|
- 2018
双重掩码的模幂算法聚类相关功耗分析攻击
|
Abstract:
相关功耗分析方法是模幂算法最常用的攻击方法之一,当设计中使用底数和指数双重掩码防护措施时,现有的相关功耗分析无法使用。采用高阶相关功耗分析可以对这类防护措施实施有效攻击,但会带来噪声、降低攻击准确率,并且攻击过程中分类方法采用人工观察设定阈值方式,攻击效果严重依赖于攻击者的经验。针对以上问题,提出了一种基于聚类相关功耗分析攻击方法,利用模乘之间功耗的相关性特征差异,评估功耗点有效度,提高有效信息利用率,降低噪声和人工参与过程。实验结果表明,针对双层掩码的模幂防范算法,聚类相关功耗分析与现有策略相比,攻击效率和算法通用性得到提升,400条功耗曲线攻击准确率收敛于1。
[1] | HEYSZL J, IBING A, MANGARD S, et al. Clustering algorithms for non-profiled single-execution attacks on Exponentiations[C]//Smart Card Research and Advanced Applications, Lecture Notes in Computer Science. Berlin, Heidelberg:Springer, 2014, 8419:79-93. |
[2] | WAN Wu-nan, YANG Wei, CHEN Jun. An optimized cross correlation power attack of message blinding exponentiation algorithms[J]. China Communication, 2015, 12(6):22-32. |
[3] | BATINA L, GIERLICHS B, LEMKE-RUST K. Differential cluster analysis[C]//CHES, Lecture Notes in Computer Science. Berlin, Heidelberg:Springer, 2009, 5747:112-127. |
[4] | CHEN Ai-dong, XU Son, CHEN Yun, et al. Collision based on chosen message sample power clustering attack algorithm[J]. China Communications, 2013(5):114-119. |
[5] | KOCHER P, JAFFE J, JUN B. Differential power analysis[C]//Advances in Cryptology-CRYPTO'99. Boston, MA, USA:Springer, 1999:789-789. |
[6] | FOUQUE A P, VALETTE F. The doubling attack-why upwards is better than downwards[C]//Proc Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES'03). Berlin, Heidelberg:Springer, 2003:269-280. |
[7] | HA J C, JUN Chu-hun, PARK J H, et al. A new CRT-RST scheme resistant to power analysis and fault attack[C]//The Third 2008 ICCHIT.[S.l.]:[s.n.], 2008:351-356. |
[8] | CLAVIER C, FEIX B, GAGNEROT G, et al. Horizontal correlation analysis on exponentiation[C]//Proc ICICS, Lecture Notes in Computer Science. Berlin, Heidelberg:Springer, 2010, 6476:46-61. |
[9] | BAUER A, JAULMES E, PROUFF E, et al. Horizontal and vertical side channel attacks against secure RSA iImplementations[C]//Proc CT-RSA, Lecture Notes in Computer Science. Berlin, Heidelberg:Springer, 2013, 7779:1-17. |
[10] | KIM H S, KIM T H, YOON J C, et al. Practical second-order correlation power analysis on the message blinding method and its novel countermeasure for RSA[J].ETRI Journal, 2010, 32(11):1-4. |
[11] | YEN S M, LIEN W C, MOON S J, et al. Power analysis by exploiting chosen message and internal collisions vulnerability of checking mechanism for RSA decryption[C]//Proc Mycrypt'05. Berlin, Heidelberg:Springer, 2005:183-195. |
[12] | HOMMA N, MIYAMOTO A, AOKI T, et al. Comparative power analysis of modular exponentiation algorithms[J]. IEEE Transactions on Computer, 2010, 59(6):795-807. |
[13] | KOCHER P. Timing attacks on implementations of DiffieHellman, RSA, DSS, and other systems[C]//Advances in Cryptology-CRYPTO'96. Berlin, Heidelberg:Springer, 1996:104-113. |
[14] | WITTEMAN M F, JASPER G J, MENARINI F, et al. Defeating RSA multiply-always and message blinding countermeasures[C]//The Cryptographers' Track at the RSA Conference 2011. San Francisco, CA, USA:[s.n.], 14-18. |
[15] | PERIN G, IMBERT L, TORRES L, et al. Attacking randomized exponentiations using unsupervised Learning[C]//COSADE.[S.l.]:Springer, 2014, 8622:144-160. |
[16] | SPECHT R, HEYSZL J, KLEINSTEUBER M, et al. Improving non-profiled attacks on exponentiations based on clustering and extracting leakage from multi-channel high-resolution EM measurements[C]//The International Workshop on Constructive Side-channel Analysis & Secure Design.[S.l.]:Springer, 2015:3-19. |
[17] | BAUER A, JAULMES E. Correlation analysis against protected SFM implementations of RSA[C]//Proc INDOCRYPT, Lecture Notes in Computer Science.[S.l.]:Springer, 2013, 8520:98-115. |
[18] | BAUER S. Attacking exponent blinding in RSA without CRT[C]//COSADE, Lecture Notes in Computer Science.[S.l.]:Springer, 2012, 7275:82-88. |
[19] | SCHINDLER W. Exclusive exponent blinding may not suffice to prevent timing attacks on RSA[C]//Cryptographic Hardware and Embedded Systems-CHES 2015, Lecture Notes in Computer Science.[S.l.]:Springer, 2015, 9293:229-247. |