搜索

x

留言板

尊敬的读者、作者、审稿人, 关于本刊的投稿、审稿、编辑和出版的任何问题, 您可以本页添加留言。我们将尽快给您答复。谢谢您的支持!

姓名
邮箱
手机号码
标题
留言内容
验证码

基于Hamming weight和泄漏光子数的高级加密标准密码芯片光辐射分析攻击

王红胜 徐子言 张阳 陈开颜 李宝晨 吴令安

引用本文:
Citation:

基于Hamming weight和泄漏光子数的高级加密标准密码芯片光辐射分析攻击

王红胜, 徐子言, 张阳, 陈开颜, 李宝晨, 吴令安

Attack on the advanced encryption standard cipher chip based on the correspondence between Hamming weight and the number of emitted photons

Wang Hong-Sheng, Xu Zi-Yan, Zhang Yang, Chen Kai-Yan, Li Bao-Chen, Wu Ling-An
PDF
导出引用
  • 通过研究密码芯片运行时的光辐射迹及其数据依赖性, 建立了操作数汉明重量与泄漏光子数的对应关系, 提出了一种简单有效的针对高级加密标准(AES)加密算法的密码芯片光辐射分析方法. 根据密码芯片运行时的光泄漏特性, 利用时间相关单光子计数技术搭建了光辐射分析攻击实验平台, 在AES加密算法执行第一次的轮密钥加操作后和字节替换操作后分别进行光泄露信号采集, 对基于操作数Hamming weight和AES密码芯片泄漏光子数对应关系的密钥分析攻击方法的有效性进行了实验验证, 通过选择几组明文成功地破解了AES加密算法的密钥. 实验结果表明, 当密码芯片的泄露光子数与操作数的汉明重量呈近似线性关系时, 该种光辐射密钥分析攻击方法对AES密码芯片的安全性构成了严重的威胁.
    The security of information transmission is of paramount importance in all sectors of society, whether civilian or defence related. In ancient times the encryption of secret messages was mainly realized by physical or chemical means, but this was later supplemented by mathematical techniques. In parallel, the breaking of enemy codes has also been a subject of intense study. To date, the only known absolutely secure means of encryption is through quantum cryptography, However, this still has to be implemented by equipment that is vulnerable to various physical attacks, so it is important to study these methods of attack, both for legitimate users and for the surveillance of criminal activities. Today, nearly all transactions have to be realized through the computer and much effort has been devoted to cracking the software. However, little attention has been paid to the hardware, and it has only recently been realized that computer chips themselves can leak sensitive information, from which a code may even be deciphered. By studying the photonic emission and the data dependency of a cryptographic chip during operation, the correspondence between the Hamming weight of the operand and the number of photons emitted may be established, based on which a simple and effective method is proposed to crack the Advanced Encryption Standard (AES) cipher chip. An experimental platform has been set up for measuring and analyzing the leaked photonic emission using time-correlated single-photon counting. An AT89C52 microcontroller implementing the operation of the AES cipher algorithm is used as a cipher chip. The emitted photons are collected when the first AddRoundKey and SubBytes of the AES encryption arithmetic are executed, and their respective numbers are found to have a linear relationship with the operand Hamming weight. The sources of noise affecting the photon emission trace have been analyzed, so that the measurement error and uncertainty can be reduced effectively. With the help of our Hamming weight simulation model, by selecting one or several groups of plain text and comparing the corresponding relationship between the Hamming weight of the intermediate values and the number of photons emitted by the cipher chip, the key of the AES encryption algorithm has been successfully recovered and cracked. This confirms the effectiveness of this method of attack, which can therefore pose a severe threat to the security of the AES cipher chip. For the next step in the future, our method will be optimized to narrow the search range, and also combined with other photonic emission analysis attacks (such as simple photonic emission analysis and differential photonic emission analysis) to improve the efficiency. A comparison and evaluation of the various methods will be made. At the same time, our current experimental configuration will be improved to obtain a better collection efficiency and signal-to-noise ratio.
      通信作者: 王红胜, whswzx@aliyun.com
    • 基金项目: 国家自然科学基金(批准号: 51377170, 11304007) 和河北省自然科学基金(批准号: F2012506008) 资助的课题.
      Corresponding author: Wang Hong-Sheng, whswzx@aliyun.com
    • Funds: Project supported by the National Natural Science Foundation of China (Grant No. 51377170, 11304007), and the Natural Science Foundation of Hebei, China (Grant No. F2012506008).
    [1]

    Krmer J, Kasper M, Seifert J P 2014 19th Asia and South Pacific Design Automation Conference Singapore, Republic of Singapore, January 20-23, 2014 p780

    [2]

    Krmer J, Nedospasov D, Schlosser A, Seifert J P 2013 Constructive Side-Channel Analysis and Secure Design (Berlin: Springer-Verlag) p1

    [3]

    Schlosser A, Nedospasov D, Krmer J, Orlic S, Seifert J P 2013 J. Cryptogr. Eng. 3 3

    [4]

    Wang H S 2015 Ph. D. Dissertation (Shijiazhuang: Ordnance Engineering Collage) (in Chinese) [王红胜 2015 博士学位论文 (石家庄: 军械工程学院)]

    [5]

    Kocher P 1996 Annual International Cryptology Conference California, August 18-22, 1996 p104

    [6]

    Kocher P, Jaffe J, Jun B 1999 Annual International Cryptology Conference California, USA, August 15-19, 1999 p388

    [7]

    Hnath W 2010 Ph. D. Dissertation(Massachusetts: Worcester Polytechnic Institute) (in USA)

    [8]

    Mulder E D 2010 Ph. D. Dissertation(Leuven: Katholieke Universiteit) (in The Kingdom of Belgium)

    [9]

    Biham E, Shamir A 1997 Annual International Cryptology Conference Santa Barbara, California, USA, August 17-21 1997 p513

    [10]

    Wang T, Zhao X J, Guo S Z, Zhang F, Liu H Y, Zheng T M 2012 Chin. J. Comput. 35 325 (in Chinese) [王韬, 赵新杰, 郭世泽, 张帆, 刘会英, 郑天明 2012 计算机学报 35 325]

    [11]

    Kircanski A, Youssef A M 2010 3th International Conference on Cryptology in Africa Stellenbosch, South Africa, May 3-6, 2010 p261

    [12]

    Ferrigno J, Hlav M 2008 IET Infor. Secur. 2 94

    [13]

    Wang Y J, Ding T, Ma H Q, Jiao R Z 2014 Chin. Phys. B 23 060308

    [14]

    Liang Y, Zeng H P 2014 Sci. China: Phys. Mech. Astron. 57 1218

    [15]

    Sun Z B, Ma H Q, Lei M, Yang H D, Wu L A, Zhai G J, Feng J 2007 Acta Phys. Sin. 56 5790 (in Chinese) [孙志斌, 马海强, 雷鸣, 杨捍东, 吴令安, 翟光杰, 冯稷 2007 物理学报 56 5790]

    [16]

    Wang H S, Ji D G, Gao Y L, Zhang Y, Chen K Y, Chen J G, Wu L A, Wang Y Z 2015 Acta Phys. Sin. 64 058901 (in Chinese) [王红胜, 纪道刚, 高艳磊, 张阳, 陈开颜, 陈军广, 吴令安, 王永仲 2015 物理学报 64 058901]

    [17]

    Zhang L B, Kang L, Chen J, Zhao Q Y, Jia T, Xu W W, Cao C H, Jin B B, Wu P H 2011 Acta Phys. Sin. 60 038501 (in Chinese) [张蜡宝, 康琳, 陈健, 赵清源, 郏涛, 许伟伟, 曹春海, 金飚兵, 吴培亨 2011 物理学报 60 038501]

    [18]

    Liu Y, Wu Q L, Han Z F, Dai Y M, Guo G C 2010 Chin. Phys. B 19 080308

    [19]

    Mangard S, Oswald E, Popp T (translated by Feng D G, Zhou Y B, Liu J Y) 2010 Power Analysis Attacks (Beijing: Science Press) pp1-129 (in Chinese) [Mangard S, Oswald E, Popp T 著 (冯登国, 周永彬, 刘继业 译) 2010 能量分析攻击 (北京:科学出版社) 第 1-129 页]

    [20]

    Hu X D, Wei Q F, Hu R 2011 Applied Cryptography (2nd Ed) (Beijing: Electronic Industry Press) pp1-95 (in Chinese) [胡向东, 魏琴芳, 胡蓉编应用密码学 (第 2 版) (北京:电子工业出版社) 第 1-95 页]

    [21]

    Becker W (translated by Qu J L) 2009 Advanced Time-Correlated Single Photon Counting Techniques (Beijing: Science Press) pp1-126 (in Chinese) [Becker W 著 (屈军乐 译) 2009 高级时间相关单光子计数技术 (北京: 科学出版社) 第 1-126 页]

  • [1]

    Krmer J, Kasper M, Seifert J P 2014 19th Asia and South Pacific Design Automation Conference Singapore, Republic of Singapore, January 20-23, 2014 p780

    [2]

    Krmer J, Nedospasov D, Schlosser A, Seifert J P 2013 Constructive Side-Channel Analysis and Secure Design (Berlin: Springer-Verlag) p1

    [3]

    Schlosser A, Nedospasov D, Krmer J, Orlic S, Seifert J P 2013 J. Cryptogr. Eng. 3 3

    [4]

    Wang H S 2015 Ph. D. Dissertation (Shijiazhuang: Ordnance Engineering Collage) (in Chinese) [王红胜 2015 博士学位论文 (石家庄: 军械工程学院)]

    [5]

    Kocher P 1996 Annual International Cryptology Conference California, August 18-22, 1996 p104

    [6]

    Kocher P, Jaffe J, Jun B 1999 Annual International Cryptology Conference California, USA, August 15-19, 1999 p388

    [7]

    Hnath W 2010 Ph. D. Dissertation(Massachusetts: Worcester Polytechnic Institute) (in USA)

    [8]

    Mulder E D 2010 Ph. D. Dissertation(Leuven: Katholieke Universiteit) (in The Kingdom of Belgium)

    [9]

    Biham E, Shamir A 1997 Annual International Cryptology Conference Santa Barbara, California, USA, August 17-21 1997 p513

    [10]

    Wang T, Zhao X J, Guo S Z, Zhang F, Liu H Y, Zheng T M 2012 Chin. J. Comput. 35 325 (in Chinese) [王韬, 赵新杰, 郭世泽, 张帆, 刘会英, 郑天明 2012 计算机学报 35 325]

    [11]

    Kircanski A, Youssef A M 2010 3th International Conference on Cryptology in Africa Stellenbosch, South Africa, May 3-6, 2010 p261

    [12]

    Ferrigno J, Hlav M 2008 IET Infor. Secur. 2 94

    [13]

    Wang Y J, Ding T, Ma H Q, Jiao R Z 2014 Chin. Phys. B 23 060308

    [14]

    Liang Y, Zeng H P 2014 Sci. China: Phys. Mech. Astron. 57 1218

    [15]

    Sun Z B, Ma H Q, Lei M, Yang H D, Wu L A, Zhai G J, Feng J 2007 Acta Phys. Sin. 56 5790 (in Chinese) [孙志斌, 马海强, 雷鸣, 杨捍东, 吴令安, 翟光杰, 冯稷 2007 物理学报 56 5790]

    [16]

    Wang H S, Ji D G, Gao Y L, Zhang Y, Chen K Y, Chen J G, Wu L A, Wang Y Z 2015 Acta Phys. Sin. 64 058901 (in Chinese) [王红胜, 纪道刚, 高艳磊, 张阳, 陈开颜, 陈军广, 吴令安, 王永仲 2015 物理学报 64 058901]

    [17]

    Zhang L B, Kang L, Chen J, Zhao Q Y, Jia T, Xu W W, Cao C H, Jin B B, Wu P H 2011 Acta Phys. Sin. 60 038501 (in Chinese) [张蜡宝, 康琳, 陈健, 赵清源, 郏涛, 许伟伟, 曹春海, 金飚兵, 吴培亨 2011 物理学报 60 038501]

    [18]

    Liu Y, Wu Q L, Han Z F, Dai Y M, Guo G C 2010 Chin. Phys. B 19 080308

    [19]

    Mangard S, Oswald E, Popp T (translated by Feng D G, Zhou Y B, Liu J Y) 2010 Power Analysis Attacks (Beijing: Science Press) pp1-129 (in Chinese) [Mangard S, Oswald E, Popp T 著 (冯登国, 周永彬, 刘继业 译) 2010 能量分析攻击 (北京:科学出版社) 第 1-129 页]

    [20]

    Hu X D, Wei Q F, Hu R 2011 Applied Cryptography (2nd Ed) (Beijing: Electronic Industry Press) pp1-95 (in Chinese) [胡向东, 魏琴芳, 胡蓉编应用密码学 (第 2 版) (北京:电子工业出版社) 第 1-95 页]

    [21]

    Becker W (translated by Qu J L) 2009 Advanced Time-Correlated Single Photon Counting Techniques (Beijing: Science Press) pp1-126 (in Chinese) [Becker W 著 (屈军乐 译) 2009 高级时间相关单光子计数技术 (北京: 科学出版社) 第 1-126 页]

  • [1] 罗小军, 石立华, 张琪, 邱实, 李云, 刘毅诚, 段艳涛. 一次人工触发闪电回击过程的光辐射色散特性分析. 物理学报, 2022, 71(17): 179201. doi: 10.7498/aps.71.20220479
    [2] 徐昭, 周昕, 白星, 李聪, 陈洁, 倪洋. 基于深度学习的相位截断傅里叶变换非对称加密系统攻击方法. 物理学报, 2021, 70(14): 144202. doi: 10.7498/aps.70.20202075
    [3] 王仁德, 张亚萍, 祝旭锋, 王帆, 李重光, 张永安, 许蔚. 基于光学扫描全息密码术的多图像并行加密. 物理学报, 2019, 68(11): 114202. doi: 10.7498/aps.68.20190162
    [4] 尹霄丽, 郭翊麟, 闫浩, 崔小舟, 常欢, 田清华, 吴国华, 张琦, 刘博, 忻向军. 汉克-贝塞尔光束在海洋湍流信道中的螺旋相位谱分析. 物理学报, 2018, 67(11): 114201. doi: 10.7498/aps.67.20180155
    [5] 储玉飞, 张远宪, 刘春, 普小云. 微流芯片中消逝波激励的荧光辐射特性研究. 物理学报, 2017, 66(10): 104208. doi: 10.7498/aps.66.104208
    [6] 尹剑飞, 温激鸿, 肖勇, 温熙森. 基于高级统计能量分析的周期加筋板振动特性研究. 物理学报, 2015, 64(13): 134301. doi: 10.7498/aps.64.134301
    [7] 王红胜, 纪道刚, 高艳磊, 张阳, 陈开颜, 陈军广, 吴令安, 王永仲. 基于时间相关单光子计数技术的密码芯片光辐射分析. 物理学报, 2015, 64(5): 058901. doi: 10.7498/aps.64.058901
    [8] 彭再平, 王春华, 林愿, 骆小文. 一种新型的四维多翼超混沌吸引子及其在图像加密中的研究. 物理学报, 2014, 63(24): 240506. doi: 10.7498/aps.63.240506
    [9] 钟广明, 杜晓晴, 唐杰灵, 董向坤, 雷小华, 陈伟民. 影响倒装焊LED芯片电流分布均匀性的因素分析. 物理学报, 2012, 61(12): 127803. doi: 10.7498/aps.61.127803
    [10] 朱从旭, 孙克辉. 对一类超混沌图像加密算法的密码分析与改进. 物理学报, 2012, 61(12): 120503. doi: 10.7498/aps.61.120503
    [11] 邢莉娟, 李卓, 张武军. 加强的量子汉明限. 物理学报, 2011, 60(5): 050304. doi: 10.7498/aps.60.050304
    [12] 李亚楠, 梁中翥, 梁静秋, 郑娜, 方伟, 王维彪, 禹秉熙. 辐射探测芯片吸收膜理论设计及镍磷黑膜制备. 物理学报, 2010, 59(7): 4530-4534. doi: 10.7498/aps.59.4530
    [13] 张盛, 王剑, 张权, 唐朝京. 量子密码协议的错误序列模型分析. 物理学报, 2009, 58(1): 73-77. doi: 10.7498/aps.58.73
    [14] 彭 翔, 汤红乔, 田劲东. 双随机相位编码光学加密系统的唯密文攻击. 物理学报, 2007, 56(5): 2629-2636. doi: 10.7498/aps.56.2629
    [15] 王 开, 裴文江, 邹留华, 何振亚. 一种多混沌系统公钥密码算法的安全性分析. 物理学报, 2006, 55(12): 6243-6247. doi: 10.7498/aps.55.6243
    [16] 彭 翔, 张 鹏, 位恒政, 于 斌. 双随机相位加密系统的已知明文攻击. 物理学报, 2006, 55(3): 1130-1136. doi: 10.7498/aps.55.1130
    [17] 江少恩, 孙可煦, 黄天暄, 成金秀, 丁永坤, 胡 昕, 崔延莉, 陈久森, 于艳宁, 郑志坚. “神光Ⅱ”基频光辐射输运实验与分析. 物理学报, 2004, 53(5): 1425-1432. doi: 10.7498/aps.53.1425
    [18] 赵东焕, 雷仕湛. 自由电子激光辐射场的经典理论分析. 物理学报, 1996, 45(2): 192-200. doi: 10.7498/aps.45.192
    [19] 何林, 邓永元. 超荧光辐射的热力学模型分析. 物理学报, 1995, 44(1): 80-86. doi: 10.7498/aps.44.80
    [20] 林大键, 薛鸣球. 高级色差理论. 物理学报, 1980, 29(2): 260-264. doi: 10.7498/aps.29.260
计量
  • 文章访问数:  4671
  • PDF下载量:  164
  • 被引次数: 0
出版历程
  • 收稿日期:  2016-01-26
  • 修回日期:  2016-03-04
  • 刊出日期:  2016-06-05

/

返回文章
返回