CN108521325B - Side channel attack prevention method suitable for system data full life cycle - Google Patents

Side channel attack prevention method suitable for system data full life cycle Download PDF

Info

Publication number
CN108521325B
CN108521325B CN201810257172.5A CN201810257172A CN108521325B CN 108521325 B CN108521325 B CN 108521325B CN 201810257172 A CN201810257172 A CN 201810257172A CN 108521325 B CN108521325 B CN 108521325B
Authority
CN
China
Prior art keywords
data
random number
side channel
attack
life cycle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201810257172.5A
Other languages
Chinese (zh)
Other versions
CN108521325A (en
Inventor
李朋林
林喆昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201810257172.5A priority Critical patent/CN108521325B/en
Publication of CN108521325A publication Critical patent/CN108521325A/en
Application granted granted Critical
Publication of CN108521325B publication Critical patent/CN108521325B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/005Countermeasures against attacks on cryptographic mechanisms for timing attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a side channel attack prevention method suitable for a system data full life cycle, which comprises the following steps: step S1, carrying out local time sequence attack for password login authentication; step S2, performing common calculation locally; step S3, carrying out local encryption operation; and step S4, carrying out defense strategy when information data is transmitted. Its advantages are: by constructing a side channel attack defense framework of the system operation side in the full life cycle of the system data operation, the system can ensure the safety of the data and the system in the whole operation cycle, prevent the data from leaking and further ensure the information safety.

Description

Side channel attack prevention method suitable for system data full life cycle
Technical Field
The invention relates to the technical field of computer network communication, in particular to a side channel attack prevention method suitable for the whole life cycle of system data.
Background
In recent years, typical cases of side channels with great influence in the field of computer network communication and international academia are endless, and the typical cases utilize side channel information in different forms to analyze vulnerability of targets, so that the aims of confidentiality, encrypted information acquisition and decryption are fulfilled. The reports of research and technical methods on the side channel attack defense aspect at home and abroad are also emerging, and the main protection method comprises the following steps: the software and hardware mask technology, the dynamic double-track circuit technology, the clock scrambling technology and the like in the implementation.
As a cryptographic analysis technology for cryptographic devices, side channel analysis attack has generated a serious security threat to both cryptographic algorithms and cryptographic devices in reality. These analysis techniques can successfully break mainstream public key cryptography algorithms (e.g., RSA, ECC, SM2), block cryptography algorithms (e.g., DES, AES, SM4), stream cryptography algorithms (e.g., gain, Trivium), and lightweight cryptography algorithms. With the stronger attack capability and the smaller implementation cost of the side channel analysis, the cases that various cryptographic devices are successfully attacked by the side channel analysis are more and more. EISENBATCH et al published Cryptoto 2008 for breaking KeeLoq Remote keyess Entry Systems using an energy attack technique, one of typical applications of which is Remote control of car locks. On the black hat congress of 2015, Tu Yi professor of Shanghai university of transportation demonstrates on site how to crack 3G/4G SIM cards and the like using energy attack techniques.
For the masking technique, in the national invention patent of 2017: the 'signature method for preventing side channel attack from multiple directions' utilizes the mask to carry out mask to the base number and obtains RSA signature or other public key system signatures. In another patent of the same year "method and device for protection against side-channel analysis", each data of a first input set is associated, also by masking techniques, with the corresponding data of a second input set, obtained by applying an exclusive or (XOR) operation on said first and second input data and on all first and second masking parameters in the first and second masking sets, when defining the data. In addition, in many domestic and foreign documents, masking technology is used to resist side channel attacks, for example, in 2007, a masking method is proposed in the paper "Detection Spam Users in Collaborative Filtering", which provides a masking model capable of resisting side channel attacks, differential power analysis becomes difficult by masking intermediate data, and the model is used to make the division of the power consumption curve by the discrimination function of DPA "make mistakes", so that the differentiated result cannot correctly show high correlation goodness. The document 'a novel filtering unreal evaluation method based on deviation degree' also applies a mask technology to a DES encryption algorithm, designs a safe DES algorithm capable of resisting power consumption attack, masks intermediate data by adopting random numbers, performs inversion operation before inquiring an S box storage unit, restores input data, and finally obtains a good anti-attack effect[6]. Therefore, in a plurality of anti-side channel methods, the mask technology is relatively compact and controllable to realize, does not influence the physical design and the working characteristics of a digital circuit, and is widely concerned by academia.
In addition to a mask technology, in numerous patents in China, other technologies are also applied to defend against side channel attacks, in the patent in 2017, 5, the 'side channel attack-resistant intelligent terminal security input method' is a patent in 2017, random parameters are added in the process of calculating the moving speed through improving the calculation mode of the moving speed of a cursor, and even if an attacker can acquire direction sensor data, the actual position of the cursor is difficult to calculate correctly. In our national patent, "a method and an apparatus for defending channel attack on Flush-Reload cache side in cloud environment" uses an implanted protection process, so that the protection process and a target process share a CPU cache, and when the target process runs a related security module, the protection process confuses a shared memory of the security sensitive module with a certain strategy to interfere with the cache state, thereby defending channel attack on Flush-Reload cache side.
Nowadays, cryptographic modules and cryptographic devices are flooded in every corner of people's daily life, and the requirements of people on the capability of cryptographic modules or devices to prevent side channels are increasing continuously. Various hardware including shared bicycles, WIFI, wearable devices, etc. containing passwords are increasingly being applied to various aspects of people's life. From the perspective of side channel attack, these new devices and applications provide an extremely rich target for them first, and pose a huge threat and challenge to their security; however, in view of the prior art, patents and related documents, the academic community does not provide a side channel protection general algorithm model for the whole life cycle of the encryption algorithm, which means that there is an urgent need for a side channel protection general algorithm which is efficient and suitable for high-security devices.
In summary, there is a need for a side channel attack prevention method suitable for the system data full life cycle, which effectively guarantees the security of the system data under the side channel attack, protects the data security, and guarantees the system security, but no report is found about this algorithm at present.
Disclosure of Invention
The invention aims to provide a side channel attack prevention method which effectively ensures the safety of system data under side channel attack, protects the data safety, ensures the system safety and is suitable for the whole life cycle of the system data, aiming at the defects in the prior art.
A method for preventing side channel attacks applicable to a system data full life cycle, the method comprising the steps of:
step S1, carrying out local time sequence attack for password login authentication;
step S2, performing common calculation locally;
step S3, carrying out local encryption operation;
and step S4, carrying out defense strategy when information data is transmitted.
As a preferred technical solution, step S1 includes:
step S11, storing the time sequence attack defense method of the login system mode in the abstract;
and step S12, storing and logging in the system mode in plaintext.
As a preferred technical solution, the method for defending against a time series attack in the digest storage login system manner in step S11 specifically includes the following steps: the method comprises the steps that firstly, all user names and user login passwords of the abstract storage login system are subjected to abstract algorithm processing at the same time, when the user names are matched, hash values which are already subjected to abstract algorithm operation are used by the system, at the moment, when the user logs in, the hash values corresponding to the user names are calculated when the user names are input firstly, and then when the user inputs the passwords again, the system does not perform the hash operation bit by bit according to input bits, but performs the abstract algorithm operation of the passwords after all the passwords are input by the user.
The time sequence attack defense method of the plaintext storage login system mode in the step S12 specifically includes the following steps: when a user inputs a password to perform bit-by-bit matching, the password length is set to be l, when a system detects that an error occurs at the nth bit and the error is not reported immediately, a random number t is randomly generated each time after the nth bit is wrong, wherein the value range of t is between [0, l-n ], the system reports the error after the user inputs n + t bits, in the design of a system defense framework, the normal input frequency is set to be 3, the random number t participates in three times of attempts of an attacker, so that the attacker cannot be accurately positioned to the correct password number by time sequence attack, and when the attacker uses a time sequence attack means to perform three times of attacks, if the random number t participates in the three times of attempts, the system judges that the attacker exists in the system at the moment, and sends an alarm to a manager and temporarily blocks a login device/account number.
As a preferred technical solution, the step S2 includes the step S21: the method comprises the steps of respectively performing operation on hard disk storage and an internal memory of a computer, wherein the internal memory is a small part of area divided by an SRAM, the size of the divided area is hard disk-16 MB and internal memory-128 KB, the size of the divided area can be specifically and finely adjusted according to the actual size of a system, and the redundant operation amount accounts for 3.5% -35% of the total operation amount of the computer.
As a preferable technical solution, the step S2 further includes the step S22: carrying out redundant operation in the computer except for normal operation, wherein the size of the operation parameter is determined by the random number generated by the random number generator and is brought into an operator specified in advance, so that the redundant operation data covers the actual data of the normal operation of the computer; the sum result of the intermediate values of the generated redundant operation data is stored in the divided areas of the internal memory and the hard disk, and after the sum result reaches the upper limit, all the data are deleted and a new round of redundant operation is restarted, so that the actual CPU occupancy, cache allocation, electromagnetic radiation quantity, fan rotating speed and temperature of the computer are influenced by the redundant operation, and a series of monitoring data required for side channel attack are carried out.
As a preferred technical solution, the redundancy operation in step S22 specifically includes the following steps:
step S221, generating a pseudo-random number by using a random number generator or a function, wherein the range of the random number is 0-212In between, two random numbers A, B and C are generated;
step S222, converting the random number A into a binary system according to the following table, combining the last three binary positions into a group from the low order of the binary system, wherein the binary system of each combination respectively corresponds to an operator of the following table, and the rest 8-bit binary systems are used as the number t of operation cycles to participate in operation;
step S223, finishing the operation of the random numbers B and C according to the operator and the cycle number divided by A and storing the random numbers B and C into a disk; when A is2A1A0When 111 is inverted, B and C are inverted and stored in a disk; when A is2A1A0111 is differentOr, when B is XOR-ed with C, storing the XOR-ed B and C into a disk; when A is2A1A0When the left cyclic shift is 101, storing the B and the C into a magnetic disk after the left cyclic shift is carried out for t times; when A is2A1A0When the right cyclic shift is 100, storing the B and the C into the disk after the right cyclic shift is performed for t times; the rest A2A1A0When the number of cycles is equal to 011/010/001/000, the cycle accumulation operation is carried out according to B ═ B Δ C, the cycle number is t, and then the result of the accumulation operation is stored in a magnetic disk;
step S224, in the operation process, the situations of any operation overflow, symbol overflow, memory overflow and disk overflow are all cleared immediately, and new redundant operation is restarted;
step S225, the time period of the redundant operation should be synchronized with the local critical operation time, and the redundant operation can be continuously performed during all the time of the computer operation.
As a preferred technical solution, the step S3 includes the step S31: enhancing the capability of resisting side channel attack by eliminating the dependence of side information and a secret key by introducing random numbers to decompose the secret key into a plurality of groups by using a mask strategy through secret sharing and multi-party security calculation; the hiding countermeasure adopts the difference of averaging the corresponding side information of '0' and '1' to reduce the possibility of distinguishing the corresponding data by the side information; furthermore, by inserting random dummy operations or adding noise in the cryptographic implementation.
As a preferable technical solution, the step S3 further includes the step S32: in combination with the scheme of step S2, a secret sharing scheme of (3,2) is defined, in order to share one bit v, three random bits x1, x2 and x3 are first selected, and x1, x2 and x3 ∈ {0,1} are satisfied, and there is a secret sharing scheme of (3,2)
Figure GDA0003149515690000041
Then, distribution is carried out:
the sharing part of participant P1 is (x1, a1), and has
Figure GDA0003149515690000042
The sharing part of participant P2 is (x2, a2), and has
Figure GDA0003149515690000043
The sharing part of participant P3 is (x3, a3), and has
Figure GDA0003149515690000051
At the moment, any participant alone cannot recover the correct bit v, and the correct v can not be recovered unless at least two participants participate; the most important operation in the computer is XOR, and after the calculation of XOR by using multi-party security calculation in the computer is realized, other operation operations can be indirectly realized by XOR, so that a series of operations in encryption can be realized.
As a preferred technical solution, the method for implementing xor under multi-party security computation is as follows:
let (x1, a1), (x2, a2), (x3, a3) be the secret sharing of v1, let (y1, b1), (y2, b2), (y3, b3) be the secret sharing of v2, and then, in order to calculate a secret
Figure GDA0003149515690000052
Each participant performs a local calculation (z)i,ci) And satisfy
Figure GDA0003149515690000053
And
Figure GDA0003149515690000054
as a preferable technical solution, in step S4, the data transmitting end and the receiving end of both parties of communication have n identical calculation formulas, and the transmitting end has a random number generating device, and generates a random number r from the random number generating device of the transmitting end in each random time range, and then the following steps are performed:
step S41, selecting the ith calculation formula to be used according to the random number r and preset n, that is, i ═ r mod n, selecting the formula fi (x) to be used, and first sending the random number r and the formula sorting number i to the receiving party;
step S42, calculating the random number R by a calculation formula fi (x) selected by the sending end to obtain R ═ fi (R), and similarly, obtaining, by the receiving end, the calculated R according to R and i;
step S43, carrying out XOR between R and information data M to be transmitted at the sending end, namely R ^ M;
step S44, R ≦ M is the actual data to be transmitted in the channel, and the transmitting end sends the actual data to the receiving end, and after receiving the data, the receiving end performs xor on the data and R calculated by itself, that is, to obtain information indicating that R ≦ M ≦ R ≦ M, and thus obtain the correct information of the transmitted data. The invention has the advantages that:
1. the side channel attack prevention method suitable for the system data full life cycle can realize the following technical effects once being put into application: the application of various internet of things and mobile internet represented by smart homes and smart cities is rapidly developed, so that various hardware devices including passwords gradually enter the daily life of people, and the password technology is deeply applied to the aspects of daily life of people from wireless WiFi, bank cards, access controls, mobile phone cards, one-card-through and shared bicycles to mobile terminals such as wearable devices and smart phones with more complex functions. From the perspective of side channel attacks, these new devices and applications provide them with an extremely rich target device in the first place; second, as these devices become more prevalent and attackers have increased their control capabilities, side-channel attacks against them are likely to be more easily implemented, thus posing a significant threat and challenge to the actual security of these devices and applications that rely on them.
2. A defense framework of a data full life cycle is designed aiming at side channel attacks, and the defense framework is aimed at side channel attacks which can be suffered in all stages of data generation, operation, transmission, storage, destruction and the like.
3. A side channel attack prevention overall defense framework aiming at program and hardware encryption is designed, and the side channel attack prevention overall defense framework is suitable for most of secret communication software and equipment.
4. And a related defense algorithm is developed aiming at the side channel attack, so that an attacker cannot acquire any required effective information and data through the algorithm and cannot recover the secret key to finish the decryption of the encrypted information.
5. The chip security protection method is used for defending against side channel attacks of the chip and hardware, particularly against the side channel attacks of the security chip, and chip security is guaranteed.
6. The method is characterized in that systematic design is carried out in four directions of local time sequence attack for password login authentication, local common calculation, local encryption operation and defense strategy during information data transmission, and a side channel attack prevention framework of the full life cycle of data in the system is constructed.
7. By constructing a side channel attack defense framework of the system operation side in the full life cycle of the system data operation, the system can ensure the safety of the data and the system in the whole operation cycle, prevent the data from leaking and further ensure the information safety.
Drawings
FIG. 1 is a schematic diagram of an SCA attack flow framework.
FIG. 2 is a schematic diagram of a time-series attack defense block.
FIG. 3 is a schematic diagram of a local redundant computing defense framework.
Detailed Description
The following detailed description of the present invention will be made with reference to the accompanying drawings.
Referring to fig. 1, fig. 1 is a schematic diagram of an SCA attack flow framework. The method aims at all links which can be attacked by side channels in the whole operation life cycle of any system and three corresponding main side channel attack methods. The scheme aims to construct a method for resisting the currently known mainstream high-harmfulness side channel attack, and does not defend all side channel attack methods.
Therefore, the defense framework of the scheme can protect the whole life cycle of the system and effectively protect the part with greater harm and the key operation data part, so that the data can be safely guaranteed in the side channel attack field from system login to data operation and data transmission, and further the attack in the system is thoroughly stopped.
A. Local execution of time-series attacks for password login authentication
When password login authentication is performed during local login, a time sequence attack under a side channel attack category is encountered. Because a certain function is responsible for comparing whether the password input by the user is the same as the password stored in the system or not in the time sequence attack, if the function is compared from the first place, the function returns immediately after finding that the password is different, and then the function knows which place is probably different by calculating the returning speed, so that the cracking speed of the password can be greatly improved.
Referring to fig. 2, fig. 2 is a schematic diagram of a time-sequence attack defense block. In the scheme, all user names and user login passwords of the system are subjected to summary algorithm processing at the same time, the hash value which is calculated by the summary algorithm is used by the system when the user name is matched, at the moment, the hash value corresponding to the user name is calculated when the user logs in firstly, the hash value is calculated when the user name is input by the user, the system does not perform the hash operation bit by bit according to input bits when the user inputs the password again, the summary algorithm operation of the password is performed after all the passwords are input by the user, and an attacker cannot decode the login password of the user through the return time of bit-by-bit comparison by the processing mode.
Because the user login password is not stored in part of the system database at the present stage by using the digest algorithm, the user password plaintext data is directly stored so as to facilitate the user to perform operations such as password recovery and the like. However, this storage method is extremely dangerous, and the security requirement of the database is extremely high. Therefore, the defense framework of the present invention also includes a time-series attack defense method for the login system method.
When a user inputs a password to perform bit-by-bit matching, the password length is set to be l, when the system detects that an error occurs at the nth bit and the error is not reported immediately, a random number t is randomly generated each time after the nth bit error occurs, wherein the value range of t is between [0, l-n ], and the system reports the error after the user inputs n + t bits. In the design of a systematic defense framework, the normal input frequency is set to be 3, the attacker cannot accurately position the correct password number by time sequence attack because of the participation of a random number t in three times of attempts, and when the attacker uses a time sequence attack means to carry out three times of attacks and then carries out the attack attempt again, the system judges that the attacker exists in the system at the moment, sends an alarm to an administrator and temporarily blocks a login device/account.
B. Performing ordinary calculations locally
When any operation is performed in a computer or a communication system, a series of changes of a local Operating System (OS) and computer hardware components related to related operations, such as a memory, a Cache, a CPU, a special register, a general register and an I/O system, occur.
The invention defines the local general operation in the defense framework to comprise two parts. The first part is all the operations of the operator on the computer system, such as keyboard input, mouse click, mouse track generation by mouse sliding, voice input and other physical operations. The second part is a series of non-encryption common operation operations of the operating system OS on the computer hardware, namely basic addition, subtraction, multiplication and division operations, instruction stream processing, data read-write storage, hard disk reading and the like. All of the above local computations involve hardware changes and are therefore also vulnerable to associated side-channel attacks.
The invention firstly divides the memory into a small part of area for SRAM on the hard disk storage and the memory of the computer, the size of the divided area is hard disk-16 MB and memory-128 KB, the size of the divided area can be pertinently refined and adjusted according to the actual size of the system, in order to avoid the serious influence of redundant operation on the actual calculation efficiency, the redundant operation amount is recommended to be between 3.5 percent and 35 percent of the total operation amount of the computer. The redundant operation is carried out in the computer except the normal operation, the size of the operation parameter is determined by the random number generated by the random number generator and is brought into an operator specified in advance, so that the redundant operation data covers the actual data of the normal operation of the computer. And storing the sum result of the intermediate values of the generated redundant operation data in the divided areas of the memory and the hard disk, and deleting all the data after reaching the upper limit to restart a new round of redundant operation. Therefore, a series of monitoring data necessary for side channel attack, such as actual CPU occupancy, buffer allocation, electromagnetic radiation quantity, fan rotating speed, temperature and the like of the computer, are influenced through redundancy operation. This is, of course, an object of preventing side channel attack by reducing the operation efficiency.
Referring to fig. 3, fig. 3 is a schematic diagram of a local redundancy calculation defense framework. The redundancy operation process is as follows:
1. generating pseudo-random numbers using a random number generator or function, the random number ranging from 0-212In between, two random numbers A, B and C are generated;
2. and (3) operation rules: converting the random number A into a binary system according to the following table, combining the last three binary systems into a group from the low order of the binary system, wherein the binary system of each combination respectively corresponds to an operator of the following table, and the rest 8-bit binary systems are used as the number t of operation cycles to participate in operation;
Figure GDA0003149515690000081
3. respectively finishing the operation of random numbers B and C according to an operator and cycle times divided by A and storing the random numbers B and C into a disk (a, wherein A2A1A0When 111 is inverted, namely B and C are inverted and stored in the disk; b.A2A1A0When the voltage is 111 XOR, the voltage B is XOR-ed with the voltage C and then stored in the disk; c.A2A1A0When the left cyclic shift is 101, namely B and C are both stored in the disk after being circularly shifted for t times; d.A2A1A0When the right cyclic shift is 100, namely B and C are stored in the disk after the right cyclic shift is carried out for t times; the rest A2A1A0011/010/001/000, performing cycle accumulation calculation according to B ═ B Δ C, wherein the cycle number is t, and then storing the accumulation calculation result into a disk);
4. in the operation process, the situations of any operation overflow, symbol overflow, memory overflow and disk overflow are all cleared immediately, and new redundant operation is restarted;
5. the time period of the redundant operation is synchronous with the local key operation time, and can also be continuously operated in all the operation time of the computer;
C. performing cryptographic operations locally
Aiming at the encryption operation performed locally, namely aiming defense schemes adopted when a computer uses various encryption algorithms to perform encryption processing. The module project is based on the basic ideas of random mask technology and multi-party security calculation.
Because the side channel attack essentially implements the key recovery attack by using the side information which is generated in the running process of the cryptographic implementation and depends on the key, the core of the defense strategy is to weaken or even eliminate the direct dependency between the information monitored by the side channel and the key. The invention uses a mask strategy to eliminate the dependence of side information and a secret key by introducing random numbers to decompose the secret key into a plurality of groups by means of secret sharing and multi-party security calculation so as to enhance the capability of resisting side channel attack; the concealment strategy employs averaging the difference between the "0" and "1" corresponding side information to reduce the possibility of distinguishing the corresponding data by the side information, i.e., to reduce the degree of distinguishability of the data to resist side channel attack. Furthermore, by inserting random dummy operations or adding noise in the cryptographic implementation, useful information can be "buried" in the noise, thereby improving the practical security of the cryptographic implementation, which is incorporated herein as part B of the inventive arrangements.
The present invention defines a (3,2) secret sharing scheme. To share a bit v, first three random bits x1, x2, x3 are selected, and x1, x2, x3 ∈ {0,1}, and have
Figure GDA0003149515690000091
Then, distribution is carried out:
the sharing part of participant P1 is (x1, a1), and has
Figure GDA0003149515690000092
The sharing part of participant P2 is (x2, a2), and has
Figure GDA0003149515690000093
The sharing part of participant P3 is (x3, a3), and has
Figure GDA0003149515690000094
At this point neither participant alone can recover the correct bit v. Unless, the correct v can be recovered by at least two participants, such as x1, x3, a1, a3
Figure GDA0003149515690000095
The most important operation in a computer is XOR
Figure GDA0003149515690000096
Firstly, after the exclusive OR is calculated by using the multi-party security calculation in the computer, other operation operations can be indirectly realized by the exclusive OR, so that a series of operations in encryption can be realized.
Let (x1, a1), (x2, a2), (x3, a3) be the secret sharing of v1, and let (y1, b1), (y2, b2), (y3, b3) be the secret sharing of v 2. Then, in order to calculate a secret
Figure GDA0003149515690000097
Each participant performs a local calculation (z)i,ci) And satisfy
Figure GDA0003149515690000098
And
Figure GDA0003149515690000099
secret calculation result for secret sharing under (3,2) threshold
Figure GDA0003149515690000101
First of all observe at
Figure GDA0003149515690000102
(satisfy the following requirements)
Figure GDA0003149515690000103
And
Figure GDA0003149515690000104
) Then, it is observed that for each i e {1,2,3}, there is a coincidence
Figure GDA0003149515690000105
When i is 1, Zi-1 is 3. Therefore, multi-party realization of the exclusive-OR gate circuit is realized. This step is further extended to become a local security solution when performing cryptographic operations.
The information data transmission is divided into two parts. One part is inside a computer host, and registers, internal memories, I/O hardware and the like, particularly a wireless mouse, a wired mouse, a wireless keyboard, a wired keyboard and the like; the other part refers to communication plaintext data transmission of the computer main body between networks. During the information data transmission phase, the relevant side channel attack is extremely easy to be suffered, so the defense of the phase is also extremely necessary.
The data sending end and the receiving end of both communication parties are provided with n identical calculation formulas, the sending end is provided with a random number generating device, and a random number r is generated from the random number generating device of the sending end in each random time range.
D. Defense strategy for information data transmission
1. Selecting an ith calculation formula to be used according to the random number r and preset n, namely i ═ r mod n, selecting a formula Fi (x) to be used, and firstly sending the random number r and the formula sorting number i to a receiving party;
2. calculating the random number R by a calculation formula Fi (x) selected by the sending end to obtain R ═ Fi (R), and similarly, obtaining the calculated R by the receiving end according to R and i;
3. performing XOR on the R and information data M to be transmitted at a transmitting end, namely R ^ M;
and 4, sending the actual data to be transmitted in the channel from the sending end to the receiving end, and after receiving the data, the receiving end firstly performs exclusive or on the data and the R obtained by calculation, namely that R ^ M ^ R ^ M is equal to M, so that correct transmission data information is obtained.
The side channel attack prevention method suitable for the system data full life cycle can realize the following technical effects once being put into application: the application of various internet of things and mobile internet represented by smart homes and smart cities is rapidly developed, so that various hardware devices including passwords gradually enter the daily life of people, and the password technology is deeply applied to the aspects of daily life of people from wireless WiFi, bank cards, access controls, mobile phone cards, one-card-through and shared bicycles to mobile terminals such as wearable devices and smart phones with more complex functions. From the perspective of side channel attacks, these new devices and applications provide them with an extremely rich target device in the first place; second, as these devices become more prevalent and attackers have increased their control capabilities, side-channel attacks against them are likely to be more easily implemented, thus posing a significant threat and challenge to the actual security of these devices and applications that rely on them.
The invention can effectively ensure the safety of the system data under the attack of the side channel, protect the data safety and ensure the system safety through the side channel defense framework and the protection of the whole life of the system data in the framework. Due to the universality of the algorithm in the defense framework, the method can be effectively matched with software and hardware, can effectively protect the software, hardware (chips), personal PC (personal computer), personal mobile equipment and the like in the side channel field, and plays an important role in promoting a guarantee means for the fields of intelligent home, intelligent equipment, intelligent security and information safety.
The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and additions can be made without departing from the method of the present invention, and these modifications and additions should also be regarded as the protection scope of the present invention.

Claims (10)

1. A method for preventing side channel attack for a system data full life cycle, the method comprising the steps of:
step S1, carrying out local time sequence attack for password login authentication; the method comprises the following steps: step S11, a method for defending against a time series attack in a digest storage login system manner, wherein the method for defending against a time series attack in a digest storage login system manner in step S11 is specifically as follows: the method comprises the steps that firstly, all user names and user login passwords of an abstract storage login system are subjected to abstract algorithm processing at the same time, when the user names are matched, hash values which are already subjected to abstract algorithm operation are used by the system, at the moment, when the user logs in, the hash values corresponding to the user names are calculated when the user names are input firstly, and then when the user inputs the passwords again, the system does not perform the hash operation bit by bit according to input bits, but performs the abstract algorithm operation of the passwords after all the passwords are input by the user;
step S2, performing common calculation locally;
step S3, carrying out local encryption operation;
and step S4, carrying out defense strategy when information data is transmitted.
2. The method for preventing side channel attack suitable for system data full life cycle according to claim 1, wherein the step S1 further comprises:
and step S12, storing and logging in the system mode in plaintext.
3. The method of claim 2, wherein the side-channel attack protection scheme is applied to the system data full life cycle,
the time sequence attack defense method of the plaintext storage login system mode in the step S12 specifically includes the following steps: when a user inputs a password to perform bit-by-bit matching, the password length is set to be l, when a system detects that an error occurs at the nth bit and the error is not reported immediately, but after the nth bit is wrong, a random number t is randomly generated every time, wherein the value range of t is between [0, l-n ], the system reports the error after the user inputs n + t bits, in the design of a system defense framework, the normal input frequency is set to be 3, the random number t participates in three times of attempts of an attacker, so that the attacker cannot be accurately positioned to the correct password number by time sequence attack, and when the attacker uses a time sequence attack means to perform three times of attacks, the system judges that the attacker exists in the system at the moment and sends an alarm to an administrator and blocks the temporary login equipment/account.
4. The method for preventing side channel attack suitable for system data full life cycle according to claim 1, wherein the step S2 includes the steps S21: respectively performing operation on a hard disk storage and an internal memory of a computer, wherein the internal memory is a small part of area divided by an SRAM, the size of the divided area is hard disk-16 MB and internal memory-128 KB, the size of the divided area is subjected to targeted fine adjustment according to the actual size of the system, and the redundant operation amount accounts for 3.5-35% of the total operation amount of the computer.
5. The method for preventing side channel attack suitable for system data full life cycle according to claim 4, wherein the step S2 further includes the step S22: carrying out redundant operation in the computer except for normal operation, wherein the size of the operation parameter is determined by the random number generated by the random number generator and is brought into an operator specified in advance, so that the redundant operation data covers the actual data of the normal operation of the computer; the sum result of the intermediate values of the generated redundant operation data is stored in the divided areas of the internal memory and the hard disk, and after the sum result reaches the upper limit, all the data are deleted and a new round of redundant operation is restarted, so that the actual CPU occupancy, cache allocation, electromagnetic radiation quantity, fan rotating speed and temperature of the computer are influenced by the redundant operation, and a series of monitoring data required for side channel attack are carried out.
6. The method for preventing side channel attack suitable for the system data full life cycle according to claim 5, wherein the redundancy operation in step S22 specifically includes the following steps:
step S221, generating a pseudo-random number by using a random number generator or a function, wherein the range of the random number is 0-212In between, two random numbers A, B and C are generated;
step S222, converting the random number A into a binary system according to the following table, combining the last three binary positions into a group from the low order of the binary system, wherein the binary system of each combination respectively corresponds to an operator of the following table, and the rest 8-bit binary systems are used as the number t of operation cycles to participate in operation;
step S223, finishing the operation of the random numbers B and C according to the operator and the cycle number divided by A and storing the random numbers B and C into a disk; when A is2A1A0When 111 is inverted, B and C are inverted and stored in a disk; when A is2A1A0When the voltage is 111 XOR, B is XOR-ed with C and then stored in the disk; when A is2A1A0When the left cyclic shift is 101, storing the B and the C into a magnetic disk after the left cyclic shift is carried out for t times; when A is2A1A0When the right cyclic shift is 100, storing the B and the C into the disk after the right cyclic shift is performed for t times; the rest A2A1A0When the number of cycles is equal to 011/010/001/000, the cycle accumulation operation is carried out according to B ═ B Δ C, the cycle number is t, and then the result of the accumulation operation is stored in a magnetic disk;
step S224, in the operation process, the situations of any operation overflow, symbol overflow, memory overflow and disk overflow are all cleared immediately, and new redundant operation is restarted;
step S225, the time period of the redundant operation should be synchronized with the local critical operation time, and the computer is continuously operated in all the operating time.
7. The method of claim 1, wherein step S3 includes step S31: by means of secret sharing and multi-party security calculation, random numbers are introduced to decompose a secret key into a plurality of groups; averaging the difference between the corresponding side information of "0" and "1"; random dummy operations are inserted or noise is added in the cryptographic implementation.
8. The method for preventing side channel attack suitable for system data full life cycle according to claim 7, wherein step S3 further includes step S32: in the scheme combining step S2, a secret sharing scheme of (3,2) is defined, in order to share one bit v, three random bits x1, x2 and x3 are first selected, and x1, x2 and x3 ∈ {0,1} are satisfied, and there is a secret sharing scheme of (3,2)
Figure FDA0003149515680000031
Then, distribution is carried out:
the sharing part of participant P1 is (x1, a1), and has
Figure FDA0003149515680000032
The sharing part of participant P2 is (x2, a2), and has
Figure FDA0003149515680000033
The sharing part of participant P3 is (x3, a3), and has
Figure FDA0003149515680000034
At this time, any participant alone cannot recover the correct bit v, and at least two participants need to participate to recover the correct v.
9. The method for preventing side channel attack in system data full life cycle according to claim 8, wherein the method of exclusive or implementation under multi-party security calculation is as follows:
let (x1, a1), (x2, a2), (x3, a3) be the secret sharing of v1, let (y1, b1), (y2, b2), (y3, b3) be the secret sharing of v2, and then, in order to calculate a secret
Figure FDA0003149515680000035
Each participant performs a local calculation (z)i,ci) And satisfy
Figure FDA0003149515680000036
And
Figure FDA0003149515680000037
10. the method of claim 1, wherein the n identical calculation formulas are provided for both the sender and the receiver of the data in step S4, and the sender has a random number generator, and generates a random number r from the random number generator of the sender within each random time range, and then the method comprises the following steps:
step S41, selecting the ith calculation formula to be used according to the random number r and preset n, that is, i ═ r mod n, selecting the formula fi (x) to be used, and first sending the random number r and the formula sorting number i to the receiving party;
step S42, calculating the random number R by a calculation formula fi (x) selected by the sending end to obtain R ═ fi (R), and similarly, obtaining, by the receiving end, the calculated R according to R and i;
step S43, the sending end carries out XOR between R and the information data M to be transmitted, namely R is exclusive-ORed with
Figure FDA0003149515680000038
Step S44,
Figure FDA0003149515680000039
Sending actual data to be transmitted in a channel from a sending end to a receiving end, and after receiving the data, the receiving end firstly carries out XOR on the data and R obtained by self calculation to obtain the data
Figure FDA00031495156800000310
Thereby obtaining correct transmission data information.
CN201810257172.5A 2018-03-27 2018-03-27 Side channel attack prevention method suitable for system data full life cycle Expired - Fee Related CN108521325B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810257172.5A CN108521325B (en) 2018-03-27 2018-03-27 Side channel attack prevention method suitable for system data full life cycle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810257172.5A CN108521325B (en) 2018-03-27 2018-03-27 Side channel attack prevention method suitable for system data full life cycle

Publications (2)

Publication Number Publication Date
CN108521325A CN108521325A (en) 2018-09-11
CN108521325B true CN108521325B (en) 2021-09-21

Family

ID=63433024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810257172.5A Expired - Fee Related CN108521325B (en) 2018-03-27 2018-03-27 Side channel attack prevention method suitable for system data full life cycle

Country Status (1)

Country Link
CN (1) CN108521325B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3672140B1 (en) * 2018-12-20 2021-08-18 Secure-IC SAS Devices and methods for the detection and localization of fault injection attacks
CN110022201B (en) * 2019-05-10 2023-12-01 上海观源信息科技有限公司 Bypass attack power consumption curve acquisition synchronous clock system based on FPGA
CN110298200B (en) * 2019-07-05 2023-05-02 电子科技大学 ASIC chip hardware back door detection method based on temperature statistics feature analysis
CN112395649B (en) * 2019-08-16 2024-01-26 国民技术股份有限公司 Method, chip and computer readable storage medium for preventing electromagnetic radiation attack
CN111967038B (en) * 2019-09-30 2023-12-15 华控清交信息科技(北京)有限公司 Data processing system, method, apparatus, editor, and storage medium
US11087030B2 (en) * 2019-11-19 2021-08-10 Silicon Laboratories Inc. Side-channel attack mitigation for secure devices with embedded sensors
CN113630240B (en) * 2020-05-09 2024-04-26 成都天瑞芯安科技有限公司 Mimicry secure password computing system
CN111597551B (en) * 2020-05-20 2024-02-27 中国科学技术大学 Protection method for side channel attack aiming at deep learning algorithm
CN112364392B (en) * 2020-09-03 2023-12-15 上海科技大学 Proving method of program high-order power consumption side channel safety based on graph isomorphism
CN113839769B (en) * 2021-09-27 2023-08-22 刘昀宸 Method for preventing side channel attack, arithmetic logic unit and processor
CN114285631A (en) * 2021-12-22 2022-04-05 电子科技大学广东电子信息工程研究院 Automatic data encryption system based on security gateway and application thereof
CN117707741B (en) * 2024-02-05 2024-05-24 山东省计算中心(国家超级计算济南中心) Energy consumption balanced scheduling method and system based on spatial position

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103778374A (en) * 2014-02-19 2014-05-07 邹候文 Trusted terminal, double-channel card, anti-cloning chip, chip fingerprint and channel attack resistance method
CN103903043A (en) * 2012-12-24 2014-07-02 北京握奇数据系统有限公司 Method and system for three-in-one smart card anti-side-channel-attack protection

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8027466B2 (en) * 2007-03-07 2011-09-27 Research In Motion Limited Power analysis attack countermeasure for the ECDSA
EP2507708B1 (en) * 2009-12-04 2019-03-27 Cryptography Research, Inc. Verifiable, leak-resistant encryption and decryption

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103903043A (en) * 2012-12-24 2014-07-02 北京握奇数据系统有限公司 Method and system for three-in-one smart card anti-side-channel-attack protection
CN103778374A (en) * 2014-02-19 2014-05-07 邹候文 Trusted terminal, double-channel card, anti-cloning chip, chip fingerprint and channel attack resistance method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种抗侧信道攻击的随机功耗方法;李子臣 等;《计算机应用与软件》;20180315;第35卷(第3期);第300-301页 *

Also Published As

Publication number Publication date
CN108521325A (en) 2018-09-11

Similar Documents

Publication Publication Date Title
CN108521325B (en) Side channel attack prevention method suitable for system data full life cycle
Fan et al. A lightweight authentication scheme for cloud-based RFID healthcare systems
Al-Zubaidie et al. Efficient and secure ECDSA algorithm and its applications: A survey
CN104917617B (en) A kind of encryption group ranking obscures method
CN103595525A (en) Desynchronization resistant lightweight RFID bidirectional authentication protocol
CN104734842A (en) Resisting method of circuit on side channel attack based on pseudo-operation
CN111327419B (en) Method and system for resisting quantum computation block chain based on secret sharing
US9847879B2 (en) Protection against passive sniffing
CN109165531B (en) AES mask method, electronic equipment and storage medium
Gao et al. Secure RFID authentication schemes based on security analysis and improvements of the USI protocol
CN106603539B (en) Anti-desynchronization lightweight RFID bidirectional authentication method based on time factor
Tewari et al. A lightweight mutual authentication approach for RFID tags in IoT devices
Yeh et al. An efficient ultralightweight authentication protocol for RFID systems
Gao et al. A security protocol resistant to intermittent position trace attacks and desynchronization attacks in RFID systems
Xu et al. Efficient mobile RFID authentication protocol for smart logistics targets tracking
Chithra et al. Pristine PixCaptcha as graphical password for secure eBanking using Gaussian elimination and cleaves algorithm
Yinhui et al. Research on a provable security RFID authentication protocol based on Hash function
Cao et al. Cryptanalysis of Two RFID Authentication Protocols.
Shen et al. An Anti-counterfeit Complete RFID Tag Grouping Proof Generation Protocol.
Wang et al. Research on RFID attack methods
Shi et al. An obfuscatable designated verifier signature scheme
Eghdamian et al. A secure protocol for ultralightweight radio frequency identification (RFID) tags
KR101026647B1 (en) Communication security system and method of the same with key derivation cryptographic algorithm
Vishnoi et al. Text encryption for lower text size: Design and implementation
CN1976280A (en) Symmetric key transmission protecting method based on multi-stage key management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210921

CF01 Termination of patent right due to non-payment of annual fee