检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
出 处:《密码学报》2014年第2期124-133,共10页Journal of Cryptologic Research
基 金:国家自然科学基金项目(61073169)
摘 要:功耗攻击利用加密器件泄露的功耗来恢复密钥,对嵌入式密码系统构成严重威胁.CHES 2012中,Fei利用混乱系数对功耗攻击中应用最为广泛的DPA的成功率进行建模.然而其中重要参数混乱系数定义冗余,并且混乱系数的数值计算不准确.本文根据分组算法的一般特性,修改了混乱系数的定义,将其从二维降至一维,这使混乱系数的个数成指数倍下降.我们重新计算了修改后的混乱系数的值,并发现DES算法的混乱系数的分布十分特殊.我们利用修改后的混乱系数重新计算了针对DES进行DPA时各个备选密钥的功耗差(Difference of Means,DoM)期望的分布,并在SASEBO平台上针对时钟频率为24M的3DES算法CPU芯片卡进行了实验攻击,得到的实验结果与利用修改后的混乱系数计算得到的DoM期望值相符合.Power attacks make use of power leakage from cipher devices to retrieve the vital key information and are now becoming real threats to many embedded crypto-systems. Using confusion coefficient(CC), Fei et al. modeled the DPA successful rate which is the most extensively implemented power-attack method at CHES 2012. However, the definition of the confusion coefficient, namely CC, is redundant therein and the numerical calculation of the CC is inaccurate. In this paper, we revised this definition to make it reduced from 2-dimension to 1-dimension, whereby decrease exponentially the number of CCs. We recalculated the CCs of DES according to our new definition and an abnormal distribution of CCs was found. Based on these new CCs, we recalculated the distribution of expectation values of Difference of Means(DoM) for each key candidate, and conducted a real attack against a 3DES chip running at 24MHz on the SASBO platform. Our experimental results agree well with calculated DoM.
关 键 词:侧信道攻击 差分功耗攻击 混乱系数 分组算法 DES
分 类 号:TN918.4[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
