CN104301088A - Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method - Google Patents
Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method Download PDFInfo
- Publication number
- CN104301088A CN104301088A CN201410484427.3A CN201410484427A CN104301088A CN 104301088 A CN104301088 A CN 104301088A CN 201410484427 A CN201410484427 A CN 201410484427A CN 104301088 A CN104301088 A CN 104301088A
- Authority
- CN
- China
- Prior art keywords
- power consumption
- crypto chip
- chip
- consumption analysis
- crypto
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Tests Of Electronic Circuits (AREA)
Abstract
The invention relates to the technical field of information security, in particular to a crypto chip power consumption analyzing device and method and a power consumption analysis protection device and method. The crypto chip power consumption analyzing device comprises a crypto chip, a sampling resistor, a stabilized voltage supply, an oscilloscope and a PC. The crypto chip is in electric connection with the stabilized voltage supply and the PC and is used for performing cryptographic operations. The cryptographic operations include the step of adding a triggering signal code into a cryptographic algorithm program. The two ends of the sampling resistor are in electric connection with the crypto chip and the stabilized voltage supply respectively. The oscilloscope at least comprises two channels, wherein one channel is used for acquiring triggering signals of the crypto chip, and the other channel is used for acquiring the waveform of voltage across the two ends of the sampling resistor when the crypto chip performs the cryptographic operations. The PC is used for performing power consumption analysis according to the acquired waveform of the voltage. According to the device, power analysis of different algorithms can be performed, and analysis result data are used as basic data for formulating corresponding defensive attack countermeasures, so that the effectiveness of the defensive attack countermeasures is greatly improved.
Description
Technical field
The present invention relates to field of information security technology, particularly relate to a kind of crypto chip power consumption analysis device, method and power consumption analysis protector, method.
Background technology
Constantly perfect along with modern network and the communication technology, data exchange between smart machine becomes increasingly extensive, this, while bringing great convenience to people's life, also brings a severe information security issue, and that is exactly the threat that information is subject to illegal acquisition, malice is distorted.The technology that accesses to your password not only can the confidentiality of guarantee information, and can the integrality of guarantee information and certainty, and oneself warp of cryptographic technique is open from politics, diplomacy and military field trend, develops into a cross discipline in conjunction with technology such as mathematics, computer science, electronics and communication, microelectronics.
The basic thought of cryptographic technique is exactly do certain mathematic(al) manipulation to information, makes the user not knowing key can not understand its real implication.Usually, initial data, we call that expressly the data after conversion are called ciphertext, and the process of conversion is called encryption, and the process being obtained initial data by inverse transformation is called deciphering, and the condition that deciphering needs or information are called key, and key is generally character string.
The course of work of cryptographic system is: sender is to being expressly encrypted conversion, obtain the incoherent ciphertext with original information, if legal user obtains this information, he can restore expressly, and disabled user attempts to obtain this informational needs and pays huge cost.From the workflow of cryptographic system and may exist by the situation of attacking, we can know, message plain text encryption is ciphertext by a cryptographic algorithm by the sender of information, then send recipient to by unsafe channel, be decrypted with known key after recipient receives ciphertext and obtain expressly.
Along with the raising of scientific and technological level, various cryptographic algorithm and safety chip are just being widely used in multiple occasion, also deepen continuously for the attack of cryptographic algorithm and hardware device and Protective Research.In traditional attack technology, assailant can obtain the input and output of crypto chip according to the security protocol of transfer of data, but any information cannot understood about key, crypto chip can regard flight data recorder as, and assailant only can analyze according to the relation between input and output signal the security information inferring chip internal.
But, in the course of work of encryption device reality, except input and output signal, some other information is also had to be detected, as chip power-consumption (energy), sequential, electromagnetic radiation, bug etc., because the main channel of these information not by hardware device input and output data leaks, therefore be called side channel (Side Channel) information.
The information that crypto chip leaks not is directly show with the form of plaintext or ciphertext, but all there is dependency relation in computing, the key of the change of its information and chip internal, in theory, input, output information can be combined with side channel information, form new attack pattern and obtain more efficiently attack effect.Side Multiple Channel Analysis (Side Channel Analysis, SCA) is exactly that the various information utilizing crypto chip to leak in running are analyzed, thus obtains the key messages such as key.These class methods carry out the difference of cryptographic algorithm each several part time used, power consumption, electromagnetic radiation in analytic operation process mainly through a large amount of data statisticss, and then conjecture key is part or all of, reaches the effect of attacking cryptographic system.Side Multiple Channel Analysis mainly comprises time series analysis and attacks (Timing Analysis Attack), electromagnetic analysis attacks (Electromagnetic Analysis Attack), error injection attack (Fault Injection Attack) and power consumption analysis attack (Power Analysis Attack) etc.
Power consumption analysis attack is also known as power analysis, the feasibility of attacking is the correlation between the energy that cryptographic algorithm consumes and key, cryptographic algorithm (comprises AES, SMS4, DES) no matter be by software simulating in crypto chip or pass through hardware implementing, all need to complete all computings by integrated circuit, thus the power consumption of cryptographic algorithm is expressly relevant with key to processed, and assailant can analyze the value of key by a large amount of power consumption sample of statistics.Power consumption analysis attack oneself through becoming one of the most effective and the most frequently used attack method.Power consumption analysis attack is divided into four large classes, i.e. simple power consumption analysis (Simple Power Analysis, SPA), differential power consumption analysis (Differential Power Analysis, DPA), correlation power analysis (Correlation Power Analysis, and high-order power consumption analysis (High Order Differential Power Analysis, HODPA) CPA).
In order to effectively defend power consumption analysis attack, need to carry out countercheck research, and want to obtain effective Defense Countermeasure, just must current power consumption analysis be studied (consumption detection, analysis), with the information of correlation between energy and key obtaining that cryptographic algorithm consumes, and carry out corresponding Defense Countermeasure research based on this, due to the particularity of crypto chip, at present, yet there are no the open source literature of power consumption analysis system and the correlation analysis method set up based on defence power consumption analysis attack in correlation technique.
Summary of the invention
The object of the present invention is to provide a kind of crypto chip power consumption analysis device, method and power consumption analysis protector, method, to solve the above problems.
In an embodiment of the present invention, provide a kind of crypto chip power consumption analysis device, comprising:
Crypto chip, sampling resistor, stabilized voltage power supply, oscilloscope and PC; Crypto chip is electrically connected with stabilized voltage power supply and PC, for being encrypted operation; Wherein, close cryptographic operation comprises: in cryptographic algorithm program, add the triggering signal code for representing crypto chip operating state; The two ends of sampling resistor are electrically connected with crypto chip and stabilized voltage power supply respectively; Oscilloscope at least comprises two passages, and one of them passage is for obtaining the triggering signal of crypto chip, and another passage is for obtaining the voltage waveform at crypto chip sampling resistor two ends when being encrypted operation; The voltage waveform that PC is used for according to obtaining carries out power consumption analysis.
Further, crypto chip is AVR single chip ATmega16 chip.
Further, triggering signal adopts outer triggering signal.
Further, the resistance adopting resistance is 10 ohm.
In an embodiment of the present invention, additionally provide a kind of crypto chip power consumption analysis method, comprising:
Obtain the voltage waveform data of crypto chip;
Preliminary treatment is carried out to the voltage waveform data obtained;
Responsive waveform is being extracted as sample waveform in pretreated voltage waveform data;
Data analysis is carried out to described sample waveform and obtains key information.
Further, before obtaining the voltage waveform data of crypto chip, also comprise: input plaintext is also encrypted operation to inputted plaintext.
In an embodiment of the present invention, additionally provide a kind of crypto chip power consumption analysis protector, comprising: the electric capacity being parallel to crypto chip two ends.
Further, the capacity of electric capacity is 0.1 μ F.
In an embodiment of the present invention, additionally provide a kind of crypto chip power consumption analysis means of defence, comprising: after the XOR of DES algorithm, add multiplying.
Compared with prior art the invention has the beneficial effects as follows: by crypto chip power consumption analysis device, establish crypto chip power consumption analysis to detect and analysis platform, the power consumption analysis of algorithms of different can be carried out by this detection, analysis platform, and using analysis result data as the basic data formulating corresponding defensive attack countermeasure, substantially increase the validity of defensive attack countermeasure.
Accompanying drawing explanation
Fig. 1 is the structured flowchart of crypto chip power consumption analysis device of the present invention;
Fig. 2 is the circuit diagram of crypto chip power consumption analysis device of the present invention;
Fig. 3 is the flow chart of crypto chip power consumption analysis method of the present invention;
Fig. 4 is that 48 XORs run 328us low-frequency spectra broken line graph;
Fig. 5 is that 48 XORs run 1.16ms low-frequency spectra broken line graph;
Fig. 6 is that 48 XORs run 2.104ms low-frequency spectra broken line graph;
Fig. 7 is that 48 XORs run 2.576ms low-frequency spectra broken line graph;
Fig. 8 is 48 XOR multiplication interference low-frequency spectra broken line graphs;
Fig. 9 is 48 XOR multiplication interference low-frequency spectra broken line graphs.
Embodiment
Also by reference to the accompanying drawings the present invention is described in further detail below by specific embodiment.
Shown in ginseng Fig. 1 and Fig. 2, Fig. 1 is the structured flowchart of crypto chip power consumption analysis device of the present invention; Fig. 2 is the circuit diagram of crypto chip power consumption analysis device of the present invention.
Present embodiments provide a kind of chip power-consumption analytical equipment, comprising:
Crypto chip 10, sampling resistor 20, stabilized voltage power supply 30, oscilloscope 40 and PC 50; Crypto chip 10 is electrically connected with stabilized voltage power supply 30 and PC 50, for being encrypted operation; Wherein, close cryptographic operation comprises: in cryptographic algorithm program, add the triggering signal code for representing crypto chip 10 operating state; The two ends of sampling resistor 20 are electrically connected with crypto chip 10 and stabilized voltage power supply 30 respectively; Oscilloscope 40 at least comprises two passages, and one of them passage is for obtaining the triggering signal of crypto chip 10, and another passage is for obtaining the voltage waveform at crypto chip 10 sampling resistor 20 two ends when being encrypted operation; PC 50 is for carrying out power consumption analysis according to the voltage waveform obtained.
The present embodiment is by this crypto chip power consumption analysis device, establish crypto chip power consumption analysis to detect and analysis platform, the power consumption analysis of algorithms of different can be carried out by this detection, analysis platform, and using analysis result data as the basic data formulating corresponding defensive attack countermeasure, substantially increase the validity of defensive attack countermeasure.
This device is powered by accurate stabilized voltage power supply 30, meet power reguirements, the resistance of sampling resistor 20 selection range 1 ~ 100 Ω, if the resistance chosen is excessive, may the normal work of influential system, if the resistance chosen is too little, the resistance both end voltage value collected is too small, and precision is difficult to ensure.The voltage measured can convert current value to by volt-ampere formula, thus obtains the current value of whole system, is used for analyzing the power consumption of crypto chip.Under normal circumstances, voltage available replaces current value analysis, and crypto chip 10 can adopt single-chip minimum system (AVR system), i.e. AVR single chip ATmega16 chip, for running general cryptographic algorithm program.
Pcb board will adopt resistance 20 to be connected between crypto chip 10Vss and ground in order to measure the power consumption waveform that tested crypto chip 10 produces when computing.Oscilloscope 40 can adopt Tyke four-way digital oscilloscope, and the power consumption waveform produced when performing instruction with it to crypto chip 10 encrypting module is sampled.One passage is used for gathering the voltage waveform on sampling resistor 20, the triggering signal of another channel reception crypto chip 10, as the triggering signal of sampling.By sampling, the Wave data obtained is stored in oscilloscope, by transmitting data between communication module and PC.The Wave data that oscilloscope collects also directly can be derived by oscilloscope, and record stores.
Add triggering signal code writing in cryptographic calculation program process.Because there is larger fluctuation in the time interval between test program twice operation, the phase jitter of gained signal is comparatively large, therefore, according to the method for testing collection of general periodic signal, can not can only observe power consumption profile in single triggering signal, collect data.
Triggering signal be can represent encryption chip 10 operating state input or output signal, in this test macro, adopt outer triggering signal.The triggering signal of sampling is input to the digital channel of oscilloscope 40, when oscilloscope 40 detects that namely the Significant Change (rising edge or trailing edge) of triggering signal starts sampling.As before tested program starts, a certain for single-chip microcomputer pin (as PORTA.0) is put 1, then runs tested program, after having run, this pin is set to 0.Waveform corresponding when this pin is high level is tested program waveform.
For this detection, analysis platform, when choosing the value of sampling resistor 20, following requirement should be met: first, ensure crypto chip 10 can run normally and on the impact of power consumption profile to try one's best little; Secondly, guarantee that data have enough dynamic ranges, and required precision and signal to noise ratio will be reached; Finally, sampling resistor 20 will have the good linearity and stability within the scope of wider frequency and voltage, and stray inductance is low.
In this platform preferably the resistance of 10 Ω as sampling resistor.By adopting different sampling resistor 10 to test in a large number, and draw different curve chart and compare known, when choosing 10 Ω resistance, power consumption profile is the most obvious.
At present, in integrated circuit (IC) chip, the work of every one-level door is generally less than 1ns flip-flop transition, and clock frequency is also between several million to tens, and therefore, sample rate needs to reach more than 100MHz, for high-speed chip, needs hundreds of MHz and even upper GHz.
Certain rule is followed in choosing of oscilloscope 40: one is that probe is chosen, and uses difference detector as far as possible.If there is no suitable difference detector, can dual channel mode be adopted, utilize oscilloscope to carry out Difference Calculation.For dual channel mode, each passage adopts direct-current coupling, selects large input, and impedance is large, to reduce the impact on circuit-under-test.Two is sample modes, and general digital oscilloscope provides real-time sampling pattern and equivalent sampling pattern.For real time power consumption, when the phase jitter of pumping signal is larger, the periodicity of waveform is very poor, adopts equivalent mode can introduce larger distortion.Therefore, generally select real-time mode, do not do interpolation with average.Three is trigger modes, according to chip operation situation, selects to represent that the signal of chip operation state is as trigger source.Such as, to asynchronous circuit, if integrated circuit (IC) chip inside provides the answer signal of handshake or response external input, then adopt these signals as trigger source, otherwise adopt outer triggering signal as trigger source, or the senior trigger mode utilizing oscilloscope to provide is arranged for concrete input and output environment.
The operating current of integrated circuit (IC) chip is generally in milliampere magnitude, and signal is relatively weak, and circuit is complicated, and the noise that components and parts produce is comparatively large, and the noise of measured signal is smaller, needs to take multiple measurements same test process, to reduce noise.In addition, the data acquisition equipment of chip transient current should have larger memory space, to process larger data volume, and therefore, system selects Tektronix company oscilloscope TDS5104B.
Oscilloscope generally has several data memory module, jpg, wfm, csv, saves as csv formatted file here.In csv file, the magnitude of voltage of store sample point, oscilloscope sets memory length and stored waveform, conveniently carries out data analysis.
PC 50 mainly completes the transmission of setting to oscilloscope 40 and data, sets up communication mechanism by Ethernet and oscilloscope.PC carries out interactive communication by RS-232 serial ports and pcb board, and single-chip microcomputer carries out encryption, the decryption oprerations of cryptographic algorithm, and oscilloscope 40 gathers Wave data and sends PC to, and PC, to data analysis and treament, carries out power consumption analysis.
PC 50 is communicated with the MAX232 chip on pcb board by serial line interface, realizes the physical connection of single-chip microcomputer and PC 50.By COM Debug Assistant program, the data communication between single-chip microcomputer and PC 50 can be realized.
The built-in networking using Tektronix TDS5104B oscilloscope to carry and the OpenChoice platform of analytic function, realize PC and oscilloscope is interconnected.Oscillographic for Tektronix TDS5104B IP address is arranged with PC in same local area network (LAN), connected with network cable, realize the intercommunication of oscilloscope and PC with ping order, in OpenChoice platform, add corresponding oscillographic IP address, realize both sides interconnected.
Shown in ginseng Fig. 3, Fig. 3 is the flow chart of crypto chip power consumption analysis method of the present invention.
The present embodiment additionally provides a kind of crypto chip power consumption analysis method, comprising:
Step S102, obtains the voltage waveform data of crypto chip;
Step S104, carries out preliminary treatment to the voltage waveform data obtained;
Step S106, is extracting responsive waveform as sample waveform in pretreated voltage waveform data;
Step S108, carries out data analysis to described sample waveform and obtains key information.
In the present embodiment, before obtaining the voltage waveform data of crypto chip, also comprise: input plaintext is also encrypted operation to inputted plaintext.
Above-mentioned power consumption analysis device and method is utilized to carry out simple power analysis citing to crypto chip below:
Write various operation method program, the computing of addition, subtraction, multiplication, division, XOR, power is downloaded in AVR single chip.Single-chip microcomputer is connected with oscilloscope, and oscilloscope shows the waveform of algorithms of different, compares, find out similarities and differences wherein to various algorithm waveform.
(1) power consumption of add operation
Program C code:
Add a triggering signal in a program, triggering signal can produce the pulse of an one fixed width at oscilloscope 2 passage.Intercept the add operation waveform of 1 passage under 2 channel pulses, carry out multiple repairing weld analysis.
To the corresponding data analysis of add operation, the assembly language program(me) that its algorithm correspondence produces is:
What known 3rd higher crest was corresponding is add operation, wherein:
△t=5us
1/△t=200.0KHz
U=4.2×50.0mV
Through organizing measurement, the mean value of U is 4.1 × 50.0mv more.
Addition program produces 6 higher crests in oscilloscope, and each higher crest heel, with a little crest, is observed other algorithms and whether also produced this kind of crest.
(2) power consumption of subtraction
Program C code:
Add a triggering signal in a program, triggering signal can produce the pulse of an one fixed width at oscilloscope 2 passage.Intercept the subtraction waveform of 1 passage under 2 channel pulses, carry out multiple repairing weld analysis.
To subtraction data analysis, the assembly language program(me) that its algorithm correspondence produces is:
What known 3rd higher crest was corresponding is subtraction, wherein:
△t=5us
1/△t=200.0KHz
U=4.4×50.0mv
Through organizing measurement, the mean value of U is 4.5 × 50.0mv more.
The phenomenon of each higher crest heel with a little crest is created equally in subtraction algorithm, similar to add operation.
(3) power consumption of multiplying
Program C code:
Add a triggering signal in a program, triggering signal can produce the pulse of an one fixed width at oscilloscope 2 passage.Intercept the multiplying waveform of 1 passage under 2 channel pulses, carry out multiple repairing weld analysis.
To multiplying data analysis, the assembly language program(me) that its algorithm correspondence produces is:
Known have multiple crest to correspond to multiplying, wherein:
△t=5us
1/△t=200.0kHz
U=4.5×50.0mv
Through organizing measurement, the mean value of U is 4.4 × 50.0mv more.
Little crest is there is equally in multiplication algorithm.
(4) power consumption of division arithmetic
Program C code:
Add a triggering signal in a program, triggering signal can produce the pulse of an one fixed width at oscilloscope 2 passage.Intercept the division arithmetic waveform of 1 passage under 2 channel pulses, carry out multiple repairing weld analysis.
To division arithmetic data analysis, the assembly language program(me) that its algorithm correspondence produces is:
Known have multiple crest to correspond to division arithmetic, wherein:
△t=5us
1/△t=200.0kHz
U=4.8×50.0mv
Through organizing measurement, the mean value of U is 4.9 × 50.0mv more.
Also little crest is there is in division algorithm.
(5) power consumption of XOR
Program C code:
Add a triggering signal in a program, triggering signal can produce the pulse of an one fixed width at oscilloscope 2 passage.Intercept the XOR waveform of 1 passage under 2 channel pulses, carry out multiple repairing weld analysis.
To XOR data analysis, the assembly language program(me) that its algorithm correspondence produces is:
Known 3rd larger crest corresponds to XOR, wherein:
△t=5us
1/△t=200.0kHz
U=3.9×50.0mv
Through organizing measurement, the mean value of U is at 4.0 × 50.0mv more.
Also little crest is there is in XOR algorithm.
(6) power consumption of squares algorithms
Program C code:
Add a triggering signal in a program, triggering signal can produce the pulse of an one fixed width at oscilloscope 2 passage.Intercept the power operation waveform of 1 passage under 2 channel pulses, carry out multiple repairing weld analysis.
Waveform 25 power operation, because there is multiplication loop therefore waveform is intensive, its waveform is similar to multiplication.Because there is for circulation, institute thinks 5 times of multiplication cycle.Corresponding assembler is comparatively complicated, is not easy to analyze corresponding crest.
Parametric statistics:
t1=-200ns
t2=56.89us
△t=57.09us
1/△t=17.52kHz
, still there is little crest in viewing after being amplified by squares algorithms.
Analyze known according to above computing waveform, data and assembler, the power consumption of nonidentity operation same frequency sampling is different.Through mass data Measurement and analysis, the sample power consumption of computing different frequency of the same race is without larger change, substantially identical.The computing power consumption of XOR, addition and subtraction is less, and multiplication takes second place, division and power the highest.Can be for further study, compared by the waveform of various computing and data, determine which kind of computing a kind of algorithm of the unknown carries out.
When finding display waveform on oscilloscope in experimentation, each higher (master) crest can follow little (secondary) crest, and these little crests can not directly find corresponding program segment from program.Therefore analyze and draw, for AVR single chip, little crest may be after each operational order, when upper once computing produces, by the power consumption produced in system command transmitting procedure.
Above-mentioned power consumption analysis device and method is utilized to carry out DES algorithm spectrum analysis citing below:
Take turns in computing in each of DES, have seven computings, respectively:
(1) 64 grouping (being divided into L and R) computing;
(2) DES expansion displacement E, 32bit ~ 48bit;
(3) generation of round key K;
(4) f computing: 48 XORs;
(5) S box displacement;
(6) in-place computation P, 32bit ~ 48bit;
(7) L and K after f computing with L XOR.
Here, the 4th step f computing is made a concrete analysis of: the spectral characteristic of 48 XORs.48 XORs are specific algorithms in DES algorithm.Essence does 48 to take turns XOR, and specific procedure code is:
for(i=0;i<48;i++)
{worka[i]=worka[i]^kn[i];}
For obtaining 48 XORs than more comprehensive spectral characteristic, before, during and after 48 XORs are temporally divided into, last four-stage.48 XOR 2.64ms consuming time altogether, four periods are 328us, 1.16ms, 2.104ms, 2.576ms respectively, the low-frequency spectra characteristic in its each stage of observation analysis.Shown in ginseng Fig. 4 to Fig. 7, Fig. 4 is that 48 XORs run 328us low-frequency spectra broken line graph, Fig. 5 is that 48 XORs run 1.16ms low-frequency spectra broken line graph, and Fig. 6 is that 48 XORs run 2.104ms low-frequency spectra broken line graph, and Fig. 7 is that 48 XORs run 2.576ms low-frequency spectra broken line graph.
Make correlation analysis at first 30 to above Fig. 4 to Fig. 7.Fig. 4,5 coefficient correlation be 0.478245; Fig. 4,6 coefficient correlation be 0.427419; Fig. 4,7 coefficient correlation be 0.487471; Fig. 5,6 coefficient correlation be 0.636359; Fig. 5,7 coefficient correlation be 820428; Fig. 6,7 coefficient correlation be 0.759992.Intuitively can draw in every width figure, have three crests, four troughs from figure.Therefore, can reach a conclusion: 48 XORs are in operation Different periods, and the trend of their low frequency curve is all substantially identical.Coefficient correlation all about 0.5, and has three crests, four troughs.The algorithm that can come to run in routine analyzer according to 48 these low frequency characteristics of XOR.
48 XORs are exactly that XOR taken turns by work 48 in essence.Known there is very big-difference when the low-frequency spectra merchandiser of the hybrid operation of XOR and multiplication solely does XOR, multiplying by Algorithm Analysis.Therefore, add a multiplying after each XOR in 48 XORs, to improve its fail safe.Program changes into:
for(i=0;i<48;i++)
{worka[i]=worka[i]^kn[i],z=x*y;}
After update routine, frequency-domain and time-domain waveform all will change.
(1) frequency domain interference
Shown in ginseng Fig. 8 to Fig. 9, Fig. 8 is 48 XOR multiplication interference low-frequency spectra broken line graphs, and Fig. 9 is 48 XOR multiplication interference low-frequency spectra broken line graphs.After having added multiplication interference program, the frequency spectrum of 48 XORs has become more crypto set, is also more difficult to find rule.In addition, after having added interference program, the time also corresponding increase of computing.
(2) time domain interference
48 XOR multiplication interference time domain situation data:
Time started: t1=-24.4ms
End time: t2=-19.2ms
Consuming time: △ t=5.2ms
Frequency: 1/ △ t=192.3Hz
48 XOR multiplication interference time domain datas:
Time started: t1=-24.4ms
End time: t2=-19.2ms
Consuming time: △ t=5.2ms
Frequency: 1/ △ t=192.3Hz
48 XOR time domain datas:
Time started: t1=-22.4ms
End time: t2=-19.76ms
Consuming time: △ t=2.64ms
Frequency: 1/ △ t=378.8Hz
When adding a multiplying after each XOR in 48 XORs, time domain and frequency-domain waveform all there occurs change.Therefore, carry out disturbing the fail safe that can improve DES algorithm to 48 XORs with multiplication.
In sum, by increasing independent programs in DES algorithm, namely after the XOR of DES algorithm, adding multiplying, the spectrum analysis to DES algorithm can be disturbed, thus improve the fail safe of DES algorithm.
The present embodiment additionally provides a kind of crypto chip power consumption analysis protector, comprising: the electric capacity being parallel to crypto chip two ends, can adopt the electric capacity of 0.1 μ F.This electric capacity, not affecting under the condition that chip normally works, can reduce the fluctuation of circuital current, fall lower powered excursion.According to sampling thheorem, the sample frequency of oscilloscope 40 must higher than the twice of input signal highest frequency, and power consumption profile just can be restored.By shunt capacitance, filtering is carried out to circuit, there is obvious change in the power consumption profile that sampling resistor obtains, after Fourier transform, frequency spectrum also there occurs great changes, when assailant utilizes sampling curve to carry out the acquisition of the conjecture of key or sensitive information, therefore can utilize the method for parallel filtering electric capacity, resist the attack of assailant.
A series of detailed description listed is above only illustrating for feasibility execution mode of the present invention; they are also not used to limit the scope of the invention, all do not depart from the skill of the present invention equivalent implementations done of spirit or change all should be included within protection scope of the present invention.
To those skilled in the art, obviously the invention is not restricted to the details of above-mentioned one exemplary embodiment, and when not deviating from spirit of the present invention or essential characteristic, the present invention can be realized in other specific forms.Therefore, no matter from which point, all should embodiment be regarded as exemplary, and be nonrestrictive, scope of the present invention is limited by claims instead of above-mentioned explanation, and all changes be therefore intended in the implication of the equivalency by dropping on claim and scope are included in the present invention.Any Reference numeral in claim should be considered as the claim involved by limiting.
In addition, be to be understood that, although this specification is described according to execution mode, but not each execution mode only comprises an independently technical scheme, this narrating mode of specification is only for clarity sake, those skilled in the art should by specification integrally, and the technical scheme in each embodiment also through appropriately combined, can form other execution modes that it will be appreciated by those skilled in the art that.
Claims (9)
1. a crypto chip power consumption analysis device, is characterized in that, comprising: crypto chip, sampling resistor, stabilized voltage power supply, oscilloscope and PC;
Described crypto chip is electrically connected with described stabilized voltage power supply and PC, for being encrypted operation; Wherein, described close cryptographic operation comprises: in cryptographic algorithm program, add the triggering signal code for representing described crypto chip operating state;
The two ends of described sampling resistor are electrically connected with described crypto chip and stabilized voltage power supply respectively;
Described oscilloscope at least comprises two passages, and one of them passage is for obtaining the triggering signal of described crypto chip, and another passage is for obtaining the voltage waveform at described crypto chip described sampling resistor two ends when being encrypted operation;
Described PC is used for carrying out power consumption analysis according to the voltage waveform of described acquisition.
2. crypto chip power consumption analysis device according to claim 2, is characterized in that, described crypto chip is AVR single chip ATmega16 chip.
3. crypto chip power consumption analysis device according to claim 3, is characterized in that, described triggering signal adopts outer triggering signal.
4. according to crypto chip power consumption analysis device according to claim 4, it is characterized in that, the resistance of described employing resistance is 10 ohm.
5. a crypto chip power consumption analysis method, is characterized in that, comprising:
Obtain the voltage waveform data of crypto chip;
Preliminary treatment is carried out to the voltage waveform data obtained;
Responsive waveform is being extracted as sample waveform in pretreated voltage waveform data;
Data analysis is carried out to described sample waveform and obtains key information.
6. crypto chip power consumption analysis method according to claim 5, is characterized in that, before obtaining the voltage waveform data of crypto chip, also comprises: input plaintext is also encrypted operation to inputted plaintext.
7. a crypto chip power consumption analysis protector, is characterized in that, comprising: the electric capacity being parallel to crypto chip two ends.
8. crypto chip power consumption analysis protector according to claim 7, it is characterized in that, the capacity of described electric capacity is 0.1 μ F.
9. a crypto chip power consumption analysis means of defence, is characterized in that, comprising: after the XOR of DES algorithm, add multiplying.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410484427.3A CN104301088A (en) | 2014-09-20 | 2014-09-20 | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410484427.3A CN104301088A (en) | 2014-09-20 | 2014-09-20 | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104301088A true CN104301088A (en) | 2015-01-21 |
Family
ID=52320668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410484427.3A Pending CN104301088A (en) | 2014-09-20 | 2014-09-20 | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104301088A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734842A (en) * | 2015-03-13 | 2015-06-24 | 上海交通大学 | Resisting method of circuit on side channel attack based on pseudo-operation |
| CN105737994A (en) * | 2016-03-02 | 2016-07-06 | 中国人民解放军军械工程学院 | Analysis and processing method for cipher chip light leakage acquisition noise |
| CN105760612A (en) * | 2016-02-26 | 2016-07-13 | 中国科学院计算技术研究所 | Assertion detection device, method, system and chip for post-silicon chip verification |
| CN106126811A (en) * | 2016-06-22 | 2016-11-16 | 张升泽 | The power method for drafting of electronic chip and system |
| CN106154014A (en) * | 2016-06-20 | 2016-11-23 | 张升泽 | The voltage method for drafting of electronic chip and system |
| CN106771551A (en) * | 2016-11-25 | 2017-05-31 | 上海华虹集成电路有限责任公司 | Collection smart card runs the device of power consumption information |
| WO2017219192A1 (en) * | 2016-06-20 | 2017-12-28 | 张升泽 | Electronic chip voltage drawing method and system |
| WO2017219279A1 (en) * | 2016-06-22 | 2017-12-28 | 张升泽 | Method and system for drawing power of electronic chip |
| CN110990220A (en) * | 2019-11-25 | 2020-04-10 | 北京中电华大电子设计有限责任公司 | Power consumption signal acquisition device of integrated many interfaces |
| CN116381469A (en) * | 2023-06-07 | 2023-07-04 | 中汽研软件测评(天津)有限公司 | Method and device for testing chip power consumption channel measurement information cross-validation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050232416A1 (en) * | 2004-04-19 | 2005-10-20 | Infineon Technologies Ag | Method and device for determining a result |
| CN1758591A (en) * | 2004-01-19 | 2006-04-12 | 三星电子株式会社 | In encryption system, handle method, circuit and the program product of masked data |
| CN202584139U (en) * | 2012-04-17 | 2012-12-05 | 北京电子科技学院 | Physical experiment platform for power consumption analysis of cryptographic chip |
-
2014
- 2014-09-20 CN CN201410484427.3A patent/CN104301088A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1758591A (en) * | 2004-01-19 | 2006-04-12 | 三星电子株式会社 | In encryption system, handle method, circuit and the program product of masked data |
| US20050232416A1 (en) * | 2004-04-19 | 2005-10-20 | Infineon Technologies Ag | Method and device for determining a result |
| CN202584139U (en) * | 2012-04-17 | 2012-12-05 | 北京电子科技学院 | Physical experiment platform for power consumption analysis of cryptographic chip |
Non-Patent Citations (2)
| Title |
|---|
| 陈艾东: "《模幂算法功耗分析攻击的研究》", 《中国优秀博士学位论文全文数据库(电子期刊)》 * |
| 韩军: "《RSA密码算法的功耗轨迹分析及其防御措施》", 《计算机学报》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104734842A (en) * | 2015-03-13 | 2015-06-24 | 上海交通大学 | Resisting method of circuit on side channel attack based on pseudo-operation |
| CN104734842B (en) * | 2015-03-13 | 2018-06-08 | 上海交通大学 | Method is resisted in circuits bypass attack based on pseudo-operation |
| CN105760612A (en) * | 2016-02-26 | 2016-07-13 | 中国科学院计算技术研究所 | Assertion detection device, method, system and chip for post-silicon chip verification |
| CN105760612B (en) * | 2016-02-26 | 2018-12-04 | 中国科学院计算技术研究所 | Detection device, method, system, chip are asserted for chip checking after silicon |
| CN105737994A (en) * | 2016-03-02 | 2016-07-06 | 中国人民解放军军械工程学院 | Analysis and processing method for cipher chip light leakage acquisition noise |
| CN105737994B (en) * | 2016-03-02 | 2018-07-31 | 中国人民解放军军械工程学院 | Crypto chip light reveals analysis and the processing method of acquisition noise |
| WO2017219192A1 (en) * | 2016-06-20 | 2017-12-28 | 张升泽 | Electronic chip voltage drawing method and system |
| CN106154014A (en) * | 2016-06-20 | 2016-11-23 | 张升泽 | The voltage method for drafting of electronic chip and system |
| WO2017219279A1 (en) * | 2016-06-22 | 2017-12-28 | 张升泽 | Method and system for drawing power of electronic chip |
| CN106126811A (en) * | 2016-06-22 | 2016-11-16 | 张升泽 | The power method for drafting of electronic chip and system |
| CN106771551A (en) * | 2016-11-25 | 2017-05-31 | 上海华虹集成电路有限责任公司 | Collection smart card runs the device of power consumption information |
| CN110990220A (en) * | 2019-11-25 | 2020-04-10 | 北京中电华大电子设计有限责任公司 | Power consumption signal acquisition device of integrated many interfaces |
| CN116381469A (en) * | 2023-06-07 | 2023-07-04 | 中汽研软件测评(天津)有限公司 | Method and device for testing chip power consumption channel measurement information cross-validation |
| CN116381469B (en) * | 2023-06-07 | 2023-08-15 | 中汽研软件测评(天津)有限公司 | Method and device for testing chip power consumption channel measurement information cross-validation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104301088A (en) | Crypto chip power consumption analyzing device and method and power consumption analysis protection device and method | |
| Merli et al. | Semi-invasive EM attack on FPGA RO PUFs and countermeasures | |
| Petrvalsky et al. | Differential power analysis attack on ARM based AES implementation without explicit synchronization | |
| Fournaris et al. | An efficient multi-parameter approach for FPGA hardware Trojan detection | |
| Shan et al. | Evaluation of correlation power analysis resistance and its application on asymmetric mask protected data encryption standard hardware | |
| Feng et al. | MLP and CNN-based classification of points of interest in side-channel attacks | |
| Zajic et al. | Path loss prediction for electromagnetic side-channel signals | |
| Gai et al. | Attacking the edge-of-things: A physical attack perspective | |
| Iyer et al. | An ANOVA method to rapidly assess information leakage near cryptographic modules | |
| Kim et al. | Side channel attacks on cryptographic module: EM and PA attacks accuracy analysis | |
| Ngo et al. | Method taking into account process dispersions to detect hardware Trojan horse by side-channel | |
| Saab et al. | Key extraction from the primary side of a switched-mode power supply | |
| Iyer | An adaptive measurement protocol for fine-grained electromagnetic side-channel analysis of cryptographic modules | |
| Genevey-Metat et al. | Combining sources of side-channel information | |
| CN105591739A (en) | Secret key analysis method based on optical Hamming weight | |
| CN109885960A (en) | A kind of embedded chip hardware Trojan horse design method based on electromagnetism bypass analysis | |
| Di Lorenzo | Comparison between Differential and Correlation Power Analysis Attacks on Embedded Systems | |
| Judy et al. | Electromagnetic waveform characterization for side-channel attacks on aes encryption | |
| Zhao et al. | An Optimization for Differential Power Analysis Based on Time Series Verification | |
| Polian et al. | Fault-based attacks on cryptographic hardware | |
| Meng et al. | An implementation of trojan side-channel with a masking scheme | |
| Gallagher | Measuring System-on-a-Chip Data Leaks over Radio Transmissions of Small Satellites | |
| Jevtic et al. | Side-channel Attack Countermeasure Based on Power Supply Modulation | |
| Yu et al. | Research on low-pass filter and denoising autoencoder for side channel attack | |
| Kim et al. | Analysis of Filtering Window Impacts on Estimation Accuracy of Information Leakage from Exposed Power Delivery Network of Cryptographic Devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150121 |