针对物联网设备的旁路攻击及防御方法的研究  

作　　者：何乐生[1,2] 冯毅 岳远康 杨崇宇 胡崇辉 HE Lesheng;FENG Yi;YUE Yuankang;YANG Chongyu;HU Chonghui(College of Information,Yunnan University,Kunming 650091,China;University Key Laboratory of Internet of Things Technology and Application of Yunnan Province,Kunming 650091,China)

机构地区：[1]云南大学信息学院,云南昆明650091 [2]云南省高校物联网技术及应用重点实验室,云南昆明650091

出　　处：《通信学报》2025年第2期166-175,共10页Journal on Communications

基　　金：国家自然科学基金资助项目(No.U1631121)。

摘　　要：物联网设备通常使用计算能力受限的微控制器来实现,因而只能采用轻量级对称加密算法来保证其数据安全,且其自身的特点决定了只能被部署在开放环境中,极易遭受旁路攻击。针对这一问题,在基于自主设计的旁路攻击验证平台上开展实验,并提出了安全密钥管理方案及改进的S盒设计,作为旁路攻击防御方法。验证平台由两级差分放大器和抗干扰有限冲激响应(FIR)滤波器构成,能够捕捉微弱的功耗变化,并设计了针对轻量级加密算法的两轮相关能量攻击。通过获取正确密钥相关系数置信度的评估方法,在对PRESENT算法的3 000条功耗曲线进行10 000次攻击后,成功率超过96%,正确密钥的相关性均值均超过0.6,在95%的置信水平下,拥有狭窄的置信区间,而采用改进后的算法进行相同实验时,攻击成功率仅为9.12%。Internet of things(IoT)devices are typically implemented using microcontrollers with limited computational capabilities,which necessitate the use of lightweight symmetric encryption algorithms to ensure data security.Due to their inherent characteristics,these devices can only be deployed in open environments,making them highly vulnerable to side-channel attacks.To address this issue,experiments were conducted on a self-designed side-channel attack validation platform,where a secure key management scheme and an improved S-box design were proposed as countermeasures against side-channel attacks.The validation platform consisted of a two-stage differential amplifier and an antiinterference finite impulse response(FIR)filter,which were capable of capturing subtle power consumption fluctuations.A two-round correlated energy attack targeting lightweight encryption algorithms was also designed.By evaluating the confidence of the correct key correlation coefficient,after 10000 attacks on 3000 power consumption traces of the PRESENT algorithm,a success rate of over 96%is achieved,with the mean correlation of the correct key exceeding 0.6.At a 95%confidence level,a narrow confidence interval is obtained.In contrast,when the improved algorithm is used in the same experiment,the attack success rate is only 9.12%.

关 键 词：物联网安全 轻量级密码 旁路攻击 相关能量分析 

分 类 号：TN918.9[电子电信—通信与信息系统]