CN111970694B - Method and equipment for realizing real-time side channel leakage evaluation on password equipment - Google Patents

Method and equipment for realizing real-time side channel leakage evaluation on password equipment Download PDF

Info

Publication number
CN111970694B
CN111970694B CN202010880355.XA CN202010880355A CN111970694B CN 111970694 B CN111970694 B CN 111970694B CN 202010880355 A CN202010880355 A CN 202010880355A CN 111970694 B CN111970694 B CN 111970694B
Authority
CN
China
Prior art keywords
value
time
password
variance
password equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010880355.XA
Other languages
Chinese (zh)
Other versions
CN111970694A (en
Inventor
时争光
胡红钢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology of China USTC
Original Assignee
University of Science and Technology of China USTC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology of China USTC filed Critical University of Science and Technology of China USTC
Priority to CN202010880355.XA priority Critical patent/CN111970694B/en
Publication of CN111970694A publication Critical patent/CN111970694A/en
Application granted granted Critical
Publication of CN111970694B publication Critical patent/CN111970694B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and equipment for realizing real-time side channel leakage evaluation on cryptographic equipment, on one hand, the acquired power consumption curve data is not required to be stored, only the mean value and the variance calculated by using the power consumption curve data are required to be stored and updated in real time, and therefore, a large amount of memory resources are not required to be consumed; on the other hand, the data collected from the password device during normal operation can be processed in real time, the defect that the traditional evaluation method based on TVLA can be processed only after the power consumption curves are completely collected is overcome, real-time leakage evaluation of the password device can be realized, and the method is suitable for application scenes such as leakage monitoring.

Description

Method and equipment for realizing real-time side channel leakage evaluation on password equipment
Technical Field
The invention relates to the field of side channel leakage evaluation of password equipment, in particular to a method and equipment for realizing real-time side channel leakage evaluation of password equipment.
Background
The development of a side channel analysis technology has caused great threats to the safety and the usability of the password equipment so far, aiming at the threats, a plurality of protection means such as hiding, masking and the like are mainly provided at present, and how to verify the effectiveness of the protection means becomes a new problem. The side channel leakage evaluation technology is the most common method for detecting the side channel information leakage of the password equipment and verifying the effectiveness of protection means at present, and aims to detect whether the side channel information generated by the same operation of the password equipment when different data are processed is obviously different. The Test Vector Leak Assessment (TVLA) proposed by the cryptography research structure (CRI) in 2013 has a standard assessment procedure and strong leak detection capability, and thus is widely accepted by evaluators.
The TVLA-based evaluation method is generally implemented by using a step-by-step process, which is roughly divided into 3 stages:
(1) an acquisition stage: an evaluator formulates an evaluation strategy, acquires a certain number (marked as m) of energy curves and temporarily stores the energy curves in a local memory of acquisition equipment, the size of m depends on the memory of the acquisition equipment and the scale of the energy curves, and the acquisition equipment generally needs to acquire N in multiple times and acquire N in total due to limited memory of the acquisition equipment t Line curve (N) t Cm, wherein c isNumber of repeated collection of the table);
(2) a sending stage: transmitting the acquired energy curve from the acquisition equipment to a computer for multiple times, and storing the energy curve on a hard disk in a centralized manner;
(3) and (3) a treatment stage: and carrying out off-line processing on a computer by a specific evaluation method to obtain an evaluation result.
Although this flow has some advantages, such as flexibility in controlling each stage and powerful CPU performance when processing on a computer, it has two distinct disadvantages:
(1) the required memory: the computer and the used acquisition equipment both need a large memory to store the acquired data;
(2) required time: the evaluators need to wait for all N t The data processing phase cannot begin until the strip curve is collected and sent to the computer.
Therefore, if the memory of the evaluation device is limited or the evaluator needs to obtain a real-time evaluation result for real-time response, for example, real-time leakage monitoring of the cryptographic device, such a method of performing a step-by-step process and using offline calculation is not suitable.
Disclosure of Invention
The invention aims to provide a method and equipment for realizing real-time side channel leakage evaluation on a password device, which can finish the real-time side channel leakage evaluation in the operation of the password device by using a limited memory on the password device.
The purpose of the invention is realized by the following technical scheme:
a method for realizing real-time side channel leakage evaluation on a password device comprises the following steps:
randomly selecting a legal input value of a cryptographic algorithm, and fixing the legal input value to repeatedly run the cryptographic algorithm for multiple times; in each operation, sequentially measuring the operation voltage of the password equipment as a reference sampling value according to the trigger signal, and iteratively updating the mean value and the variance of the reference sampling value corresponding to each time sampling point;
the method comprises the steps that the password equipment is normally operated, input values of the password equipment are randomly input, in each operation, the operation voltage of the password equipment is sequentially measured according to a trigger signal to serve as a measurement sampling value, and the mean value and the variance of the measurement sampling value corresponding to the current time sampling point are updated;
and carrying out t test by using the mean value and the variance of the reference sampling value corresponding to the current time sampling point and the mean value and the variance of the measurement sampling value, and judging whether the current time sampling point has leakage or not according to the result of the t test and the threshold value.
An apparatus for enabling real-time side channel leakage assessment for a cryptographic device, comprising: the device comprises an ADC module, a main control module, an operation module and a memory module; wherein:
randomly selecting a legal input value of a cryptographic algorithm, and fixing the legal input value to repeatedly run the cryptographic algorithm for multiple times; in each operation, the main control module controls the ADC module to sequentially measure the operation voltage of the password equipment as a reference sampling value according to the trigger signal, and iteratively updates the mean value and the variance of the reference sampling value corresponding to each time sampling point through the operation module;
the method comprises the steps that the password equipment is normally operated, input values of the password equipment are randomly input, in each operation, the main control module controls an ADC (analog to digital converter) module to measure operation voltage of the password equipment as measurement sampling values in sequence according to a trigger signal, and the mean value and the variance of the measurement sampling values corresponding to the current time sampling point are updated through an operation module;
and carrying out t test by using the mean value and the variance of the reference sampling value corresponding to the current time sampling point and the mean value and the variance of the measured sampling value, storing the mean value and the variance of the reference sampling value of each time sampling point, the mean value and the variance of the measured sampling value corresponding to the current time sampling point and the result of the t test in a memory module, and judging whether leakage exists in the current time sampling point according to the result of the t test and the threshold value.
According to the technical scheme provided by the invention, on one hand, the acquired power consumption curve data does not need to be stored, and only the mean value and the variance calculated by using the power consumption curve data need to be stored and updated in real time, so that a large amount of memory resources do not need to be consumed; on the other hand, the data collected from the password device during normal operation can be processed in real time, the defect that the traditional evaluation method based on TVLA can be processed only after the power consumption curves are completely collected is overcome, real-time leakage evaluation of the password device can be realized, and the method is suitable for application scenes such as leakage monitoring.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for implementing real-time side channel leakage evaluation on a cryptographic device according to an embodiment of the present invention;
FIG. 2 is a flow chart of collecting reference data and updating the mean and variance provided by an embodiment of the present invention;
FIG. 3 is a flow chart of collecting measurement data, updating mean and variance, and leak assessment provided by an embodiment of the present invention;
fig. 4 is a schematic diagram of a device for implementing real-time side channel leakage evaluation on a cryptographic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a method for realizing real-time side channel leakage evaluation on a password device, wherein side channel information refers to a power consumption curve generated in the operation process of the password device, and the power consumption curve is formed by sampling values corresponding to a series of time sampling points. As shown in fig. 1, the method mainly comprises:
1. randomly selecting a legal input value of a cryptographic algorithm, and fixing the legal input value to repeatedly run the cryptographic algorithm for multiple times; in each operation, the operating voltage of the cryptographic equipment is sequentially measured as a reference sampling value according to a trigger signal (used for identifying the start and the end of the interval to be evaluated in the operation of the single cryptographic algorithm), and the mean value and the variance of the reference sampling value corresponding to each time sampling point are iteratively updated.
The main process is as follows: setting the number of times of repeatedly running the cryptographic algorithm to be N 0 (ii) a In each operation, inputting a legal input value P into the password equipment, starting to operate, and waiting for a starting trigger signal; when the password equipment starts to operate to the interval to be evaluated, the starting trigger signal is received, and the operating voltage of the password equipment is acquired through the ADC module to be used as a reference sampling value
Figure GDA0003641516810000041
When the password equipment finishes running to the interval to be evaluated, a finishing trigger signal is received, and the running of the password algorithm for the ith time is finished; wherein, i is 1, …, N 0 ;j=1,…,N p Representing a time sample point, N p The total number of time sampling points in the running of the one-time cryptographic algorithm.
2. And (3) normally operating the password equipment, wherein the input values of the password equipment are all used as random input, the operating voltage of the password equipment is sequentially measured as a measurement sampling value according to the trigger signal in each operation, and the mean value and the variance of the measurement sampling value corresponding to the current time sampling point are updated.
The main process is as follows: normal operation cryptographic device, its input value P r All as random inputs; for input value of i' th time
Figure GDA0003641516810000042
Inputting the password into password equipment, starting operation, and waiting for a starting trigger signal; when the password equipment starts to operate to the interval to be evaluated, the starting trigger signal is received, and the operating voltage of the password equipment is acquired through the ADC module to be used as a measurement sampling value
Figure GDA0003641516810000043
When the password equipment finishes running to the interval to be evaluated, a finishing trigger signal is received, and the running of the password algorithm of the ith' time is finished; j is 1, …, N p Representing a time sample point, N p The total number of time sampling points in the running of the one-time cryptographic algorithm.
3. And carrying out t test by using the mean value and the variance of the reference sampling value corresponding to the current time sampling point and the mean value and the variance of the measurement sampling value, and judging whether the current time sampling point has leakage or not according to the result of the t test and the threshold value.
the calculation formula of the t test is as follows:
Figure GDA0003641516810000044
wherein,
Figure GDA0003641516810000045
respectively, the mean value and the variance of the reference sampling value,
Figure GDA0003641516810000046
respectively representing a mean value and a variance of a measurement sampling value, wherein j represents a time sampling point; n is a radical of 0 Representing the number of times the cryptographic algorithm is repeatedly run; i' represents the times of normally operating the password equipment, and is equal to the number of curves for measuring sampling values;
if the result of the t-test, | t | > 4.5, a leak is deemed to be detected.
Preferred embodiments of the steps of the present invention will be described in detail with reference to FIGS. 2 to 3.
The first part is to acquire reference data and iteratively update the mean and variance of the reference sample values.
Preparation work: building and initializing two-dimensional arrays
Figure GDA0003641516810000051
Wherein N is p Representing time-sampled points on each power consumption curve (in one crypto algorithm run)The number of the password equipment can be determined by adopting a method of operating the password equipment in advance for one time, or can be directly set to 10000; setting the power consumption curve number N corresponding to the fixed input to be acquired 0 If the power consumption curve number N corresponding to the random input required to be collected is known in advance 1 ,N 0 Can be arranged at N 1 The same magnitude, otherwise, it can be set to a value not less than 1000; randomly selecting a legal input value P of the password equipment, fixing the value of P, and executing the following steps according to the flow shown in FIG. 2:
step 1, starting evaluation, initializing a current power consumption curve index i to be 1, and entering step 2.
Step 2, judging that i is larger than N 0 If yes, entering step 6, otherwise, initializing a current time sampling point subscript j to be 1, and waiting for starting a trigger signal; and (4) inputting the input value P into the password equipment and starting to operate, and entering step 3.
Step 3, when the password equipment starts to operate to the interval to be evaluated, the password equipment transmits a starting trigger signal, and the step 4 is entered; and when the password equipment runs to the end of the interval to be evaluated, the password equipment transmits an end trigger signal.
Step 4, the main control module controls the ADC module to work, and the ADC module collects the running voltage of the password equipment as a sampling value
Figure GDA0003641516810000052
Transmitted to an arithmetic module which is combined with the last-stage update in the memory module
Figure GDA0003641516810000053
And
Figure GDA0003641516810000054
calculate the current
Figure GDA0003641516810000055
And with
Figure GDA0003641516810000056
And updating the values in the memory module, wherein the subscript is defined as j-1Since storage is started from array index 0.
And 5, judging whether the ending trigger signal is received or not, if not, adding 1 to the value of j, entering the step 4, if so, adding 1 to the value of i, and entering the step 2.
Through the above operations, the collected power consumption curve set is recorded as
Figure GDA0003641516810000057
For the power consumption curve set, the jth column represents reference sampling values of time sampling points corresponding to the same operation of the password device under different input values, and the acquired voltages may be the same or different when the same operation is performed in different operations.
The second part is to collect the measured data, and iteratively update the mean value and variance of the measured sampling value, and then carry out t test by combining the mean value and variance of the reference sampling value obtained by the first part; the principle of collecting measurement data and iteratively updating the mean and variance of the measured sample values is similar to that of the first section, the difference being mainly that the input values of the cryptographic device are random values. Since the first part and the second part are executed in sequence, the second part takes step 6 as a starting sequence number; as shown in fig. 2, the following steps are mainly performed:
and 6, initializing the index i' of the current power consumption curve to be 1, initializing the t test value t to be 0, and entering the step 7.
Step 7, judging that i' is more than N 1 If yes, entering step 13 and ending the operation; otherwise, initializing the subscript j of the current time sampling point to be 1, and waiting for starting to trigger a signal; actually operating the password equipment, inputting the current real input value to be operated into the password equipment, and entering the step 8; if N is present 1 Unknown, i' is not judged to be greater than N 1 If yes, the process can directly go to step 8 and run until leakage is detected or a stopping rule is set.
Step 8, when the password equipment starts to operate to the interval to be evaluated, the password equipment transmits a starting trigger signal, and the step 9 is entered; and when the password equipment runs to the end of the interval to be evaluated, the password equipment transmits an end trigger signal.
Step 9, the main control module controls the ADC module to work, and the ADC module collects the running voltage of the password equipment as a sampling value
Figure GDA0003641516810000061
Transmitted to an operation module combined with the last-stage update in the memory module
Figure GDA0003641516810000062
And with
Figure GDA0003641516810000063
Calculate the current
Figure GDA0003641516810000064
And with
Figure GDA0003641516810000065
And updates the values in the memory module and enters step 10.
Step 10: use of arithmetic module
Figure GDA0003641516810000066
And
Figure GDA0003641516810000067
and (5) performing t test to judge whether the two groups of data are obviously different, wherein the formula is as follows:
Figure GDA0003641516810000068
if t > 4.5 or t < -4.5 is obtained, step 11 is entered, and the reference data and the measured data can be considered to be obviously different with a confidence probability of 0.99999, that is, the tested cryptographic device is considered to have side channel information leakage at the time sampling point j. Otherwise, step 12 is entered.
And 11, processing according to a preset rule after leakage is detected, and entering step 12, wherein an optional scheme is that the step 13 is directly entered after processing, and the operation is finished.
And step 12, judging whether an ending trigger signal is received or not, if not, adding 1 to the value of j, entering step 9, if so, adding 1 to the value of i, and entering step 7.
And step 13, finishing the evaluation.
In the embodiment of the present invention, a specific working process of updating the corresponding mean and variance according to the reference sampling value (or the measurement sampling value) of the current cryptographic device operating voltage is shown in fig. 3, the content of which corresponds to steps 1 to 5 in fig. 2, and the working process of step 4 is specifically described:
the part is described as the above mentioned recursion formula of the mean and variance, when the ADC module acquires the current sampling value of the cryptographic device
Figure GDA0003641516810000069
Then, order
Figure GDA00036415168100000610
If the current power consumption curve index i is equal to 1 (i.e., the cryptographic device is run for the first time), then,
Figure GDA0003641516810000071
otherwise, let the variable
Figure GDA0003641516810000072
The mean before time sample j is retained, after which the operation is performed:
Figure GDA0003641516810000073
Figure GDA0003641516810000074
the principle of the above operation is: if the current stage is not the first time of running the password equipment, the updated mean value of the previous stage is used
Figure GDA0003641516810000075
Assigning a variable LastM, updating the mean and variance based on the variable LastM, and calculating the left side of the equation in the above two formulas
Figure GDA0003641516810000076
And
Figure GDA0003641516810000077
representing the updated mean and variance.
Then, the updated data is updated
Figure GDA0003641516810000078
And
Figure GDA0003641516810000079
and writing the data into the memory module. Although the mean and variance before and after updating are expressed in the same form, those skilled in the art will appreciate that the j values at different stages are different; therefore, after substituting the actual j value
Figure GDA00036415168100000710
And
Figure GDA00036415168100000711
can also be distinguished.
Two points need to be explained:
(1) the LastM variable in the step is used as an auxiliary variable, and only one part of the whole work flow is needed.
(2) Steps 6 to 9 of the workflow shown in figure 2 are similar to the process shown in figure 3,
Figure GDA00036415168100000712
the updating modes are the same, and the difference is that the mark f is modified into r; in the normal operation process of the password equipment every time, after a measurement sampling value of a time sampling point is collected, the mean value and the variance are updated, and t test is carried out on the mean value and the variance of the reference sampling value with the same number, so that whether the corresponding time sampling point leaks or not is evaluated.
Another embodiment of the present invention further provides a device for implementing real-time side channel leakage evaluation on a cryptographic device, where the device is mainly configured to implement the foregoing method, and as shown in fig. 4, the device includes: the device comprises an ADC module, a main control module, an operation module and a memory module; the main control module is mainly used for receiving a trigger signal of the password equipment, controlling the ADC module to sample, and controlling data transmission and processing among the ADC module, the operation module and the memory module; the main process is as follows:
randomly selecting a legal input value of a cryptographic algorithm, and fixing the legal input value to repeatedly run the cryptographic algorithm for multiple times; in each operation, the main control module controls the ADC module to sequentially measure the operating voltage of the password equipment as a reference sampling value according to the trigger signal, and iteratively updates the mean value and the variance of the reference sampling value corresponding to each time sampling point through the operation module;
the method comprises the steps that the password equipment is normally operated, input values of the password equipment are randomly input, in each operation, the main control module controls an ADC (analog to digital converter) module to measure operation voltage of the password equipment as measurement sampling values in sequence according to a trigger signal, and the mean value and the variance of the measurement sampling values corresponding to the current time sampling point are updated through an operation module;
and carrying out t test by using the mean value and the variance of the reference sampling value corresponding to the current time sampling point and the mean value and the variance of the measured sampling value, storing the mean value and the variance of the reference sampling value of each time sampling point, the mean value and the variance of the measured sampling value corresponding to the current time sampling point and the result of the t test in a memory module, and judging whether leakage exists in the current time sampling point according to the result of the t test and the threshold value.
In the embodiment of the present invention, the analog-to-digital converter (ADC module) in the device may collect the operating voltage of the cryptographic device, and the specific implementation manner of the ADC module may refer to the prior art. The operation module mainly performs four arithmetic operations and an evolution operation of floating point numbers, and the related specific operations give out related formulas in the foregoing.
In the embodiment of the invention, the memory module only needs to store the mean value and the variance of the reference sampling value corresponding to each time sampling point, andmeasuring the mean value and the variance of the sampling values, wherein the mean value and the variance are stored by adopting single-precision floating point numbers, namely each variable occupies 4 bytes, and if the number of time sampling points in one operation is N p Then 16N is required in total p Byte memory, typically N p The value of (A) is thousands of orders of magnitude, therefore, the memory module with the capacity of 1MB is enough to use, therefore, the whole scheme does not need to consume a large amount of memory resources, and the leakage evaluation function can be completed by adding a leakage evaluation device on the password device.
The main working processes related to the above-mentioned devices have been described in detail in the previous method embodiments, and therefore are not described in detail.
Through the above description of the embodiments, it is clear to those skilled in the art that the above embodiments can be implemented by software, and can also be implemented by software plus a necessary general hardware platform. With this understanding, the technical solutions of the embodiments can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.), and includes several instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) to execute the methods according to the embodiments of the present invention.
It is obvious to those skilled in the art that, for convenience and simplicity of description, the above division of each functional module is only used for illustration, and in practical applications, the above function distribution may be completed by different functional modules according to needs, that is, the internal structure of the system is divided into different functional modules to complete all or part of the above described functions.
The above description is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are also within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (8)

1. A method for realizing real-time side channel leakage evaluation on a password device is characterized by comprising the following steps:
randomly selecting a legal input value of a cryptographic algorithm, and fixing the legal input value to repeatedly run the cryptographic algorithm for multiple times; in each operation, sequentially measuring the operation voltage of the password equipment as a reference sampling value according to the trigger signal, and iteratively updating the mean value and the variance of the reference sampling value corresponding to each time sampling point;
the method comprises the steps that the password equipment is normally operated, input values of the password equipment are randomly input, in each operation, the operation voltage of the password equipment is sequentially measured according to a trigger signal to serve as a measurement sampling value, and the mean value and the variance of the measurement sampling value corresponding to the current time sampling point are updated;
and carrying out t test by using the mean value and the variance of the reference sampling value corresponding to the current time sampling point and the mean value and the variance of the measurement sampling value, and judging whether the current time sampling point has leakage or not according to the result of the t test and the threshold value.
2. The method of claim 1, wherein the cryptographic device is configured to perform real-time side channel leakage assessment,
setting the number of times of repeatedly running the cryptographic algorithm to be N 0 (ii) a In each operation, inputting a legal input value P into the password equipment, starting to operate, and waiting for a starting trigger signal;
when the password equipment starts to operate to the interval to be evaluated, the starting trigger signal is received, and the operating voltage of the password equipment is acquired through the ADC module to be used as a reference sampling value
Figure FDA0003641516800000011
When the password equipment finishes running to the interval to be evaluated, a finishing trigger signal is received, and the running of the password algorithm for the ith time is finished; wherein, i is 1, …, N 0 ;j=1,…,N p Representing a time sample point, N p The total number of time sampling points in the running of the one-time cryptographic algorithm.
3. The method of claim 1, wherein the cryptographic device is normally operated and inputs the value P r All as random inputs;
for input value of i' th time
Figure FDA0003641516800000012
Inputting the password into password equipment, starting operation, and waiting for a starting trigger signal;
when the password equipment starts to operate to the interval to be evaluated, the starting trigger signal is received, and the operating voltage of the password equipment is acquired through the ADC module to be used as a measurement sampling value
Figure FDA0003641516800000013
When the password equipment finishes running to the interval to be evaluated, a finishing trigger signal is received, and the running of the password algorithm of the ith' time is finished; j is 1, …, N p Represents a time sample point, N p The total number of time sampling points in the running of the one-time cipher algorithm.
4. The method of claim 1, wherein the formula for t-test is as follows:
Figure FDA0003641516800000021
wherein,
Figure FDA0003641516800000022
respectively, the mean value and the variance of the reference sampling value,
Figure FDA0003641516800000023
respectively representing a time sampling point by the mean value and the variance of the measurement sampling value; n is a radical of 0 Representing the number of times the cryptographic algorithm is repeatedly run; i' represents a normal running passwordThe number of times of preparation;
if the result of the t-test, | t | > 4.5, a leak is deemed to be detected.
5. An apparatus for enabling real-time side channel leakage assessment for cryptographic devices, comprising: the device comprises an ADC module, a main control module, an operation module and a memory module; wherein:
randomly selecting a legal input value of a cryptographic algorithm, and fixing the legal input value to repeatedly run the cryptographic algorithm for multiple times; in each operation, the main control module controls the ADC module to sequentially measure the operation voltage of the password equipment as a reference sampling value according to the trigger signal, and iteratively updates the mean value and the variance of the reference sampling value corresponding to each time sampling point through the operation module;
the method comprises the steps that the password equipment is normally operated, input values of the password equipment are randomly input, in each operation, the main control module controls an ADC (analog to digital converter) module to measure operation voltage of the password equipment as measurement sampling values in sequence according to a trigger signal, and the mean value and the variance of the measurement sampling values corresponding to the current time sampling point are updated through an operation module;
and carrying out t test by using the mean value and the variance of the reference sampling value corresponding to the current time sampling point and the mean value and the variance of the measured sampling value, wherein the mean value and the variance of the reference sampling value corresponding to each time sampling point, the mean value and the variance of the measured sampling value corresponding to the current time sampling point and the result of the t test are all stored in a memory module, and whether leakage exists in the current time sampling point is judged according to the result of the t test and the threshold value.
6. The device of claim 5, wherein the cryptographic device is configured to perform real-time side channel leakage assessment,
setting the number of times of repeatedly running the cryptographic algorithm to be N 0 (ii) a In each operation, inputting a legal input value P into the password equipment, starting to operate, and waiting for a starting trigger signal;
when the password equipment runs to the beginning of the interval to be evaluated, a starting trigger signal is received, and the password equipment is acquired through the ADC moduleAs a reference sampling value
Figure FDA0003641516800000024
When the password equipment finishes running to the interval to be evaluated, a finishing trigger signal is received, and the running of the password algorithm for the ith time is finished; wherein, i is 1, …, N 0 ;j=1,…,N p Represents a time sample point, N p The total number of time sampling points in the running of the one-time cryptographic algorithm.
7. The device of claim 5, wherein the cryptographic device is normally operating and inputs the value P r All as random inputs;
for input value of i' th time
Figure FDA0003641516800000031
Inputting the password into password equipment, starting operation, and waiting for a starting trigger signal;
when the password equipment starts to operate to the interval to be evaluated, the starting trigger signal is received, and the operating voltage of the password equipment is acquired through the ADC module to be used as a measurement sampling value
Figure FDA0003641516800000032
When the password equipment finishes running to the interval to be evaluated, a finishing trigger signal is received, and the running of the password algorithm of the ith' time is finished; j is 1, …, N p Representing a time sample point, N p The total number of time sampling points in the running of the one-time cryptographic algorithm.
8. The device of claim 5, wherein the cryptographic device is configured to perform real-time side channel leakage assessment,
the calculation formula of the t test is as follows:
Figure FDA0003641516800000033
wherein,
Figure FDA0003641516800000034
respectively, the mean value and the variance of the reference sampling value,
Figure FDA0003641516800000035
respectively representing a mean value and a variance of a measurement sampling value, wherein j represents a time sampling point; n is a radical of 0 Representing the number of times the cryptographic algorithm is repeatedly run; i' represents the number of times the cryptographic device is normally operated;
if the result of the t-test, | t | > 4.5, a leak is deemed to be detected.
CN202010880355.XA 2020-08-27 2020-08-27 Method and equipment for realizing real-time side channel leakage evaluation on password equipment Active CN111970694B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010880355.XA CN111970694B (en) 2020-08-27 2020-08-27 Method and equipment for realizing real-time side channel leakage evaluation on password equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010880355.XA CN111970694B (en) 2020-08-27 2020-08-27 Method and equipment for realizing real-time side channel leakage evaluation on password equipment

Publications (2)

Publication Number Publication Date
CN111970694A CN111970694A (en) 2020-11-20
CN111970694B true CN111970694B (en) 2022-09-30

Family

ID=73401216

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010880355.XA Active CN111970694B (en) 2020-08-27 2020-08-27 Method and equipment for realizing real-time side channel leakage evaluation on password equipment

Country Status (1)

Country Link
CN (1) CN111970694B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115270204B (en) * 2022-09-28 2023-03-07 南方电网数字电网研究院有限公司 Detection method, system, storage medium and equipment for chip circuit information leakage

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103516509A (en) * 2013-10-24 2014-01-15 中国科学院信息工程研究所 Segmented acquisition method and system for side information leakage aiming at password device
CN106936561A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 A kind of side-channel attack protective capacities appraisal procedure and system
US10735963B1 (en) * 2020-03-05 2020-08-04 The United States Of America As Represented By The Secretary Of The Army Wireless communication method for secure side-channel signaling and authentication at the physical layer

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9485088B2 (en) * 2014-10-31 2016-11-01 Combined Conditional Access Development And Support, Llc Systems and methods for dynamic data masking
CN109921892A (en) * 2019-01-15 2019-06-21 中国科学院信息工程研究所 A kind of various dimensions side channel leakage appraisal procedure and system based on test vector
CN110113203B (en) * 2019-04-30 2021-10-22 创新先进技术有限公司 Method and equipment for security assessment of encryption model
CN110661611B (en) * 2019-09-24 2023-04-18 北京银联金卡科技有限公司 Side channel-oriented detection method and system for code energy leakage signal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103516509A (en) * 2013-10-24 2014-01-15 中国科学院信息工程研究所 Segmented acquisition method and system for side information leakage aiming at password device
CN106936561A (en) * 2015-12-29 2017-07-07 航天信息股份有限公司 A kind of side-channel attack protective capacities appraisal procedure and system
US10735963B1 (en) * 2020-03-05 2020-08-04 The United States Of America As Represented By The Secretary Of The Army Wireless communication method for secure side-channel signaling and authentication at the physical layer

Also Published As

Publication number Publication date
CN111970694A (en) 2020-11-20

Similar Documents

Publication Publication Date Title
CN111970694B (en) Method and equipment for realizing real-time side channel leakage evaluation on password equipment
CN107729227A (en) Application testing range determining method, system, server and storage medium
CN106598822B (en) A kind of abnormal deviation data examination method and device for Capacity Assessment
WO2022222026A1 (en) Medical diagnosis missing data completion method and completion apparatus, and electronic device and medium
JP6200076B2 (en) Method and system for evaluating measurements obtained from a system
CN112217650A (en) Network blocking attack effect evaluation method, device and storage medium
CN108689171A (en) A kind of control method, device, equipment and the medium of glass substrate transmission
CN117332420A (en) Intelligent contract vulnerability detection method
CN112165498B (en) Intelligent decision-making method and device for penetration test
CN110031790A (en) Electric energy meter Mission Capability detection method and device
CN107153608A (en) Code detection method and code detecting apparatus
Jap et al. Practical side-channel based model extraction attack on tree-based machine learning algorithm
CN101806834A (en) Kalman filter-based signal real-time time-frequency spectrometer
Kokar Discovering Functional Formulas through Changing Representation Base.
Price et al. Maximum likelihood identification of power system dynamic equivalents
JP2004078338A (en) Method and system for evaluating computer performance
CN113254412A (en) Data conversion method and device
CN108876393B (en) Method and device for judging user risk degree
Jézéquel Dynamical control of converging sequences computation
CN118229271B (en) Service life assessment method, device, equipment and medium for nuclear power safety level equipment
CN112784203B (en) Method for calculating possible maximum flood for ultra-small watershed
CN115097271A (en) Discharge monitoring method, system, equipment and storage medium based on interference pulse
CN113610644B (en) System transaction screening method and device
CN110380413B (en) PMU (phasor measurement Unit) arranging method, system, equipment and computer medium in power grid
CN113128069A (en) Method, device, storage medium and electronic device for determining reliability of power battery system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant