CN112668060B - Fault injection attack method and device, electronic equipment and storage medium - Google Patents
Fault injection attack method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112668060B CN112668060B CN202110029559.7A CN202110029559A CN112668060B CN 112668060 B CN112668060 B CN 112668060B CN 202110029559 A CN202110029559 A CN 202110029559A CN 112668060 B CN112668060 B CN 112668060B
- Authority
- CN
- China
- Prior art keywords
- attack
- parameter
- effective
- generalization
- attack parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002347 injection Methods 0.000 title claims abstract description 73
- 239000007924 injection Substances 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000011282 treatment Methods 0.000 claims abstract description 16
- 238000012545 processing Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 4
- 239000000243 solution Substances 0.000 description 8
- 230000008859 change Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Landscapes
- Test And Diagnosis Of Digital Computers (AREA)
Abstract
The application discloses a fault injection attack method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: determining a plurality of groups of effective attack parameter combinations of the encryption chip, wherein each group of effective attack parameter combinations comprises a plurality of effective attack parameters; respectively determining generalized standard values corresponding to each effective attack parameter; performing multiple generalization treatments on each group of effective attack parameter combinations based on the generalization standard values, and determining a plurality of groups of generalization attack parameter combinations; and carrying out fault injection attack on the encryption chip by utilizing the plurality of groups of generalized attack parameter combinations. By adopting the fault injection attack method, the device, the electronic equipment and the storage medium, the problems that effective attack parameter combinations cannot be quickly found and attack efficiency is low when fault injection attack is carried out on the encryption chip are solved.
Description
Technical Field
The present invention relates to the field of security attack evaluation technologies, and in particular, to a fault injection attack method, a device, an electronic device, and a storage medium.
Background
The fault injection attack is an important means for verifying the reliability of the encryption chip, and the method mainly utilizes the modes of power supply operation, electromagnetic operation or laser injection to influence the normal encryption operation of the encryption chip, so that encryption errors occur, and the encryption error data are used for analyzing the encryption key so as to verify whether the function of the encryption chip is safe. The attack method can be abstracted to be that a fault signal with certain intensity is injected into an encryption chip which is in encryption operation at a specific physical position and at a specific moment, so that encryption error data are generated, and therefore, the factors for generating the encryption error data comprise parameters such as attack position, attack moment, attack intensity and the like. In the prior art, a plurality of attack positions, attack moments, attack intensities and other parameters are generally combined to form a plurality of groups of specific attack parameter combinations, and an automatic fault injection attack is realized by sequentially executing the specific attack parameter combinations according to a set program, namely, the fault injection attack is performed in a batch processing mode.
In the existing batch processing mode, because parameters such as attack positions, attack moments, attack intensity and the like all have respective variable ranges, the number of combinations of attack parameters is huge, and the problems that effective attack parameter combinations cannot be quickly found and attack efficiency is low when fault injection attack is conducted on an encryption chip are caused.
Disclosure of Invention
In view of this, the present application provides a fault injection attack method, device, electronic apparatus, and storage medium, which can optimize a fault injection attack parameter combination, improve fault injection attack efficiency, and avoid the problem that an effective attack parameter combination cannot be found quickly and attack efficiency is low when a fault injection attack is performed on an encryption chip.
In a first aspect, an embodiment of the present application provides a fault injection attack method, including:
determining a plurality of groups of effective attack parameter combinations of the encryption chip, wherein each group of effective attack parameter combinations comprises a plurality of effective attack parameters;
respectively determining generalized standard values corresponding to each effective attack parameter;
based on the generalization standard value, carrying out generalization treatment on each group of effective attack parameter combinations for multiple times, and determining a plurality of groups of generalization attack parameter combinations;
and performing fault injection attack on the encryption chip by utilizing a plurality of groups of generalized attack parameter combinations.
Optionally, the plurality of valid attack parameters may include, but are not limited to: the effective attack position parameter, the effective attack moment parameter and the effective attack intensity parameter respectively determine the generalization standard value corresponding to each effective attack parameter, and the method can comprise the following steps: determining a reference attack parameter corresponding to the effective attack parameter; and determining the product of the reference attack parameter and the corresponding preset duty ratio as a generalized standard value corresponding to the effective attack parameter.
Optionally, the process of performing each generalization treatment on each set of valid attack parameter combinations based on the generalization standard value may include: determining a group of random numbers corresponding to each generalization process, wherein each group of random numbers can comprise a plurality of random numbers, and each random number in the plurality of random numbers corresponds to one effective attack parameter respectively; for each effective attack parameter in the group of effective attack parameter combinations, determining the product of the generalization standard value corresponding to the effective attack parameter and the corresponding random number, and determining the sum of the effective attack parameter and the product as the generalization attack parameter after the generalization treatment of the effective attack parameter.
Optionally, each group of generalized attack parameter combinations is a combination of a plurality of generalized attack parameters required by performing one fault injection attack on the encryption chip; the plurality of generalized attack parameters includes: a generalization attack position parameter, a generalization attack moment parameter and a generalization attack intensity parameter.
Optionally, the method may further include: acquiring effective encryption error data generated by an encryption chip under fault injection attack; and analyzing the key used by the encryption chip by using the obtained valid encryption error data.
In a second aspect, an embodiment of the present application provides a fault injection attack apparatus, including:
the effective parameter combination determining module is used for determining a plurality of groups of effective attack parameter combinations of the encryption chip, wherein each group of effective attack parameter combinations comprises a plurality of effective attack parameters;
the generalization standard value determining module is used for respectively determining a generalization standard value corresponding to each effective attack parameter;
the generalization processing module is used for carrying out multiple times of generalization processing on each group of effective attack parameter combinations based on the generalization standard value and determining a plurality of groups of generalization attack parameter combinations;
and the injection module is used for performing fault injection attack on the encryption chip by utilizing a plurality of groups of generalized attack parameter combinations.
Optionally, the plurality of valid attack parameters may include: the generalized standard value determining module determines a reference attack parameter corresponding to each effective attack parameter according to the effective attack position parameter, the effective attack moment parameter and the effective attack intensity parameter; and determining the product of the reference attack parameter and the corresponding preset duty ratio as a generalized standard value corresponding to the effective attack parameter.
Optionally, the process of performing each generalization processing by the generalization processing module for each set of valid attack parameter combinations may include: determining a group of random numbers corresponding to each generalization process, wherein each group of random numbers comprises a plurality of random numbers, and each random number in the plurality of random numbers corresponds to an effective attack parameter; for each effective attack parameter in the group of effective attack parameter combinations, determining the product of the generalization standard value corresponding to the effective attack parameter and the corresponding random number, and determining the sum of the effective attack parameter and the product as the generalization attack parameter after the generalization treatment of the effective attack parameter.
In a third aspect, an embodiment of the present application provides an electronic device, including: the system comprises a processor, a memory and a bus, wherein the memory stores machine-readable instructions executable by the processor, the processor and the memory are communicated through the bus when the electronic device runs, and the machine-readable instructions are executed by the processor to execute the steps of the fault injection attack method.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having a computer program stored thereon, the computer program when executed by a processor performing the steps of the fault injection attack method described above.
The embodiment of the application brings the following beneficial effects:
the embodiment of the application provides a fault injection attack method, which comprises the following steps: determining a plurality of groups of effective attack parameter combinations of the encryption chip, wherein each group of effective attack parameter combinations comprises a plurality of effective attack parameters; respectively determining generalized standard values corresponding to each effective attack parameter; based on the generalization standard value, carrying out generalization treatment on each group of effective attack parameter combinations for multiple times, and determining a plurality of groups of generalization attack parameter combinations; and performing fault injection attack on the encryption chip by utilizing a plurality of groups of generalized attack parameter combinations. The method and the device can optimize the fault injection attack parameter combination, improve the fault injection attack efficiency, and avoid the problems that the effective attack parameter combination cannot be quickly found and the attack efficiency is lower when the fault injection attack is carried out on the encryption chip.
In order to make the above objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the following drawings are some embodiments of the present application, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a fault injection attack method provided in an embodiment of the present application;
fig. 2 is a schematic structural diagram of a fault injection attack device according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
In the existing batch processing mode, the attack position, attack time, attack intensity and other parameters have respective variable ranges, so the number of combinations of attack parameters is huge. For example, if the variable range of each parameter is 100, the attack parameters can form 100 ten thousand combinations, and many attack parameter combinations are invalid, which results in the problem that when fault injection attack is performed on the encryption chip, all valid attack parameter combinations cannot be quickly found and attack efficiency is low.
Based on the above, the embodiment of the application provides a fault injection attack method, a device, an electronic device and a storage medium, which can efficiently find more effective attack parameter combinations on the basis of known multiple groups of effective attack parameter combinations, improve the efficiency of fault injection attack, and avoid the problems that the effective attack parameter combinations cannot be quickly found and the attack efficiency is lower when the fault injection attack is performed on an encryption chip.
For the sake of understanding the present embodiment, first, a fault injection attack method disclosed in the present embodiment is described in detail, and fig. 1 is a flowchart of a fault injection attack method provided in the present embodiment, and as shown in fig. 1, the method includes the following steps:
step 101, determining multiple groups of effective attack parameter combinations of the encryption chip, wherein each group of effective attack parameter combinations comprises multiple effective attack parameters.
Specifically, when a fault injection attack is performed on the encryption chip, a plurality of attack parameters required by the attack need to be determined first, then the fault injection attack is performed on the encryption chip running the cryptographic algorithm according to the combination of the determined attack parameters, and if the encrypted data generated by the encryption chip is different from the expected correct data, the encrypted data is called as encrypted error data.
The above combinations of attack parameters are referred to as attack parameter combinations, the encryption error data that contributes to the analysis key is referred to as valid encryption error data, the attack parameter combinations that enable the encryption chip to generate valid encryption error data are referred to as valid attack parameter combinations, and the parameters included in the valid attack parameter combinations are referred to as valid attack parameters.
In the embodiment of the application, the prior information is known, multiple groups of valid attack parameter combinations can be determined from the prior information, and the multiple groups of valid attack parameter combinations can be used for subsequent parameter generalization processing. Where the a priori information is experience and history obtained from past fault injection attack tests, including but not limited to: multiple sets of valid attack parameter combination information, encryption error data information, encryption key information and cipher algorithm information. Where the cryptographic algorithm is a mathematical function used for encryption and decryption, implemented in code or circuitry in a cryptographic device, common cryptographic algorithms include AES, DES, SM, RSA, etc. Cryptographic devices are a generic term for devices that have some cryptographic function or that are capable of performing some cryptographic work task.
Illustratively, the attack parameters described above may include, but are not limited to: the attack parameter combination consisting of the attack position parameter L, the attack moment parameter T and the attack intensity parameter P is marked as (L, T, P). The attack position may be in the encapsulation range of the encryption chip, and is denoted by [ L (Xmin, ymin), L (Xmax, ymax) ], where L (Xmin, ymin) represents the coordinates of the upper left corner in the rectangular area corresponding to the encapsulation range of the encryption chip, and L (Xmax, ymax) represents the coordinates of the lower right corner in the rectangular area corresponding to the encapsulation range of the encryption chip. The attack time may be within the execution time range of the cryptographic algorithm, denoted as [ Tmin, tmax ], tmin represents the start time of the cryptographic algorithm execution, tmax represents the end time of the cryptographic algorithm execution. The attack intensity may be determined by the attack apparatus and denoted as [ Pmin, pmax ], pmin represents the minimum intensity of the disturbance source generated by the attack apparatus, pmax represents the maximum intensity of the disturbance source generated by the attack apparatus, for example, if the attack apparatus adopts an electromagnetic source, the attack intensity may refer to the intensity of the electromagnetic pulse, and if the attack apparatus adopts a laser source, the attack intensity may refer to the intensity of the laser pulse. Accordingly, the valid attack parameters described above may include, but are not limited to: an effective attack position parameter, an effective attack moment parameter and an effective attack intensity parameter. In one example, let N sets of valid attack parameter combinations be known, denoted (Li, ti, pi), where i e 1, N, li represents the valid attack location parameter in the i-th set of valid attack parameter combinations, ti represents the valid attack moment parameter in the i-th set of valid attack parameter combinations, and Pi represents the valid attack intensity parameter in the i-th set of valid attack parameter combinations.
And 102, respectively determining the generalized standard value corresponding to each effective attack parameter.
Specifically, for each effective attack parameter, a reference attack parameter corresponding to the effective attack parameter can be determined, and the product of the reference attack parameter and the corresponding preset duty ratio is determined as a generalized standard value corresponding to the effective attack parameter. The reference attack parameter may change along with the change of each effective attack parameter combination, for example, the reference attack parameter corresponding to any one effective attack parameter may take a parameter value corresponding to any one corresponding effective attack parameter in each effective attack parameter combination, taking the effective attack parameter as an effective attack position parameter as an example, and one effective attack position parameter may be arbitrarily selected from a plurality of effective attack position parameters in a plurality of groups of effective attack parameter combinations, and be used as the reference attack parameter corresponding to the effective attack position parameter. In addition, the reference attack parameter may not change with the change of each effective attack parameter combination, that is, the reference attack parameter may be an average value, a middle value, a maximum value, a minimum value, etc. of parameter values corresponding to each effective attack parameter in all effective attack parameter combinations, which is not limited in this application. For example, taking the effective attack parameter as an effective attack moment parameter as an example, an average value, a median value, a maximum value or a minimum value of a plurality of effective attack moment parameters in a plurality of groups of effective attack parameter combinations may be used as a reference attack parameter corresponding to the effective attack moment parameter.
In addition, the preset duty ratio may be a percentage value determined empirically, and the preset duty ratio corresponding to each reference attack parameter may be the same or different, and a specific value of the preset duty ratio may be determined by a person skilled in the art according to actual requirements.
In the embodiment of the application, δl0 is used to represent a reference attack position parameter corresponding to an effective attack position parameter, δt0 is used to represent a reference attack time parameter corresponding to an effective attack time parameter, δp0 is used to represent a reference attack strength parameter corresponding to an effective attack strength parameter, δl is used to represent a generalization standard value corresponding to the effective attack position parameter, δt is used to represent a generalization standard value corresponding to the effective attack time parameter, and δp is used to represent a generalization standard value corresponding to the effective attack strength parameter. In one example, the empirically preset duty cycle may take any value in the range of 1% -5%.
Taking the example in step 101 as an example, assuming that the preset duty ratio corresponding to each reference attack parameter is 3%, the generalized standard value δl=δl0×3% corresponding to the effective attack location parameter; generalization standard value δt=δt0×3% corresponding to the effective attack moment parameter; generalized standard values δp=δp0×3% corresponding to the effective attack intensity parameters.
And 103, performing multiple generalization treatments on each group of effective attack parameter combinations based on the generalization standard values, and determining multiple groups of generalization attack parameter combinations.
Specifically, the whole generalization treatment process comprises the following steps: the first group of effective attack parameter combinations are subjected to multiple generalization treatments, then the second group of effective attack parameter combinations are subjected to the same times of generalization treatments, and the like until the generalization treatments of all the effective attack parameter combinations are completed. The number of times of the generalization processing performed on each set of valid attack parameter combinations is referred to as the number of times of generalization, and is denoted as K.
The process of each generalization treatment is as follows: and generating a group of random numbers corresponding to each effective attack parameter in the effective attack parameter combination during each generalization process, calculating the product of the generalization standard value corresponding to each effective attack parameter in the effective attack parameter combination and the corresponding random number, and determining the sum of the effective attack parameter and the corresponding product as the generalization attack parameter of the effective attack parameter after the generalization process. Each generated random number group comprises a plurality of random numbers, and each random number corresponds to one effective attack parameter.
In one example, it is assumed that the generated set of random numbers are R1, R2, and R3, respectively, and their value ranges may be [ -1,1]. R1 corresponds to an effective attack location parameter, R2 corresponds to an effective attack moment parameter, and R3 corresponds to an effective attack intensity parameter.
Taking the example in step 102 above as an example, the generalized attack parameter combination (L1, T1, P1) may be obtained using the following formula:
L1=Li+δL×R1;
T1=Ti+δT×R2;
P1=Pi+δP×R3;
the value range of i is [1, N ], and L1, T1 and P1 respectively represent the generalized attack position parameter, the generalized attack moment parameter and the generalized attack intensity parameter.
And 104, performing fault injection attack on the encryption chip by utilizing a plurality of groups of generalized attack parameter combinations.
Specifically, fault injection attack is performed by using a plurality of groups of generalized attack parameter combinations obtained by generalization, effective encryption error data generated by an encryption chip under the fault injection attack is obtained, and the obtained effective encryption error data is used for analyzing a secret key used by the password equipment.
Taking the example in step 103 as an example, the effective attack parameter combinations have N groups, and the number of times of generalization performed by each group is K, so that n×k groups of generalization attack parameter combinations are obtained.
The embodiment of the application provides a fault injection attack method, which comprises the steps of determining a plurality of groups of effective attack parameter combinations of an encryption chip, wherein each group of effective attack parameter combinations comprises a plurality of effective attack parameters; respectively determining generalized standard values corresponding to each effective attack parameter; performing multiple generalization processing on multiple groups of effective attack parameter combinations based on the generalization standard values, and determining multiple groups of generalization attack parameter combinations; and performing fault injection attack on the encryption chip by utilizing a plurality of groups of generalized attack parameter combinations. By adopting the fault injection attack method, the device, the electronic equipment and the storage medium, the fault injection attack parameter combination can be optimized, the fault injection attack efficiency is improved, and the problems that the effective attack parameter combination cannot be quickly found and the attack efficiency is lower when the fault injection attack is carried out on the encryption chip are avoided.
The embodiment of the application also provides a fault injection attack device, fig. 2 is a schematic structural diagram of the fault injection attack device provided by the embodiment of the application, and as shown in fig. 2, the device comprises the following modules:
the effective parameter combination determining module 201 determines a plurality of groups of effective attack parameter combinations of the encryption chip, wherein each group of effective attack parameter combinations comprises a plurality of effective attack parameters;
the generalization standard value determining module 202 determines a generalization standard value corresponding to each effective attack parameter respectively;
the generalization processing module 203 performs multiple generalization processing on multiple groups of effective attack parameter combinations based on the generalization standard value to determine multiple groups of generalization attack parameter combinations;
the injection module 204 performs fault injection attack on the encryption chip by utilizing a plurality of groups of generalized attack parameter combinations;
corresponding to the fault injection attack method in fig. 1, the embodiment of the present application further provides a schematic structural diagram of an electronic device 300, as shown in fig. 3, where the electronic device 300 includes a processor 310, a memory 320, and a bus 330. The memory 320 stores machine-readable instructions executable by the processor 310, when the electronic device 300 is running, the processor 310 communicates with the memory 320 through the bus 330, and when the machine-readable instructions are executed by the processor 310, the above fault injection attack method can be executed, the fault injection attack parameter combination can be optimized, the fault injection attack efficiency can be improved, and the problems that the effective attack parameter combination cannot be quickly found and the attack efficiency is low when the fault injection attack is performed on the encryption chip are avoided.
Corresponding to the fault injection attack method in fig. 1, the embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, and the computer program executes the steps of the fault injection attack method when executed by a processor.
Specifically, the storage medium can be a general storage medium, such as a mobile disk, a hard disk and the like, and when a computer program on the storage medium is run, the combination of fault injection attack parameters can be optimized, so that the fault injection attack efficiency is improved, and the problems that the effective attack parameter combination cannot be quickly found and the attack efficiency is lower when the fault injection attack is performed on an encryption chip are avoided.
It will be clear to those skilled in the art that, for convenience and brevity of description, the specific working procedures of the systems, apparatuses and units described above may refer to the corresponding procedures in the above method embodiments, and are not repeated here.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments provided in the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing an electronic device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It should be noted that: like reference numerals and letters in the following figures denote like items, and thus once an item is defined in one figure, no further definition or explanation of it is required in the following figures, and furthermore, the terms "first," "second," "third," etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the foregoing examples are merely specific embodiments of the present application, and are not intended to limit the scope of the present application, but the present application is not limited thereto, and those skilled in the art will appreciate that while the foregoing examples are described in detail, the present application is not limited thereto. Any person skilled in the art may modify or easily conceive of the technical solution described in the foregoing embodiments, or make equivalent substitutions for some of the technical features within the technical scope of the disclosure of the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A fault injection attack method, comprising:
determining a plurality of groups of effective attack parameter combinations of the encryption chip, wherein each group of effective attack parameter combinations comprises a plurality of effective attack parameters, and the plurality of groups of effective attack parameter combinations are attack parameter combinations capable of enabling the encryption chip to generate effective encryption error data;
respectively determining a generalization standard value corresponding to each effective attack parameter, wherein the generalization standard value is determined based on a reference attack parameter and a preset duty ratio, and the reference attack parameter is determined according to an effective attack parameter combination;
performing multiple generalization treatments on each group of effective attack parameter combinations based on the generalization standard values, and determining a plurality of groups of generalization attack parameter combinations;
performing fault injection attack on the encryption chip by utilizing the plurality of groups of generalized attack parameter combinations;
each generalization treatment is carried out on each group of effective attack parameter combinations based on the generalization standard value, and the method comprises the following steps:
determining a group of random numbers corresponding to each generalization process, wherein each group of random numbers comprises a plurality of random numbers, and each random number in the plurality of random numbers corresponds to one effective attack parameter;
for each effective attack parameter in the group of effective attack parameter combinations, determining the product of the generalization standard value corresponding to the effective attack parameter and the corresponding random number, and determining the sum of the effective attack parameter and the product as the generalization attack parameter after the generalization treatment of the effective attack parameter.
2. The method of claim 1, wherein the plurality of valid attack parameters comprises: an effective attack position parameter, an effective attack moment parameter, an effective attack intensity parameter,
the generalized standard value corresponding to each effective attack parameter is respectively determined, and the method comprises the following steps:
determining a reference attack parameter corresponding to the effective attack parameter;
and determining the product of the reference attack parameter and the corresponding preset duty ratio as a generalized standard value corresponding to the effective attack parameter.
3. The method of claim 1, wherein each set of generalized attack parameter combinations is a combination of a plurality of generalized attack parameters required for a fault injection attack on an encryption chip; the plurality of generalized attack parameters includes: a generalization attack position parameter, a generalization attack moment parameter and a generalization attack intensity parameter.
4. The method as recited in claim 1, further comprising:
acquiring effective encryption error data generated by the encryption chip under fault injection attack;
and analyzing the key used by the encryption chip by using the obtained valid encryption error data.
5. A fault injection attack apparatus, comprising:
the system comprises an effective parameter combination determining module, a data processing module and a data processing module, wherein the effective parameter combination determining module is used for determining a plurality of groups of effective attack parameter combinations of the encryption chip, each group of effective attack parameter combinations comprises a plurality of effective attack parameters, and the plurality of groups of effective attack parameter combinations are attack parameter combinations capable of enabling the encryption chip to generate effective encryption error data;
the generalization standard value determining module is used for respectively determining a generalization standard value corresponding to each effective attack parameter, wherein the generalization standard value is determined based on a reference attack parameter and a preset duty ratio, and the reference attack parameter is determined according to the effective attack parameter combination;
the generalization processing module is used for carrying out generalization processing on each group of effective attack parameter combinations for multiple times based on the generalization standard value and determining a plurality of groups of generalization attack parameter combinations;
the injection module is used for performing fault injection attack on the encryption chip by utilizing the plurality of groups of generalized attack parameter combinations;
the process of each generalization processing for each group of effective attack parameter combination by the generalization processing module comprises the following steps:
determining a group of random numbers corresponding to each generalization process, wherein each group of random numbers comprises a plurality of random numbers, and each random number in the plurality of random numbers corresponds to an effective attack parameter;
for each effective attack parameter in the group of effective attack parameter combinations, determining the product of the generalization standard value corresponding to the effective attack parameter and the corresponding random number, and determining the sum of the effective attack parameter and the product as the generalization attack parameter after the generalization treatment of the effective attack parameter.
6. The apparatus of claim 5, wherein the plurality of valid attack parameters comprises: an effective attack position parameter, an effective attack moment parameter, an effective attack intensity parameter,
the generalization standard value determining module determines a reference attack parameter corresponding to each effective attack parameter; and determining the product of the reference attack parameter and the corresponding preset duty ratio as a generalized standard value corresponding to the effective attack parameter.
7. An electronic device comprising a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory in communication over the bus when the electronic device is in operation, the machine-readable instructions being executable by the processor to perform the steps of the fault injection attack method according to any of claims 1-4.
8. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the fault injection attack method according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110029559.7A CN112668060B (en) | 2021-01-11 | 2021-01-11 | Fault injection attack method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110029559.7A CN112668060B (en) | 2021-01-11 | 2021-01-11 | Fault injection attack method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112668060A CN112668060A (en) | 2021-04-16 |
| CN112668060B true CN112668060B (en) | 2024-04-16 |
Family
ID=75414020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110029559.7A Active CN112668060B (en) | 2021-01-11 | 2021-01-11 | Fault injection attack method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112668060B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2706455A1 (en) * | 2012-09-10 | 2014-03-12 | Oberthur Technologies | Method for testing the security of an electronic device against an attack, and electronic device implementing countermeasures |
| CN104391784A (en) * | 2014-08-27 | 2015-03-04 | 北京中电华大电子设计有限责任公司 | Method and device for fault injection attack based on simulation |
| CN105763312A (en) * | 2016-03-02 | 2016-07-13 | 中国人民解放军军械工程学院 | Cryptographic chip optical fault injection system and attack method |
| CN106371989A (en) * | 2016-05-06 | 2017-02-01 | 北京中电华大电子设计有限责任公司 | Efficient and secure attack fault injection method adopting batch processing mode |
| CN111459816A (en) * | 2020-03-31 | 2020-07-28 | 北京百度网讯科技有限公司 | Fault injection test method, device, system and storage medium |
-
2021
- 2021-01-11 CN CN202110029559.7A patent/CN112668060B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2706455A1 (en) * | 2012-09-10 | 2014-03-12 | Oberthur Technologies | Method for testing the security of an electronic device against an attack, and electronic device implementing countermeasures |
| CN104391784A (en) * | 2014-08-27 | 2015-03-04 | 北京中电华大电子设计有限责任公司 | Method and device for fault injection attack based on simulation |
| CN105763312A (en) * | 2016-03-02 | 2016-07-13 | 中国人民解放军军械工程学院 | Cryptographic chip optical fault injection system and attack method |
| CN106371989A (en) * | 2016-05-06 | 2017-02-01 | 北京中电华大电子设计有限责任公司 | Efficient and secure attack fault injection method adopting batch processing mode |
| CN111459816A (en) * | 2020-03-31 | 2020-07-28 | 北京百度网讯科技有限公司 | Fault injection test method, device, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112668060A (en) | 2021-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10826710B2 (en) | Technologies for robust computation of elliptic curve digital signatures | |
| CN105991292B (en) | System and method for operating a secure elliptic curve cryptography system | |
| US10282552B1 (en) | Device blanking | |
| EP2207087B1 (en) | Method for protecting a cryptographic device against SPA, DPA and timing attacks | |
| US20080189549A1 (en) | Secure serial number | |
| CN102063586B (en) | For the method and apparatus that detection failure is attacked | |
| CN109088902B (en) | Register method and device, authentication method and device | |
| Gamaarachchi et al. | Power analysis based side channel attack | |
| CN105095750A (en) | Method and device for analyzing attack on smart card chip | |
| CN106712968A (en) | Secret key acquiring method, digital signature method and devices | |
| CN103164187B (en) | RSA modular exponentiation circuit and RSA security encryption chip | |
| CN112668060B (en) | Fault injection attack method and device, electronic equipment and storage medium | |
| CN104484627B (en) | Design method of randomized anti-fault-attack measures for reconfigurable array architecture | |
| CN109831294A (en) | SPN type block cipher fault-resistant attacking ability appraisal procedure and device | |
| Leng | Smart card applications and security | |
| CN104751042A (en) | Credibility detection method based on password hash and biometric feature recognition | |
| CN104919751B (en) | For the method for running portable data medium and this portable data medium | |
| CN109039590A (en) | Memory, electronic equipment and its encipher-decipher method for preventing side-channel attack | |
| Urien | Innovative countermeasures to defeat cyber attacks against blockchain wallets | |
| CN105763312A (en) | Cryptographic chip optical fault injection system and attack method | |
| CN105656629B (en) | Safe non-adjacent expression type implementation method in chip | |
| Russon | Threat for the secure remote password protocol and a leak in apple’s cryptographic library | |
| CN113449034A (en) | Intelligent contract data security management method, system and storage medium based on block chain network | |
| CN108073411A (en) | A kind of kernel loads method and device of patch | |
| CN112464294A (en) | Fault injection attack method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |