.2884013.
[3] LUO Y L,LIN J,LIU J X,et al. A robust image encryption algorithm based on Chua’s circuit and compressive sensing[J]. Signal Processing,2019,161:227-247. DOI:10.1016/j.sigpro.2019.03.022.
[4] 杨静. 一种AES算法加密传输系统的设计与实现[J]. 电子设计工程,2019,27 (3):123-126, 131.
[5] LI C Q,LIN D D,LÜ J H,et al. Cryptanalyzing an image encryption algorithm based on autoblocking and electrocardiography[J]. IEEE Multimedia,2018,25(4):46-56. DOI:10.1109/MMUL.2018.2873472.
[6] KOCHER P,JAFFE J,JUN B. Differential power analysis[C]//19th Annual International Cryptology Conference Santa Barbara. Berlin:Springer,1999. DOI:10.1007/3-540-48405-1_25.
[7] GANDOLFI K,MOURTEL C,OLIVIER F. Electromagnetic analysis:concrete results[C]//Cryptographic Hardware and Embedded Systems-CHES 2001. Berlin:Springer,2001:251-261. DOI:10.1007/3-540-44709-1_21.
[8] KOCHER P C. Timing attacks on implement at ions of Diffie-Hellman,RSA,DSS,and other systems[C]//16th Annual International Cryptology Conference. Berlin:Springer,2001. DOI:10.1007/3-540-68697-5_9.
[9] ZHANG H L. On the exact relationship between the success rate of template attack and different parameters[J]. IEEE Transactions on Information Forensics and Security,2019,15:681-694. DOI:10.1109/tifs.2019.2928506.
[10] BRIER E,CLAVIER C,OLIVIER F. Correlation power analysis with a leakage model[C]//Cryptographic Hardware and Embedded Systems-CHES 2004. Berlin:Springer,2004:16-29. DOI:10.1007/978-3-540-28632-5_2.
[11] CHARI S,RAO J R,ROHATGI P. Template attacks[C]//Cryptographic Hardware and Embedded Systems-CHES 2002. Berlin:Springer,2002:13-28. DOI:10.1007/3-540-36400-5_3.
[12] HEUSER A,KASPER M,SCHINDLER W,et al. A new difference method for side-channel analysis with high-dimensional leakage models[C]//CT-RSA 2012 Conference. Berlin:Springer,2012:365-382. DOI:10.1007/978-3-642-27954-6_23.
[13] SCHINDLER W,LEMKE K,PAAR C. A stochastic model for fifferential dide channel cryptanalysis[C]//Cryptographic Hardware and Embedded Systems-CHES 2005. Berlin:Springer,2005:30-46. DOI:10.1007/11545262_3.
[14] 杜之波,孙元华,王燚. 针对 AES 密码算法的多点联合能量分析攻击[J]. 通信学报,2016,37(增刊1):78-84. DOI:10.11959/j.issn.1000-436x.2016251.
[15] 朱文锋,王琴,郭筝,等. 针对分组密码的攻击方法研究[J]. 计算机工程,2020,46(1):102-107,113.
[16] 郭东昕,陈开颜,张阳,等. 针对密码芯片的模板攻击研究综述[J]. 飞航导弹,2018 (12):79-83. DOI:10.16338/j.issn.1009-1319.20180040.
[17] ZHANG H L,ZHOU Y B. How many interesting points should be used in a template attack?[J]. Journal of Systems and Software,2016,120:105-113. DOI:10.1016/j.jss.2016.07.028.
[18] RECHBERGER C,OSWALD E. Practical template attacks[C]//WISA 2004. Berlin:Springer,2004:440-456. DOI:10.1007/978-3-540-31815-6_35.
[19] GIERLICHS B,LEMKE-RUST K,PAAR C. Templates vs. stochastic methods a performance analysis for side channel cryptanalysis[C]//Cryptographic Hardware and Embedded Systems-CHES 2006. Berlin:Springer,2006:15-29. DOI:10.1007/11894063_2.
[20] PAMMU A A,CHONG K S,WANG Y,et al. A highly efficient side channel attack with profiling through relevance-learning on physical leakage information[J]. IEEE Transactions on Dependable and Secure Computing,2019,16(3):376-387. DOI:10.1109/TDSC.2018.2864727.
[21] CHOUDARY M O,KUHN M G. Efficient,portable template attacks[J]. IEEE Transactions on Information Forensics and Security,2017,13(2):490-501. DOI:10.1109/TIFS.2017.2757440.
[22] ZHANG H L,ZHOU Y B,FENG D G. Mahalanobis distance similarity measure based distinguisher for template attack[J]. Security and Communication Networks,2015,8(5):769-777. DOI:10.1002/sec.1033.
[23] 李佩之,严迎建,段二朋. DES密码芯片模板攻击技术研究[J]. 计算机应用与软件,2013,30(4):310-312,333. DOI:10.3969/j.issn.1000-386x.2013.04.089.
[24] 段二朋,严迎建,刘凯. 针对AES密码芯片的CPA攻击点选择研究[J]. 计算机工程与应用,2013,49(4):91-94. DOI:10.3778/j.issn.1002-8331.1107-0348.
[25] LUO Y L,ZHANG D Z,LIU J X,et al. Cryptanalysis of chaos-based cryptosystem from the hardware perspective[J]. International Journal of Bifurcation and Chaos,2018,28(9):1850114. DOI:10.1142/S0218127418501146.
[26] STANDAERT F X,MALKIN T G,YUNG M. A unified framework for the analysis of side-channel key recovery attacks[C]//Advances in Cryptology-EUROCRYPT 2009. Berlin:Springer,2009:443-461. DOI:10.1007/978-3-642-01001-9_26.
[27] RIVAIN M. On the exact success rate of side channel analysis in the Gaussian model[C]//SAC 2008. Berlin:Springer,2008:165-183. DOI:10.1007/978-3-642-04159-4_11.
[28] FEI Y,LUO Q S,DING A A. A statistical model for DPA with novel algorithmic confusion analysis[C]//Cryptographic Hardware and Embedded Systems-CHES 2012. Berlin:Springer,2012:233-250. DOI:10.1007/978-3-642-33027-8_14.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
[1] 胡锦铭, 韦笃取. 不同阶次分数阶永磁同步电机的混合投影同步[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 1 -8 .
[2] 武康康, 周鹏, 陆叶, 蒋丹, 闫江鸿, 钱正成, 龚闯. 基于小批量梯度下降法的FIR滤波器[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 9 -20 .
[3] 刘东, 周莉, 郑晓亮. 基于SA-DBN的超短期电力负荷预测[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 21 -33 .
[4] 张伟彬, 吴军, 易见兵. 基于RFB网络的特征融合管制物品检测算法研究[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 34 -46 .
[5] 王金艳, 胡春, 高健. 一种面向知识编译的OBDD构造方法[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 47 -54 .
[6] 逯苗, 何登旭, 曲良东. 非线性参数的精英学习灰狼优化算法[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 55 -67 .
[7] 李莉丽, 张兴发, 李元, 邓春亮. 基于高频数据的日频GARCH模型估计[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 68 -78 .
[8] 李松涛, 李群宏, 张文. 三自由度碰撞振动系统的余维二擦边分岔与混沌控制[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 79 -92 .
[9] 赵红涛, 刘志伟. λ重完全二部3-一致超图λK(3)n,n分解为超图双三角锥[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 93 -98 .
[10] 李梦, 曹庆先 , 胡宝清. 1960—2018年广西大陆海岸线时空变迁分析[J]. 广西师范大学学报(自然科学版), 2021, 39(4): 99 -108 .
版权所有 © 广西师范大学学报(自然科学版)编辑部
地址:广西桂林市三里店育才路15号 邮编:541004
电话:0773-5857325 E-mail: gxsdzkb@mailbox.gxnu.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发