CN112131563B - Template attack testing method, device, equipment and storage medium - Google Patents
Template attack testing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112131563B CN112131563B CN201910550228.0A CN201910550228A CN112131563B CN 112131563 B CN112131563 B CN 112131563B CN 201910550228 A CN201910550228 A CN 201910550228A CN 112131563 B CN112131563 B CN 112131563B
- Authority
- CN
- China
- Prior art keywords
- template
- password
- modeling
- templates
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 91
- 238000012795 verification Methods 0.000 claims abstract description 108
- 238000000034 method Methods 0.000 claims abstract description 20
- 230000006870 function Effects 0.000 claims description 44
- 239000013598 vector Substances 0.000 claims description 25
- 238000004364 calculation method Methods 0.000 claims description 22
- 239000011159 matrix material Substances 0.000 claims description 12
- 238000000605 extraction Methods 0.000 claims description 9
- 238000011156 evaluation Methods 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 230000005670 electromagnetic radiation Effects 0.000 claims description 3
- 230000003750 conditioning effect Effects 0.000 claims 1
- 238000010998 test method Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 8
- 238000004458 analytical method Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 201000004569 Blindness Diseases 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application provides a template attack test method, a device, equipment and a storage medium. The method comprises the following steps: determining a modeling template, a parameter adjusting template and a verification template of the password product; selecting corresponding test parameters in each template, and iteratively calculating a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template; selecting test parameters, of which the average value of the difference values of the first loss value and the second loss value of each iteration is smaller than a first preset threshold value and the average value of the difference values of the first matching probability value and the second matching probability value is smaller than a second preset threshold value, from different test parameters as template matching test parameters; calculating the matching probability of all templates in a template library and verification templates based on the template matching test parameters; and selecting the guess password corresponding to the template with the largest matching probability, and comparing the guess password with the real password of the password chip to evaluate the security of the password product.
Description
Technical Field
The application relates to the technical field of security of password products, in particular to a template attack test method, a device, equipment and a storage medium.
Background
Password products such as security chips are subject to various attacks during actual use, and the security of the password products is usually analyzed and evaluated by manufacturers and security product detection institutions before leaving factories. Some typical attack means, such as performing bypass analysis on the power consumption of the password product or the information leakage of the electromagnetic form, but with the continuous promotion of the hardware process and the protection strategy of the security product, along with a great deal of noise entrained in the actual environment, most of the traditional analysis methods are often difficult to comprehensively find the potential security holes.
Compared with the traditional differential power consumption analysis, the template attack test is also applicable to the analysis of the non-password operation operations such as data migration and the like, so that the technology is widely applied to the field of security evaluation.
In the side channel leakage evaluation of the password products such as the security chip, the traditional template attack test method mainly comprises two links of establishing a template and matching the template. The tester needs to select proper modeling parameters and matching parameters to obtain an ideal matching result, so that the relevant parameter configuration is often repeatedly adjusted in the actual test, and the matching result is more approximate to an optimal value.
The inventor finds that the template matching is carried out by repeatedly manually adjusting the parameters to establish the template, the operation method is more time-consuming, certain blindness exists in modeling parameter selection, the accuracy of the matching result is easy to reduce, the robustness of the matching result is poor, and the challenge is brought to the development of the template attack test.
And as a manufacturer of the password product, the accuracy of the password product is evaluated by using the template attack result, and the accuracy of the template attack result is also dependent on the accuracy of the template attack result. Therefore, in order to better improve the accuracy of the template attack test result, the conventional template attack test method is extremely required to be further optimized.
Disclosure of Invention
The embodiment of the application provides a template attack testing method, which comprises the following steps: determining modeling templates, parameter adjusting templates and verification templates of a password product, wherein the modeling templates and the parameter adjusting templates are from a template library of the password product, and the number of the verification templates is the same as that of the parameter adjusting templates; selecting corresponding test parameters in the parameter adjusting template, the verification template and the modeling template, and iteratively calculating a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template; selecting the test parameters, of which the average value of the difference values of the first loss value and the second loss value of each iteration is smaller than a first preset threshold value and the average value of the difference values of the first matching probability value and the second matching probability value is smaller than a second preset threshold value, from different test parameters as template matching test parameters; calculating the matching probability of all templates in the template library and the verification template based on the template matching test parameters; and selecting a guess password corresponding to the template with the largest matching probability, and comparing the guess password with the real password of the password chip to evaluate the security of the password product.
As one aspect of the present application, the determining a modeling template, a parametric template, and a verification template of a cryptographic product includes: establishing a template library of the password product, wherein the template library comprises templates, and each template corresponds to one guess password; grouping at least one part of templates selected from the template library according to a preset proportion, and dividing the templates into a modeling template and a parameter adjusting template; and determining a verification template obtained when the password product works for a plurality of times by using the real password.
As one aspect of the present application, the predetermined ratio is 4:1.
As one aspect of the present application, the creating a template library of a cryptographic product includes: collecting side channel information of the password product when each guess password works; extracting characteristic point parameters of the guessed password based on the side channel information; and establishing templates of the guessed passwords based on the characteristic point parameters of the guessed passwords, wherein the templates form a template library.
As one aspect of the present application, the determining the verification template obtained when the cryptographic product works multiple times using a genuine password includes: acquiring side channel information of the password product when the password product works for a plurality of times by using a real password; extracting characteristic point parameters of the real password based on side channel information of the real password when the real password works; and establishing the verification template based on the characteristic point parameters of the real password.
As one aspect of the present application, the side channel information includes: operational data, energy expenditure profile, electromagnetic radiation profile.
As one aspect of the present application, the characteristic point parameters include: feature points, mean vector, noise covariance matrix.
As one aspect of the present application, the selecting the test parameters corresponding to the parameter tuning template, the verification template and the modeling template, and iteratively calculating a plurality of first loss values and a plurality of first matching probability values of the parameter tuning template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template, includes: selecting corresponding test parameters in the parameter adjustment template, the verification template and the modeling template, and iteratively calculating a plurality of first loss values of the parameter adjustment template and the modeling template by using a loss function equation; iteratively calculating a plurality of first matching probability values of the parameter adjusting template and the modeling template by utilizing an accuracy function equation based on the test parameters; iteratively calculating a plurality of second loss values of the verification template and the modeling template using a loss function equation based on the test parameters; and iteratively calculating a plurality of second matching probability values of the verification template and the modeling template by using an accuracy function equation based on the test parameters.
As one aspect of the present application, the calculating, based on the test parameters of the template matching, the matching probabilities of all templates in the template library and the verification template includes: and calculating third matching probability values of all templates in the template library and the verification template by using an accuracy function equation based on the template matching test parameters.
The embodiment of the application also provides a template attack testing device, which comprises a modeling unit, a computing unit, a parameter selecting unit, a template matching unit and a password evaluating unit, wherein the modeling unit determines modeling templates, parameter adjusting templates and verification templates of a password product, the modeling templates and the parameter adjusting templates are from a template library of the password product, and the number of the verification templates is the same as that of the parameter adjusting templates; the calculation unit selects corresponding test parameters in the parameter adjusting template, the verification template and the modeling template, and iteratively calculates a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template; the parameter selection unit selects the test parameters, of which the average value of the difference values of the first loss value and the second loss value of each iteration is smaller than a first preset threshold value and the average value of the difference values of the first matching probability value and the second matching probability value is smaller than a second preset threshold value, as the template matching test parameters; the template matching unit calculates the matching probability of all templates in the template library and the verification template based on the template matching test parameters; and the password evaluation unit selects a guess password corresponding to the template with the largest matching probability, and compares the guess password with the real password of the password chip to evaluate the security of the password product.
As one aspect of the present application, the modeling unit includes a template library establishing module, a template grouping module, and a verification template determining module, the template library establishing module establishes a template library of a guessed password of the password product; the template grouping module groups at least one part of templates selected from the template library according to a preset proportion, and divides the templates into a modeling template and a parameter adjusting template; the verification template determining module determines a verification template obtained when the password product works for a plurality of times by using a real password.
As one aspect of the application, the template library establishment module comprises a guessed password information acquisition module, a guessed password parameter extraction module and a library establishment module, wherein the guessed password information acquisition module acquires side channel information of a password product when each guessed password is used; the guess password parameter extraction module extracts characteristic point parameters of the guess password based on the side channel information; the library building module builds templates of the guessed passwords based on the characteristic point parameters of the guessed passwords, and the templates form a template library.
As one aspect of the application, the verification template determining module comprises a real password information acquisition module, a real password parameter extraction module and a verification template establishing module, wherein the real password information acquisition module acquires side channel information when the password product works for a plurality of times by using a real password; the real password parameter extraction module extracts characteristic point parameters of the real password based on side channel information of the real password when in operation; the verification template establishing module establishes the verification template based on the characteristic point parameters of the real password.
The calculation unit of the verification template establishment module comprises a first loss value iterative calculation module, a first matching probability iterative calculation module, a second loss value iterative calculation module and a second matching probability iterative calculation module, wherein the first loss value iterative calculation module selects the parameter adjusting template, the verification template and the corresponding test parameters in the modeling template, and a loss function equation is utilized to calculate a plurality of first loss values of the parameter adjusting template and the modeling template in an iterative mode; the first matching probability iterative computation module is used for iteratively computing a plurality of first matching probability values of the parameter adjusting template and the modeling template by utilizing an accuracy function equation based on the test parameters; the second loss value iterative computation module is used for iteratively computing a plurality of second loss values of the verification template and the modeling template by using a loss function equation based on the test parameters; the second matching probability iterative computation module is used for iteratively computing a plurality of second matching probability values of the verification template and the modeling template by utilizing an accuracy function equation based on the test parameters.
The embodiment of the application also provides electronic equipment, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, and is characterized in that the method is realized when the processor executes the program.
The embodiment of the application also provides a computer readable storage medium, on which a processor program is stored, characterized in that the processor program is configured to execute the method described above.
According to the technical scheme provided by the embodiment of the application, after the automatic parameter adjusting mechanism is introduced, the template attack becomes more efficient, the accuracy is higher, and the time consumption and the complexity of actual operation are saved; the method is suitable for template attack of various algorithms or specific operations, has universality, has higher accuracy of the result of the template attack, and utilizes the result of the template attack to evaluate the security of the password product, and has higher accuracy.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for testing a template attack according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a loss function according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an accuracy curve according to an embodiment of the present application;
FIG. 4 is a schematic diagram illustrating a device for testing a template attack according to an embodiment of the present application;
fig. 5 is a schematic diagram of a template attack testing device according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application more clear, a detailed and clear description of specific embodiments of the technical solution of the present application will be given below with reference to the accompanying drawings and the embodiments. However, the following description of specific embodiments and examples is for illustrative purposes only and is not intended to be limiting of the application. It is intended that the present application encompass only some, but not all embodiments of the present application, as well as other embodiments of the present application that may be obtained by those skilled in the art with respect to various modifications of the present application.
Fig. 1 is a schematic flow chart of a template attack testing method according to an embodiment of the present application, which includes the following steps.
In step S10, a modeling template, a parameter tuning template and a verification template of the cryptographic product are determined, wherein the modeling template and the parameter tuning template are from a template library of the cryptographic product, and the number of the verification templates is the same as the number of parameter tuning templates.
First, a template library of guessed passwords for the password product is created. Specifically, the acquisition password product uses each guess password to execute the side channel information of the password algorithm or the specific operation. Characteristic point parameters of the guessed password are extracted based on the side channel information. And establishing a template library of the guessed password based on the characteristic point parameters of the guessed password.
And secondly, grouping at least one part of templates selected from the template library according to a preset proportion, and dividing the templates into a modeling template and a parameter adjusting template. The preset ratio is preferably 4:1, but not limited thereto.
And then determining a verification template obtained when the password product uses the real password to execute a password algorithm or specific operation and other works, and particularly, acquiring side channel information when the password product uses the real password to work for multiple times. And extracting characteristic point parameters of the real password based on the side channel information of each time. And establishing a verification template based on the characteristic point parameters extracted each time, and establishing a verification template for multiple works.
The side channel information includes: operational data, energy expenditure profile, electromagnetic radiation profile. The characteristic point parameters include: feature points, mean vector, noise covariance matrix.
The number of verification templates is the same as the number of parameter adjustment templates. The method is characterized in that a loss function curve and an accuracy curve of a parameter adjusting template and a modeling template are calculated, a loss function curve and an accuracy curve of a verification template and the modeling template are calculated, and matching parameters are compared and selected based on the curves.
In step S20, a parameter adjustment template, a verification template, and a test parameter corresponding to the modeling template are selected, and a plurality of first loss values and a plurality of first matching probability values of the parameter adjustment template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template are iteratively calculated.
And selecting a parameter adjusting template, verifying corresponding test parameters in the template and the modeling template, namely the number of effective points on a power curve of each template, a point selecting interval and the corresponding average value vector and the dimensionality of a noise matrix. And iteratively calculating first loss values of the parameter adjusting template and the modeling template by using a loss function equation, wherein the first loss values form a first loss function curve. And (3) iteratively calculating second loss values of the verification template and the modeling template by using the loss function equation, wherein the second loss values form a second loss function curve.
The loss function equation is as follows:
wherein x is the mean vector of the parameter adjusting template or the verification template, And calculating to obtain the statistical condition between the two differences for modeling the average value vector of the template, and reflecting the loss value loss of the information quantity.
Fig. 2 is a schematic diagram of a loss function curve according to an embodiment of the present application, where the abscissa of the loss function curve is the number of iterations, and the ordinate is the loss value, where the train curve is the loss function curve calculated by using a parameter adjustment template, and the test curve is the loss function curve calculated by using a verification template.
Wherein the first loss value is substantially less than the second loss value, and is an overfitting. Conversely, the first loss value is a far greater than the second loss value, which is a under fit.
And based on the selected test parameters, iteratively calculating first matching probability values of the parameter adjusting templates and the modeling templates by using an accuracy function equation, wherein the first matching probability values form a first accuracy curve. And (3) iteratively calculating a second matching probability value of the verification template and the modeling template by using an accuracy function equation, wherein the second matching probability value forms a second accuracy curve.
The accuracy function is as follows:
in the above formula, m is the number of modeling templates, p i is a matching probability value, C i is a noise matrix of the modeling templates, x i is a mean vector of the modeling templates, and x is a mean vector of the verification templates, wherein the dimensions of the mean vector and the noise matrix are related to parameters such as the number of feature points of the selected test parameters.
Fig. 3 is a schematic diagram of an accuracy curve according to an embodiment of the present application, where an abscissa of the accuracy curve is iteration number, an ordinate is a matching probability value, a train curve is an accuracy curve calculated by using a parameter adjustment template, and a test curve is an accuracy curve calculated by using a verification template.
Wherein, the higher the coincidence of the first matching probability value and the second matching probability value is, the better, and the higher the proximity is, the better.
In this embodiment, for example, the template library has 100 templates, and a part of the templates are selected as modeling templates and parameter tuning templates, then 40 modeling templates, 10 parameter tuning templates, 10 verification templates, and characteristic point parameters of each template are: and i feature points in total, the mean vector and the noise matrix are x i,Ci respectively.
And selecting a group of test parameters, wherein the number of the characteristic points (namely, the number of the effective points on the power curve of each template) is 5, 100 points are totally arranged on the power curve of each template, 1 effective characteristic point is selected every 20 points in a point selection interval, and the dimensions of the mean vectors are equal. That is, the number of feature points of each template is 5, and then the mean vector and the noise matrix are five-dimensional matrices.
The loss function equation is as follows:
Wherein x is the average value of the mean vector of the parameter adjusting template or the verification template, And calculating to obtain the statistical condition between the difference of the average value vector and the average value vector of the modeling template, and reflecting the loss value loss of the information quantity.
And calculating a first loss value loss1 after each modeling template and the parameter adjusting template are iterated for 1 time by using the loss function equation. And then changing the iteration times N, replacing x with loss1, and continuing to perform iterative computation for 2 times and 3 times … … times to obtain a plurality of first loss values to form a first loss curve.
And likewise obtaining a second loss curve of each modeling template and each verification template.
The accuracy function is as follows:
In the above formula, m is the number of modeling templates, p i is a matching probability value, C i is the average value of noise matrices of the modeling templates, x i is the average value of mean vectors of the modeling templates, and x is the average value of mean vectors of verification templates, wherein the dimensions of the mean vectors and the noise matrices are related to parameters such as the number of feature points of the selected test parameters.
And calculating a first matching probability value p 1 after each modeling template and the parameter adjusting template are iterated for 1 time by using the accuracy function equation. And then p 1 is used for replacing x, and the iterative calculation is continued for 2 times and 3 times … … times to obtain a plurality of first matching probability values, so that a first accuracy curve is formed. And likewise obtaining a second accuracy curve of each modeling template and each verification template.
In step S30, selecting, as the test parameters for template matching, test parameters having average values of differences between the first loss value and the second loss value of each iteration smaller than a first preset threshold and average values of differences between the first matching probability value and the second matching probability value smaller than a second preset threshold.
Specifically, the difference precision between the loss curves and the difference precision between the accuracy curves are judged. If the same group of test parameters are iterated 100 times, 100 first loss values and second loss values exist, the average value of the difference values of the first loss values and the second loss values calculated in each iteration is calculated, and if the average value of the difference values is smaller than a first preset threshold value and the average value of the difference values of the first matching probability and the second matching probability of each iteration is smaller than a second preset threshold value, the test parameters are used as the test parameters of template matching.
If the accuracy, i.e. the average value of the differences, does not reach the threshold value, a set of test parameters is re-selected. Until the threshold accuracy requirement is reached. The set of test parameters is a template matching parameter.
In step S40, the matching probabilities of all templates in the template library and the verification template are calculated based on the test parameters of the template matching.
In this embodiment, the matching probability values of 100 templates of the template library for the verification template are calculated according to the set of template matching parameters, and the calculation is performed by using an accuracy function equation.
The third matching probability value formula for the verification template and the template of the template library is calculated as follows:
In the above formula, p i is a third matching probability value, C i is a noise matrix of the modeling template, x i is a mean vector of the modeling template, and x is an average value of the mean vector of the verification template, where the dimensions of the mean vector and the noise matrix are related to parameters such as the number of feature points of the test parameter.
The number of third matching probability values obtained through calculation is the same as the number of modeling templates. The average value vector and the noise matrix are the most commonly used feature model types, the number of feature points and the selection interval determine the dimension of the average value vector and the noise matrix, the calculation efficiency of the loss function and the matching probability function can be affected, and the larger the feature points, the larger the dimension of the feature model and the larger the calculation amount.
Specifically, when calculating the third matching probability value, x may be the mean vector of each verification template, or may be the mean vector average of 10 verification templates. If the result is the former, the calculation amount is larger and the precision is higher.
In step S50, the guess password corresponding to the template with the highest matching probability is selected and compared with the actual password of the password chip to evaluate the security of the password product.
In this embodiment, 100 third matching probability values are calculated, the calculated third matching probability values are ranked, and the guessed password of the template corresponding to the largest third matching probability value is selected to be compared with the real password, wherein the closer the two are, the lower the security level of the password product is, and the easier the password product is attacked and cracked by the template. In contrast, the less the guess password of the selected template is close to the real password, the higher the security level of the password product is, and the less the password product is easily cracked by the template attack.
According to the technical scheme provided by the embodiment, after the automatic parameter adjusting mechanism is introduced, the template attack becomes more efficient, the accuracy is higher, and the time consumption and the complexity of actual operation are saved; the method is suitable for template attack of various algorithms or specific operations, has universality, has higher accuracy of the result of the template attack, and utilizes the result of the template attack to evaluate the security of the password product, and has higher accuracy.
An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor performing the method described above.
A computer readable storage medium having stored thereon a processor program for executing the method described above.
Fig. 4 is a schematic diagram of a template attack testing device according to an embodiment of the present application, which includes a modeling unit 1, a computing unit 2, a parameter selecting unit 3, a template matching unit 4, and a password evaluating unit 5.
The modeling unit 1 determines a modeling template, a parameter tuning template and a verification template of the password product, wherein the modeling template and the parameter tuning template are from a template library of the password product, and the number of the verification templates is the same as the number of the parameter tuning templates. The computing unit 2 selects the parameter adjusting template, the verification template and the corresponding test parameters in the modeling template, and iteratively computes a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template. The parameter selection unit 3 selects, as the template matching test parameters, test parameters having average values of differences between the first loss value and the second loss value of each iteration smaller than a first preset threshold and average values of differences between the first matching probability value and the second matching probability value smaller than a second preset threshold. The template matching unit 4 calculates the matching probabilities of all templates in the template library and the verification template based on the test parameters of the template matching. The password evaluation unit 5 selects the guess password corresponding to the template with the largest matching probability, and compares the guess password with the real password of the password chip to evaluate the security of the password product.
Fig. 5 is a schematic diagram of a template attack testing device according to another embodiment of the present application, which includes a modeling unit 1, a computing unit 2, a parameter selecting unit 3, a template matching unit 4, and a password evaluating unit 5.
The modeling unit 1 determines a modeling template, a parameter tuning template and a verification template of the password product, wherein the modeling template and the parameter tuning template are from a template library of the password product, and the number of the verification templates is the same as the number of the parameter tuning templates. The computing unit 2 selects the parameter adjusting template, the verification template and the corresponding test parameters in the modeling template, and iteratively computes a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template. The parameter selection unit 3 selects, as the template matching test parameters, test parameters having average values of differences between the first loss value and the second loss value of each iteration smaller than a first preset threshold and average values of differences between the first matching probability value and the second matching probability value smaller than a second preset threshold. The template matching unit 4 calculates the matching probabilities of all templates in the template library and the verification template based on the test parameters of the template matching. The password evaluation unit 5 selects the guess password corresponding to the template with the largest matching probability, and compares the guess password with the real password of the password chip to evaluate the security of the password product.
The modeling unit 1 includes a template library creation module 11, a template grouping module 12, and a verification template determination module 13. The template library creation module 11 creates a template library of guessed passwords for the password product. The template grouping module 12 groups at least a portion of templates selected from the template library according to a preset ratio, and divides the templates into a modeling template and a parameter tuning template. The verification template determination module 13 determines a verification template obtained when the cryptographic product works a plurality of times using the genuine password.
The template library establishment module 11 comprises a guessed password information acquisition module 111, a guessed password parameter extraction module 112 and a library establishment module 113.
The guess password information acquisition module 111 acquires side channel information of when the password product works with each guess password. The guess password parameter extraction module 112 extracts feature point parameters of the guess password based on the side channel information. The library creating module 113 creates a template library of the guessed password based on the feature point parameters of the guessed password.
The verification template determining module 13 comprises a true password information collecting module 131, a true password parameter extracting module 132 and a verification template establishing module 133.
The genuine password information collecting module 131 collects side channel information when the password product works a plurality of times using the genuine password. The genuine password parameter extraction module 132 extracts characteristic point parameters of the genuine password based on side channel information when the genuine password is operated. The verification template creation module 133 creates a verification template based on the feature point parameters of the genuine password.
The calculation unit 2 includes a first loss value iterative calculation module 21, a first matching probability iterative calculation module 22, a second loss value iterative calculation module 23, and a second matching probability iterative calculation module 24.
The first loss value iterative calculation module 21 selects the test parameters, and iteratively calculates the first loss values of the parameter tuning template and the modeling template by using the loss function equation. The first matching probability iterative computation module 22 iteratively computes a first matching probability value for the tuning template and the modeling template using the accuracy function equation based on the test parameters. The second loss value iterative calculation module 23 iteratively calculates a second loss value of the verification template and the modeling template using the loss function equation based on the test parameters. The second matching probability iterative computation module 24 iteratively computes a second matching probability value for the verification template and the modeling template using the accuracy function equation based on the test parameters.
It should be noted that the above embodiments described above with reference to the drawings are only for illustrating the present application and not for limiting the scope of the present application, and it should be understood by those skilled in the art that modifications or equivalent substitutions to the present application are intended to be included in the scope of the present application without departing from the spirit and scope of the present application. Furthermore, unless the context indicates otherwise, words occurring in the singular form include the plural form and vice versa. In addition, unless specifically stated, all or a portion of any embodiment may be used in combination with all or a portion of any other embodiment.
Claims (14)
1. A template attack testing method, comprising:
Determining modeling templates, parameter adjusting templates and verification templates of a password product, wherein the modeling templates and the parameter adjusting templates are from a template library of the password product, and the number of the verification templates is the same as that of the parameter adjusting templates;
Selecting corresponding test parameters in the parameter adjusting template, the verification template and the modeling template, and iteratively calculating a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template;
Selecting the test parameters, of which the average value of the difference values of the first loss value and the second loss value of each iteration is smaller than a first preset threshold value and the average value of the difference values of the first matching probability value and the second matching probability value is smaller than a second preset threshold value, from different test parameters as template matching test parameters;
Calculating the matching probability of all templates in the template library and the verification template based on the template matching test parameters;
Selecting a guess password corresponding to the template with the largest matching probability, and comparing the guess password with the real password of the password chip to evaluate the security of the password product;
The selecting the test parameters corresponding to the parameter adjusting template, the verification template and the modeling template, and iteratively calculating a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template, including:
Selecting corresponding test parameters in the parameter adjustment template, the verification template and the modeling template, and iteratively calculating a plurality of first loss values of the parameter adjustment template and the modeling template by using a loss function equation;
Iteratively calculating a plurality of first matching probability values of the parameter adjusting template and the modeling template by utilizing an accuracy function equation based on the test parameters;
iteratively calculating a plurality of second loss values of the verification template and the modeling template using a loss function equation based on the test parameters;
and iteratively calculating a plurality of second matching probability values of the verification template and the modeling template by using an accuracy function equation based on the test parameters.
2. The method of claim 1, wherein the determining a modeling template, a conditioning template, and a verification template for a cryptographic product comprises:
establishing a template library of the password product, wherein the template library comprises templates, and each template corresponds to one guess password;
Grouping at least one part of templates selected from the template library according to a preset proportion, and dividing the templates into a modeling template and a parameter adjusting template;
And determining a verification template obtained when the password product works for a plurality of times by using the real password.
3. The method of claim 2, wherein the preset ratio is 4:1.
4. The method of claim 2, wherein the creating a template library of cryptographic products comprises:
collecting side channel information of the password product when each guess password works;
Extracting characteristic point parameters of the guessed password based on the side channel information;
And establishing templates of the guessed passwords based on the characteristic point parameters of the guessed passwords, wherein the templates form a template library.
5. The method of claim 2, wherein the determining the authentication template that the cryptographic product gets when working multiple times with a genuine password comprises:
acquiring side channel information of the password product when the password product works for a plurality of times by using a real password;
Extracting characteristic point parameters of the real password based on side channel information of the real password when the real password works;
and establishing the verification template based on the characteristic point parameters of the real password.
6. The method of claim 4 or 5, wherein the side channel information comprises: operational data, energy expenditure profile, electromagnetic radiation profile.
7. The method according to claim 4 or 5, wherein the feature point parameters comprise: feature points, mean vector, noise covariance matrix.
8. The method of claim 1, wherein the calculating the match probabilities of all templates in the template library to the verification template based on the template matching test parameters comprises:
And calculating third matching probability values of all templates in the template library and the verification template by using an accuracy function equation based on the template matching test parameters.
9.A template attack testing device, comprising:
the modeling unit is used for determining modeling templates, parameter adjusting templates and verification templates of the password product, wherein the modeling templates and the parameter adjusting templates are from a template library of the password product, and the number of the verification templates is the same as that of the parameter adjusting templates;
The calculation unit is used for selecting corresponding test parameters in the parameter adjusting template, the verification template and the modeling template, and iteratively calculating a plurality of first loss values and a plurality of first matching probability values of the parameter adjusting template and the modeling template, and a plurality of second loss values and second matching probability values of the verification template and the modeling template;
the parameter selection unit is used for selecting the test parameters, of which the average value of the difference values of the first loss value and the second loss value of each iteration is smaller than a first preset threshold value and the average value of the difference values of the first matching probability value and the second matching probability value is smaller than a second preset threshold value, from different test parameters as template matching test parameters;
the template matching unit is used for calculating the matching probability of all templates in the template library and the verification template based on the template matching test parameters;
the password evaluation unit selects a guess password corresponding to the template with the largest matching probability, and compares the guess password with the real password of the password chip to evaluate the security of the password product;
Wherein the computing unit includes:
The first loss value iterative computation module is used for selecting corresponding test parameters in the parameter adjustment template, the verification template and the modeling template, and iteratively computing a plurality of first loss values of the parameter adjustment template and the modeling template by using a loss function equation;
A first matching probability iterative computation module for iteratively computing a plurality of first matching probability values of the parameter adjustment template and the modeling template by using an accuracy function equation based on the test parameters;
a second loss value iterative computation module for iteratively computing a plurality of second loss values of the verification template and the modeling template by using a loss function equation based on the test parameters;
and a second matching probability iterative calculation module for iteratively calculating a plurality of second matching probability values of the verification template and the modeling template by using an accuracy function equation based on the test parameters.
10. The apparatus of claim 9, wherein the modeling unit comprises:
the template library establishing module is used for establishing a template library of the guessed passwords of the password product;
The template grouping module is used for grouping at least one part of templates selected from the template library according to a preset proportion and dividing the templates into a modeling template and a parameter adjusting template;
and the verification template determining module is used for determining a verification template obtained when the password product works for a plurality of times by using the real password.
11. The apparatus of claim 10, wherein the template library creation module comprises:
The guess password information acquisition module acquires side channel information when the password product works by using each guess password;
A guess password parameter extraction module for extracting characteristic point parameters of the guess password based on the side channel information;
and the library building module is used for building templates of the guessed passwords based on the characteristic point parameters of the guessed passwords, and the templates form a template library.
12. The apparatus of claim 10, wherein the verification template determination module comprises:
the real password information acquisition module acquires side channel information when the password product works for a plurality of times by using the real password;
The real password parameter extraction module is used for extracting characteristic point parameters of the real password based on side channel information when the real password works;
And the verification template establishing module is used for establishing the verification template based on the characteristic point parameters of the real password.
13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 8 when executing the program.
14. A computer readable storage medium having stored thereon a processor program for performing the method of any of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910550228.0A CN112131563B (en) | 2019-06-24 | 2019-06-24 | Template attack testing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910550228.0A CN112131563B (en) | 2019-06-24 | 2019-06-24 | Template attack testing method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112131563A CN112131563A (en) | 2020-12-25 |
| CN112131563B true CN112131563B (en) | 2024-04-26 |
Family
ID=73849052
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910550228.0A Active CN112131563B (en) | 2019-06-24 | 2019-06-24 | Template attack testing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112131563B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3179668A1 (en) * | 2015-12-11 | 2017-06-14 | Institut Mines-Télécom | Methods and devices for estimating secret values |
| CN108880781A (en) * | 2018-06-14 | 2018-11-23 | 成都信息工程大学 | It is a kind of to add cover protection encryption equipment without mask neural network attack method |
| CN109218008A (en) * | 2017-07-05 | 2019-01-15 | 北京同方微电子有限公司 | A kind of template attack method for SM4 key schedule |
-
2019
- 2019-06-24 CN CN201910550228.0A patent/CN112131563B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3179668A1 (en) * | 2015-12-11 | 2017-06-14 | Institut Mines-Télécom | Methods and devices for estimating secret values |
| CN109218008A (en) * | 2017-07-05 | 2019-01-15 | 北京同方微电子有限公司 | A kind of template attack method for SM4 key schedule |
| CN108880781A (en) * | 2018-06-14 | 2018-11-23 | 成都信息工程大学 | It is a kind of to add cover protection encryption equipment without mask neural network attack method |
Non-Patent Citations (2)
| Title |
|---|
| DES密码芯片模板攻击技术研究;李佩之;严迎建;段二朋;;计算机应用与软件(第04期);全文 * |
| 实际密码芯片中基于密钥装载的模板攻击;顾星远;;信息安全与技术(第02期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112131563A (en) | 2020-12-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11057788B2 (en) | Method and system for abnormal value detection in LTE network | |
| WO2016049983A1 (en) | User keyboard key-pressing behavior mode modeling and analysis system, and identity recognition method thereof | |
| US20070150747A1 (en) | Method and apparatus for multi-model hybrid comparison system | |
| Sun et al. | Quantifying variable interactions in continuous optimization problems | |
| US11062120B2 (en) | High speed reference point independent database filtering for fingerprint identification | |
| WO2017075913A1 (en) | Mouse behaviors based authentication method | |
| CN109067800A (en) | A kind of cross-platform association detection method of firmware loophole | |
| CN111967535A (en) | Fault diagnosis method and device for temperature sensor in grain storage management scene | |
| US11132790B2 (en) | Wafer map identification method and computer-readable recording medium | |
| US8413246B2 (en) | Evaluating shellcode findings | |
| CN112464297B (en) | Hardware Trojan detection method, device and storage medium | |
| CN112131563B (en) | Template attack testing method, device, equipment and storage medium | |
| CN112165498B (en) | Intelligent decision-making method and device for penetration test | |
| CN107657223B (en) | Face authentication method based on rapid processing multi-distance metric learning | |
| CN113014361B (en) | BPSK signal confidence test method based on graph | |
| CN110941542A (en) | Sequence integration high-dimensional data anomaly detection system and method based on elastic network | |
| CN106055883B (en) | Transient stability evaluation input feature validity analysis method based on improved Sammon mapping | |
| CN110298204B (en) | ASIC chip hardware Trojan diagnosis method based on temperature field time-space effect | |
| US20130332225A1 (en) | Risk-profile generation device | |
| CN113705107A (en) | Power consumption analysis method based on mean ridge regression | |
| CN112597699A (en) | Social network rumor source identification method integrated with objective weighting method | |
| KR101768533B1 (en) | A method, an apparatus and a computer-readable storage medium of leveraging stereo matching with confidence measures | |
| CN116933274B (en) | Tissue comprehensive risk evaluation method, electronic device and storage medium | |
| Hube | Methods for estimating biometric score level fusion | |
| Roy et al. | Well performance predictions from geologic, petrophysical and completions-related parameters using generative topographic mapping: A field case study |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |