CN109617668A - A method of preventing bypass attack - Google Patents
A method of preventing bypass attack Download PDFInfo
- Publication number
- CN109617668A CN109617668A CN201811535812.0A CN201811535812A CN109617668A CN 109617668 A CN109617668 A CN 109617668A CN 201811535812 A CN201811535812 A CN 201811535812A CN 109617668 A CN109617668 A CN 109617668A
- Authority
- CN
- China
- Prior art keywords
- power consumption
- module
- computing module
- control module
- dynamic equilibrium
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The invention discloses a kind of methods for preventing bypass attack, module is obscured including computing module, power consumption dynamic equilibrium control module and the operation in crypto chip, the computing module provides input signal for the power consumption dynamic equilibrium control module, power consumption dynamic equilibrium control module obscures module for operation and provides input signal, and the method is the following steps are included: the power consumption profile that power consumption dynamic equilibrium control module obtains computing module exports sampled value;Power consumption dynamic equilibrium control module is using the peak value of the power consumption profile of computing module output sampled value as the output valve of power-consumption balance curve;It calculates operation and obscures the power consumption that module needs to generate;The power consumption that computing module generates compensates the total power consumption of crypto chip by the power consumption that module generation is obscured in operation, the output valve for the total power consumption power-consumption balance curve for generating crypto chip.The present invention is steady state value using the power consumption that crypto chip dynamic generates, and can effectively prevent attacker and obtains crypto-operation information out of power consumption profile.
Description
Technical field
The present invention relates to computer information safety technique field, especially a kind of method for preventing bypass attack.
Background technique
With the fast development of network technology, the network information technology has goed deep into our life, while offering convenience,
Also result in certain risk.We will often do the encryption process information when information is transmitted, and increase the secret of sensitive information
Property.The safety of information depends on the secure storage ability of encryption key.Once key is acquired, information can be obtained by third party
It arrives.Many security systems are devised for the generation of key, storage and replacement cryptologist to protect.From bright ciphertext to and exhaustion
From the point of view of attack, break through similar to the time needed for AES, ECC algorithm in terms of a century.But what cryptographic algorithm was run in crypto chip
Power consumption but exposes the relevant information of its cipher feature and key, and the method for efficiently decoding key is brought to attacker.
Summary of the invention
To solve problems of the prior art, the object of the present invention is to provide a kind of method for preventing bypass attack,
The present invention is steady state value using the power consumption that crypto chip dynamic generates, and can effectively prevent attacker and obtains password out of power consumption profile
Operation information.
To achieve the above object, the technical solution adopted by the present invention is that: a method of preventing bypass attack, including password
Computing module in chip further includes power consumption dynamic equilibrium control module and module is obscured in operation, and the computing module is described
Power consumption dynamic equilibrium control module provides input signal, and power consumption dynamic equilibrium control module obscures module for operation and provides input letter
Number, the method the following steps are included:
A, the power consumption profile that power consumption dynamic equilibrium control module obtains computing module exports sampled value { p0,p1,p2…pt,
Wherein PtFor the power consumption sampled value of t moment computing module;
B, power consumption dynamic equilibrium control module puts down the peak value of the power consumption profile of computing module output sampled value as power consumption
The output valve P of weighing apparatus curvemax, i.e. Pmax=max { p0,p1,p2…pt};
C, it calculates operation and obscures the power consumption P that module needs to generates, in which: Ps=Pmax-Pt;
D, the power consumption P that computing module is generated by the power consumption that module generation is obscured in operationsTo the total power consumption of crypto chip
It compensates, the output valve P for the total power consumption power-consumption balance curve for generating crypto chipmax。
As a further improvement of the present invention, in step a, the power consumption profile output sampled value of the computing module is adopted
The time required to sample time interval is a modular multiplication.
As a further improvement of the present invention, in stepb, the peak of the power consumption profile output sampled value of the computing module
Value, which is chosen, provides different operation combination according to different accuracy, and the selection of accuracy obscures the defeated of module as operation
Enter, and determines that the basic unit in module is obscured in operation;Assuming that it is { P that the basic unit in module is obscured in operation0,P1,P2…
Pn, then the power consumption P generated for computing module in t momentt, all there is { a0,a1,a2…anMake Ps=Pmax-Pt=a0P0+
a1P1+…anPn, wherein aiFor natural number, 0≤i≤n.
As a further improvement of the present invention, the operation obscure module generate power consumption specific step is as follows:
It includes big number adder and large number multiplication device that the basic unit in module is obscured in operation, and big number adder operation is primary
Power consumption be denoted as Padd, the primary power consumption of large number multiplication device operation is denoted as Pmul, according to the power consumption number that t moment need to generate, obtain in t
Stage at moment, the frequency n=P for the large number multiplication device operation for needing to carry outs/Pmul, need to carry out the number of number adder operation greatly
The beneficial effects of the present invention are: through the invention, crypto chip can be reasonably resistant to when carrying out crypto-operation
Bypass attack makes to cannot get crypto-operation information in its power consumption profile from crypto chip, can guarantee the crypto-operation key
Safety, can effectively resist power consumption analysis, prevent side-channel attack;And the present invention is not before changing existing code
Putting can be realized, and not influence code redundancy and readability, no matter software realization code or hard-wired logic all
Bypass attack can be prevented through the invention, the present invention is weak related to algorithm engineering, it is not necessary to modify algorithm engineering source code, algorithm is opened
Hair engineer need not deliberately lay down a regulation to avoid power consumption analysis.
Detailed description of the invention
Fig. 1 is that crypto chip of embodiment of the present invention internal module changes schematic diagram;
Fig. 2 is the operating status figure of the embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
Embodiment
Two modules of the present embodiment major design, to guarantee that the power consumption of crypto chip output is steady state value, thus not repairing
Changing under the premise of algoritic module code is realized prevents bypass attack, improves the security capabilities of algorithm cipher chip.
As shown in Figure 1, two newly-increased modules are that module is obscured in power consumption dynamic equilibrium control module and operation respectively.Operation
Module provides input for power consumption dynamic equilibrium control module, power consumption dynamic equilibrium control module for operation obscure module provide it is defeated
Enter.
As shown in Fig. 2, power consumption dynamic equilibrium control module needs really in first operation after computing module version determines
Fixed two elements:
1, power-consumption balance curve output valve Pmax=max { p0,p1,p2…pt, wherein PtFor the power consumption of t moment computing module
Sampled value, the time required to sampling time interval is a modular multiplication, power consumption dynamic equilibrium control module obscures mould by operation
Block generates interference operation, so that controlling crypto chip power consumption is always the peak value;
2, module is obscured in operation need to generate power consumption number Ps=Pmax-Pt, wherein PtFor t moment operation power consumption number, PmaxFor power consumption
Profile of equilibrium output valve, i.e. power consumption maximum in operation a cycle.
Operation obscures module and includes a variety of basic processing units.To be containing big number adder and large number multiplication device operation
Example, wherein big several adder operation power consumptions are denoted as Padd, large number multiplication device operation power consumption is denoted as Pmul, need to be generated according to t moment
Power consumption number, it can be deduced that in the t moment stage, the frequency n=P for the large number multiplication device operation that need to be carried outs/Pmul, need to be counted greatly
The number of adder operation
In actual use, computing module is coordinated by power consumption dynamic equilibrium control module and module is obscured in operation, made
The curve that it is generated is as far as possible close to straight line.
The power consumption profile that bypass attack person obtains is computing module and the power consumption that the common operation of module generates is obscured in operation, should
Power consumption number curve can not can not infer cryptographic algorithm, more instruct without information close close to straight line from cipher feature is wherein obtained
Key generates.So it can effectively resist bypass attack.
Peak value selection about power consumption profile can provide different operation combination, accuracy according to different accuracy
Selection the input of module is obscured as operation, and determine that the basic unit in module is obscured in operation.Assuming that its basic unit is
{P0,P1,P2…Pn, then, the power consumption P generated for computing moduletAll there is { a0,a1,a2…anMake Ps=Pmax-Pt=
a0P0+a1P1+…anPn, wherein aiFor natural number, 0≤i≤n.
A specific embodiment of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Protect range.
Claims (4)
1. a kind of method for preventing bypass attack, including the computing module in crypto chip, which is characterized in that further include that power consumption is dynamic
Module is obscured in state balance control module and operation, and the computing module provides input letter for the power consumption dynamic equilibrium control module
Number, power consumption dynamic equilibrium control module obscures module for operation and provides input signal, the method the following steps are included:
A, the power consumption profile that power consumption dynamic equilibrium control module obtains computing module exports sampled value { p0,p1,p2…pt, wherein Pt
For the power consumption sampled value of t moment computing module;
B, power consumption dynamic equilibrium control module is using the peak value of the power consumption profile of computing module output sampled value as power-consumption balance song
The output valve P of linemax, i.e. Pmax=max { p0,p1,p2…pt};
C, it calculates operation and obscures the power consumption P that module needs to generates, in which: Ps=Pmax-Pt;
D, the power consumption P that computing module is generated by the power consumption that module generation is obscured in operationsThe total power consumption of crypto chip is mended
It repays, the output valve P for the total power consumption power-consumption balance curve for generating crypto chipmax。
2. the method according to claim 1 for preventing bypass attack, which is characterized in that in step a, the computing module
Power consumption profile output sampled value sampling time interval be modular multiplication the time required to.
3. the method according to claim 1 for preventing bypass attack, which is characterized in that in stepb, the computing module
The peak value of power consumption profile output sampled value choose and provide different operation according to different accuracy and combine, the choosing of accuracy
It is taken as obscuring the input of module for operation, and determines that the basic unit in module is obscured in operation;Assuming that operation is obscured in module
Basic unit is { P0,P1,P2…Pn, then the power consumption P generated for computing module in t momentt, all there is { a0,a1,a2…an}
So that Ps=Pmax-Pt=a0P0+a1P1+…anPn, wherein aiFor natural number, 0≤i≤n.
4. the method according to claim 3 for preventing bypass attack, which is characterized in that the operation obscures module and generates function
Specific step is as follows for consumption:
It includes big number adder and large number multiplication device, the primary function of big number adder operation that the basic unit in module is obscured in operation
Consumption is denoted as Padd, the primary power consumption of large number multiplication device operation is denoted as Pmul, according to the power consumption number that t moment need to generate, obtain in t moment
Stage, the frequency n=P for the large number multiplication device operation for needing to carry outs/Pmul, need to carry out the number of number adder operation greatly
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811535812.0A CN109617668A (en) | 2018-12-14 | 2018-12-14 | A method of preventing bypass attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811535812.0A CN109617668A (en) | 2018-12-14 | 2018-12-14 | A method of preventing bypass attack |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109617668A true CN109617668A (en) | 2019-04-12 |
Family
ID=66010162
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811535812.0A Pending CN109617668A (en) | 2018-12-14 | 2018-12-14 | A method of preventing bypass attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109617668A (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1753357A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Differential power consumption analysis shield circuit for DES encrypted chip |
CN101150392A (en) * | 2006-09-21 | 2008-03-26 | 北京中电华大电子设计有限责任公司 | Hardware 3DES for using digital power consumption compensation to prevent from power consumption power attack |
CN101197660A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Encrypting method and chip for anti-attack standard encryption criterion |
CN101488846A (en) * | 2009-02-24 | 2009-07-22 | 深圳先进技术研究院 | Cipher code protection method and system |
CN202189369U (en) * | 2011-07-18 | 2012-04-11 | 中国电力科学研究院 | Integrated circuit capable of preventing power consumption attack |
CN102468954A (en) * | 2010-11-10 | 2012-05-23 | 上海华虹集成电路有限责任公司 | Method for preventing symmetric cryptographic algorithm from being attacked |
CN102710413A (en) * | 2012-04-25 | 2012-10-03 | 杭州晟元芯片技术有限公司 | System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention |
CN103646219A (en) * | 2013-11-29 | 2014-03-19 | 东南大学 | Power consumption compensation and attack resisting circuit based on neural network power consumption predication and control method |
CN104283673A (en) * | 2014-10-09 | 2015-01-14 | 东南大学 | Random and dynamic voltage regulation anti-attack method for password circuit system and circuit system |
US20180183576A1 (en) * | 2016-12-22 | 2018-06-28 | Shenzhen State Micro Technology Co Ltd | Mask s-box, block ciphers algorithm device and corresponding construction process |
-
2018
- 2018-12-14 CN CN201811535812.0A patent/CN109617668A/en active Pending
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1753357A (en) * | 2005-08-18 | 2006-03-29 | 复旦大学 | Differential power consumption analysis shield circuit for DES encrypted chip |
CN101150392A (en) * | 2006-09-21 | 2008-03-26 | 北京中电华大电子设计有限责任公司 | Hardware 3DES for using digital power consumption compensation to prevent from power consumption power attack |
CN101197660A (en) * | 2006-12-07 | 2008-06-11 | 上海安创信息科技有限公司 | Encrypting method and chip for anti-attack standard encryption criterion |
CN101488846A (en) * | 2009-02-24 | 2009-07-22 | 深圳先进技术研究院 | Cipher code protection method and system |
CN102468954A (en) * | 2010-11-10 | 2012-05-23 | 上海华虹集成电路有限责任公司 | Method for preventing symmetric cryptographic algorithm from being attacked |
CN202189369U (en) * | 2011-07-18 | 2012-04-11 | 中国电力科学研究院 | Integrated circuit capable of preventing power consumption attack |
CN102710413A (en) * | 2012-04-25 | 2012-10-03 | 杭州晟元芯片技术有限公司 | System and method with function of DPA/SPA (Differential Power Analysis/Simple Power Analysis) attack prevention |
CN103646219A (en) * | 2013-11-29 | 2014-03-19 | 东南大学 | Power consumption compensation and attack resisting circuit based on neural network power consumption predication and control method |
CN104283673A (en) * | 2014-10-09 | 2015-01-14 | 东南大学 | Random and dynamic voltage regulation anti-attack method for password circuit system and circuit system |
US20180183576A1 (en) * | 2016-12-22 | 2018-06-28 | Shenzhen State Micro Technology Co Ltd | Mask s-box, block ciphers algorithm device and corresponding construction process |
Non-Patent Citations (1)
Title |
---|
闫喜亮: "密码芯片中抗差分功耗分析攻击的DES方案设计", 《电子器件》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gogniat et al. | Reconfigurable hardware for high-security/high-performance embedded systems: The SAFES perspective | |
Dürmuth et al. | Evaluation of standardized password-based key derivation against parallel processing platforms | |
US8010587B2 (en) | Random number generator | |
Zheng et al. | Research for the application and safety of MD5 algorithm in password authentication | |
CN105184181B (en) | File encryption method, file decryption method and file encryption device | |
US20120288089A1 (en) | System and method for device dependent and rate limited key generation | |
CN107528690A (en) | A kind of symmetrical encryption and decryption method and systems of SM4 for accelerating platform based on isomery | |
CN106610995A (en) | Ciphertext index creating method, device and system | |
CN103051460B (en) | Based on dynamic token system and the encryption method thereof of inertial technology | |
CN108462574A (en) | A kind of lightweight cipher encrypting method and system | |
CN108462686A (en) | Acquisition methods, device, terminal device and the storage medium of dynamic key | |
CN103019648A (en) | True random number generator with digital post-processing circuit | |
CN105978686A (en) | Key management method and system | |
Zhou et al. | Implementation of cryptographic algorithm in dynamic QR code payment system and its performance | |
CN104200137A (en) | Method for guaranteeing self-security of JAVA program | |
CN102222188A (en) | Information system user password generation method | |
CN107306180A (en) | Ciphering and deciphering device and its power analysis defence method | |
CN103746805A (en) | External authentication key generation method and system | |
CN103425939B (en) | A kind of SM3 algorithm realization method and system in JAVA environment | |
Gong et al. | The application of data encryption technology in computer network communication security | |
CN104252604B (en) | Database based building block system type dynamic encryption method | |
CN109617668A (en) | A method of preventing bypass attack | |
CN207530855U (en) | Block cipher chip low-power consumption attack defending device | |
CN114866228A (en) | Method, system, storage medium and terminal for realizing soft password module | |
CN104363099A (en) | Mobile phone security co-processing chip |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190412 |
|
RJ01 | Rejection of invention patent application after publication |