CN109257395B - System for defending against side-channel attack - Google Patents

System for defending against side-channel attack Download PDF

Info

Publication number
CN109257395B
CN109257395B CN201811494689.2A CN201811494689A CN109257395B CN 109257395 B CN109257395 B CN 109257395B CN 201811494689 A CN201811494689 A CN 201811494689A CN 109257395 B CN109257395 B CN 109257395B
Authority
CN
China
Prior art keywords
power consumption
module
consumption curve
confusion
pseudo
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811494689.2A
Other languages
Chinese (zh)
Other versions
CN109257395A (en
Inventor
张福健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201811494689.2A priority Critical patent/CN109257395B/en
Publication of CN109257395A publication Critical patent/CN109257395A/en
Application granted granted Critical
Publication of CN109257395B publication Critical patent/CN109257395B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of computer software information security, and discloses a system for resisting bypass attack, which is used for preventing an attacker from obtaining password operation information from a power consumption curve and giving the attacker counterfeit password algorithm operation characteristics. The invention comprises an operation module, a power consumption control module and an operation confusion module, wherein the operation module provides input for the power consumption control module; when the system runs in an algorithm, the power consumption control module coordinates the operation module and the confusion module, so that an algorithm power consumption curve generated by the system is a pseudo power consumption curve generated by the common operation of the operation module and the confusion module. The invention is suitable for bypass attack defense.

Description

System for defending against side-channel attack
Technical Field
The invention relates to the technical field of computer software information security, in particular to a system for resisting bypass attack.
Background
With the rapid development of network technologies, network information technologies have entered into our lives, bringing convenience and causing certain risks. When information is transmitted, encryption processing is often performed on the information, and confidentiality of sensitive information is increased. The security of the information depends on the secure storage capability of the encryption key. Once the key is obtained, the information can be made available to third parties. Many security architectures have been designed for cryptologists to protect against the generation, storage and replacement of keys. From the point of view of clear-ciphertext pairs and exhaustive attacks, the time required to attack algorithms like AES, ECC is in the hundreds of years. But the power consumption of the running of the cryptographic algorithm in the chip exposes the relevant information of the cryptographic characteristics and the key, and a quick method for breaking the key is brought to an attacker. With the power consumption value of the cryptographic operation, an attacker can deduce the cryptographic algorithm and the key data used in a short time.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a system for resisting bypass attack is provided, which is used for preventing an attacker from acquiring cryptographic operation information from a power consumption curve and giving the attacker counterfeit cryptographic algorithm operation characteristics.
In order to solve the problems, the invention adopts the technical scheme that: the system for resisting the bypass attack comprises an operation module, a power consumption control module and an operation confusion module, wherein the operation module provides input for the power consumption control module;
the power consumption control module is preset with a comparison table of the power consumption curve and the influence of key bits on the chip power consumption under various key conditions of the chip;
when the system runs in an algorithm, the power consumption control module coordinates the operation module and the confusion module, so that an algorithm power consumption curve generated by the system is a pseudo power consumption curve generated by the common operation of the operation module and the confusion module, and the algorithm flow for generating the pseudo power consumption curve is as follows:
s1: after the power consumption control module obtains the application key, calculating a simulated power consumption curve according to a preset power consumption curve and a comparison table;
s2: obtaining a power consumption curve which is required to be generated by the confusion module according to the simulated power consumption curve and the selected pseudo power consumption curve, thereby calculating the execution parameters of the confusion module;
s3: and after the power consumption control module transmits the execution parameters to the confusion module, the operation module and the confusion module are operated at the same time until the operation is finished.
If an attacker finds that the power consumption curve does not accord with the characteristics of the algorithm, for example, the AES power consumption curve is forged by using the curve of the ECC, the attacker cannot see multiple rounds of encryption, easily guess that the power consumption curve is forged by the password chip, cannot bring loss to the attacker, and cannot cheat. Therefore, the pseudo power consumption curve selected in step S2 may be a power consumption curve similar or identical to the real power consumption curve as much as possible. If the pseudo power consumption curve selected in step S2 is not similar to or different from the real power consumption curve, the pseudo power consumption curve needs to be compressed or expanded, so that the pseudo power consumption curve is similar to or the same as the real power consumption curve.
Further, when generating the pseudo power consumption curve, the key should be randomly selected, and the hamming weight of the pseudo key value is close to the real key hamming weight. The calculation complexity and the calculation time are close when the Hamming weight is the same, so that the method is more deceptive.
The invention has the beneficial effects that:
1. the power consumption analysis can be effectively resisted, and a false power consumption characteristic is given to an attacker by the deception;
2. the method can be realized on the premise of not changing the existing code, and the redundancy and readability of the code are not influenced;
both software-implemented code and hardware-implemented logic can be protected against bypass attacks and spoofing attackers by the design, which has the advantage of being weakly associated with algorithm engineering, without having to modify algorithm engineering source code, and without having to deliberately develop rules to avoid power consumption analysis.
Drawings
FIG. 1 is a state diagram of the system of the present invention;
fig. 2 is an algorithm flow of the present invention.
Detailed Description
The invention mainly adds two modules on the basis of the original operation module to ensure that the power consumption output by the password chip is pseudo power consumption, thereby preventing bypass attack and deception attackers on the premise of realizing the code of the operation module without modification and improving the safety capability of the algorithm chip.
The two newly added modules are respectively a power consumption control module and an operation confusion module. The operation module provides input for the power consumption control module, and the power consumption control module provides input for the operation confusion module.
After the version of the operation module is determined, when the power consumption control module is operated for the first time, two elements need to be determined:
1. the determination of the pseudo algorithm power consumption curve, a large number of power consumption curves can be obtained through power consumption collection, and the selection of the pseudo algorithm power consumption curve has two principles:
and (3) selecting similar or same algorithms, namely selecting the grouping algorithm as much as possible by the pseudo algorithm, wherein the closer the algorithm is, the smaller the difference of the power consumption curves generated by the algorithm is, and otherwise, the curve is compressed or expanded. Modern cryptosystems are only key-safe, the selection of the algorithm can increase the difficulty of decoding by an attacker, but more often, the attacker knows the type of the crypto algorithm and only does not know the key, if the attacker finds that the power consumption curve does not conform to the characteristics of the algorithm, for example, the power consumption curve is forged by using the curve AES of the ECC, then a plurality of rounds of encryption cannot be seen, the power consumption curve is easily guessed to be forged by the crypto chip, the loss cannot be brought to the attacker, and the purpose of deception cannot be achieved.
The key is randomly selected and the Hamming weight of the pseudo key value is ensured to be close to the Hamming weight of the real key as much as possible, and the difference of the power consumption curve in the minimum unit depends on the value of a bit in the key stream, so that theoretically, when the key has the same Hamming weight, the calculation complexity is close and the operation time is close.
2. The operation confusion module contains a plurality of basic operation units. Take the case of the operation of adding large numbers and multiplying large numbers, in which the power consumption of the large number addition operation is noted as PaddThe power consumption of the large number multiplication operation is marked as PmulAccording to the power consumption value required to be generated at the time t, the number n of times of the large number multiplication operation required to be performed at the time t is obtained as Ps/PmulThe number of times of the large number addition operation
Figure BDA0001896571090000031
In the actual use process, the power consumption control module coordinates the operation module and the confusion module to make the generated curve be a pseudo-algorithm power consumption curve.
The power consumption curve obtained by the bypass attacker is the power consumption generated by the joint operation of the operation module and the confusion module, the password characteristics in the power consumption value curve are forged, and therefore the deduced secret key is only possible to be wrong. Therefore, the method can defend against side-channel attacks and spoof attackers.
The selection of a certain point value of the pseudo power consumption curve can give different operation combinations according to different accuracies, and the accuracy is selected as the input of the confusion module and determines the basic unit of the confusion module. Assume its basic unit as { P0,P1,P2…PnThen, for the power consumption P generated by the operation moduletAll exist { a0,a1,a2…anMake Ps=Pt'+Pmax-Pt=a0P0+a1P1+…anPnWherein a isiIs a natural number, i is more than or equal to 0 and less than or equal to n.
In a specific embodiment of the present invention, as shown in fig. 1 and 2, a specific process for generating the pseudo power consumption curve is as follows:
s1, the power consumption control module presets a power consumption curve of the chip under various key conditions and a comparison table of the influence of key bits on the power consumption of the chip before delivery;
s2: after the power consumption control module obtains the application key, calculating a simulated power consumption curve according to a preset power consumption curve and a comparison table;
s3: obtaining a power consumption curve which is required to be generated by the confusion module according to the simulated power consumption curve and the selected pseudo power consumption curve, thereby calculating the execution parameters of the confusion module;
s4: and after the power consumption control module transmits the execution parameters to the confusion module, the operation module and the confusion module are operated at the same time until the operation is finished.

Claims (2)

1. The system for resisting the bypass attack is characterized by comprising an operation module, a power consumption control module and an operation confusion module, wherein the operation module provides input for the power consumption control module;
the power consumption control module is preset with a comparison table of the power consumption curve and the influence of key bits on the chip power consumption under various key conditions of the chip;
when the system runs in an algorithm, the power consumption control module coordinates the operation module and the confusion module, so that an algorithm power consumption curve generated by the system is a pseudo power consumption curve generated by the common operation of the operation module and the confusion module, and the algorithm flow for generating the pseudo power consumption curve is as follows:
s1: after the power consumption control module obtains the application key, calculating a simulated power consumption curve according to a preset power consumption curve and a comparison table;
s2: obtaining a power consumption curve which is required to be generated by the confusion module according to the simulated power consumption curve and the selected pseudo power consumption curve, thereby calculating the execution parameters of the confusion module; if the pseudo power consumption curve selected in step S2 is not similar to or different from the real power consumption curve, the pseudo power consumption curve needs to be compressed or expanded to make the pseudo power consumption curve similar to or the same as the real power consumption curve;
s3: and after the power consumption control module transmits the execution parameters to the confusion module, the operation module and the confusion module are operated at the same time until the operation is finished.
2. The system for defending against side channel attacks of claim 1, wherein in generating the pseudo power consumption curve, the key is randomly chosen and the hamming weight of the pseudo key value is close to the real key hamming weight.
CN201811494689.2A 2018-12-07 2018-12-07 System for defending against side-channel attack Active CN109257395B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811494689.2A CN109257395B (en) 2018-12-07 2018-12-07 System for defending against side-channel attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811494689.2A CN109257395B (en) 2018-12-07 2018-12-07 System for defending against side-channel attack

Publications (2)

Publication Number Publication Date
CN109257395A CN109257395A (en) 2019-01-22
CN109257395B true CN109257395B (en) 2020-10-23

Family

ID=65042633

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811494689.2A Active CN109257395B (en) 2018-12-07 2018-12-07 System for defending against side-channel attack

Country Status (1)

Country Link
CN (1) CN109257395B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102447556A (en) * 2010-10-14 2012-05-09 上海华虹集成电路有限责任公司 DES (data encryption standard) encryption method of resisting differential power analysis based on random offset
CN102983964A (en) * 2012-12-28 2013-03-20 大唐微电子技术有限公司 method and device for improving digital encryption standard resisting differential power analysis
CN104734845A (en) * 2015-03-25 2015-06-24 上海交通大学 Side-channel attack protection method based on full-encryption algorithm pseudo-operation

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7991154B2 (en) * 2008-05-14 2011-08-02 Univeristy of Castilla-La Mancha Exponentiation method using multibase number representation
CN103986571B (en) * 2014-01-15 2018-04-20 上海新储集成电路有限公司 A kind of smart card multi-core processor system and its method for defending differential power consumption analysis
US10367637B2 (en) * 2016-07-22 2019-07-30 Qualcomm Incorporated Modular exponentiation with transparent side channel attack countermeasures

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102447556A (en) * 2010-10-14 2012-05-09 上海华虹集成电路有限责任公司 DES (data encryption standard) encryption method of resisting differential power analysis based on random offset
CN102983964A (en) * 2012-12-28 2013-03-20 大唐微电子技术有限公司 method and device for improving digital encryption standard resisting differential power analysis
CN104734845A (en) * 2015-03-25 2015-06-24 上海交通大学 Side-channel attack protection method based on full-encryption algorithm pseudo-operation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"软件实现的密码系统的旁路攻击防护研究";顾星远;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130715;第1-71页 *

Also Published As

Publication number Publication date
CN109257395A (en) 2019-01-22

Similar Documents

Publication Publication Date Title
Diffie et al. Privacy and authentication: An introduction to cryptography
US20170373832A1 (en) Methods and devices against a side-channel analysis
EP2290872B1 (en) Device for generating a message authentication code for authenticating a message
CN103595525B (en) Desynchronization resistant lightweight RFID bidirectional authentication method
CN107769910B (en) DES (data encryption Standard) protection method and circuit for resisting side channel attack based on L atch PUF (physical unclonable function)
CN104836670B (en) A kind of SM2 signature algorithm security verification method unknown based on random number
CN105306194B (en) For encrypted file and/or the multiple encryption method and system of communications protocol
Merli et al. Protecting PUF error correction by codeword masking
Kheshaifaty et al. Preventing multiple accessing attacks via efficient integration of captcha crypto hash functions
CN106664204A (en) Differential power analysis countermeasures
CN103795527A (en) Software mask defense scheme capable of preventing attack on advanced encryption standard (AES) algorithm based on power analysis
Dobraunig et al. Fault attacks on nonce-based authenticated encryption: Application to keyak and ketje
WO2020165932A1 (en) Information processing device, secret computation method, and program
CN107171811A (en) A kind of lightweight RFID safety authentication based on Present algorithms
Wang et al. Exploration of benes network in cryptographic processors: A random infection countermeasure for block ciphers against fault attacks
Jueneman Electronic document authentication
CN109581421A (en) The anti-deception hardware platform of Beidou II navigation message realized based on Verilog language
CN103595523B (en) A file encryption method
CN109257395B (en) System for defending against side-channel attack
Song et al. Secure and fast implementation of ARX-Based block ciphers using ASIMD instructions in ARMv8 platforms
Karp et al. Security-oriented code-based architectures for mitigating fault attacks
CN102360414B (en) Misguiding encryption method capable of correcting pseudorandom sequence
DeMillo Applied Cryptology, cryptographic protocols, and computer security models
Du et al. Secure and verifiable keyword search in multiple clouds
Diffie et al. Privacy and Authentication: An Introduction to Cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant