JP2010273263A - Side channel information measuring device, method therefor, and program therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a side channel information measuring device which measures side channel information suitable for evaluating a side channel attack resistance. <P>SOLUTION: The side channel information measuring device for measuring side channel information leakage from an encryption device comprises: a side channel information measuring unit for measuring the side channel information generated in the encryption device as an evaluation target; and a parameter setting unit for measuring a sampling rate in the measurement of the side channel information measuring unit on the basis of the clock frequency of the encryption device. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a side channel information measuring device, a method thereof, and a program thereof, and particularly to a parameter suitable for performing a resistance evaluation against a side channel attack when measuring side channel information leaked from an encryption device. The present invention relates to a side channel information measuring device having a setting function, a method thereof, and a program thereof.

  As information is converted into electronic data, encryption is an indispensable technology for information protection and confidential communication. In order to maintain the security of the cipher, it is necessary to prevent secret information such as a key from being easily guessed. Cryptanalysis methods such as full key search, mathematical cryptanalysis, differential cryptanalysis, and the like are known, but it can be said that analysis in real time is impossible.

  On the other hand, under the assumption that attackers can accurately measure side channel information such as processing time and power consumption in devices with cryptographic functions such as IC (integrated circuit) cards and portable terminals. Side channel attacks that attempt to acquire confidential information from side channel information and countermeasures have become a major research theme.

  The side channel information includes information related to the processing and data being executed in the cryptographic device that is the target of attack. By analyzing the side channel information, the cryptographic algorithm, processing timing, and secret key can be estimated. It is. Specific attack methods for side channel attacks include timing attacks that focus on processing time (see Non-Patent Document 1), power analysis that focuses on power consumption (see Non-Patent Document 2), and electromagnetic wave analysis that focuses on leaked electromagnetic waves ( Non-Patent Document 3) is known.

  In an apparatus in which encryption is implemented, attack resistance (tamper resistance) against side channel attacks is required in practice. For this reason, research on tamper resistance technology that makes it difficult to estimate secret information such as encryption algorithms from side channel information has been promoted.

  Here, tamper resistance refers to the performance of preventing leakage of confidential information and modification of functions against attacks. As a tamper resistant technique against side channel attacks, a tamper resistant technique (see Patent Document 1) for preventing leakage of confidential information from side channel information by arbitrarily adding unnecessary information to side channel information has been proposed. .

  Here, it is necessary to evaluate the effectiveness of the tamper-resistant technique as to whether the resistance to side channel attacks is actually improved by applying the tamper-resistant technique as described above.

JP 2007-116215 A

P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” Crypto’96, pp. 101-113, 1996. P. Kocher, J. Jaffe and B. Jun, “Introduction to Differential Power Analysis and Related Attacks,” 1998. Karine Gandolfi, Christophe Mourtel, and Francis Olivier, “Electromagnetic Analysis: Concrete Results,” In the Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems 2001 (CHES 2001), LNCS 2162 Paris, France, May 2001, pp 251-261. Hideki Imai, “Information Security-For Safe and Secure Society”, IEICE Journal, Vol.90, No.5, pp.334-339

  In evaluating the effectiveness of tamper resistance against side channel attacks, it is required to acquire highly accurate side channel information. For this reason, it is necessary to set the measurement sampling rate as high as possible when measuring data. However, when the sampling rate is set high, the amount of data becomes enormous, which causes a problem of storage for storing data and a problem that the processing time of data becomes long.

  On the other hand, if the sampling rate is set to a low value, the information regarding the processing and data executed in the encryption device, which would otherwise be included in the side channel information, cannot be captured. Cannot be evaluated.

  Therefore, the present invention solves the above-mentioned problem, and in measuring side channel information, the side channel information measuring apparatus, method and program thereof that can measure side channel information at an optimum sampling rate for side channel attack resistance evaluation The purpose is to provide.

  In order to achieve the above object, a side channel information measuring apparatus according to the present invention measures side channel information generated from a cryptographic apparatus to be evaluated in a side channel information measuring apparatus that measures side channel information leaked from the cryptographic apparatus. Side channel information measuring means, and parameter setting means for setting a sampling rate in measurement by the side channel information measuring means based on a clock frequency of the encryption device.

  The side channel information measurement method according to the present invention is a side channel information measurement method for measuring side channel information generated from an evaluation target encryption device in the side channel information measurement method for measuring side channel information leaked from the encryption device. And a parameter setting step of setting a sampling rate in the measurement of the side channel information measurement step based on the clock frequency of the encryption device.

  Further, the side channel information measurement program according to the present invention is a side channel information measurement program for measuring side channel information leaked from an encryption device. The side channel information measurement program for measuring side channel information generated from an evaluation target encryption device in a computer. An information measurement function and a parameter setting function for setting a sampling rate in measurement of the side channel information measurement function based on a clock frequency of the encryption device are realized by a computer.

  According to the present invention, it is possible to measure side channel information at a sampling rate suitable for side channel attack resistance evaluation, and it is possible to improve evaluation accuracy of side channel attack resistance, shorten evaluation time, and reduce the amount of data. .

It is a schematic block diagram of the side channel information measuring apparatus which concerns on the 1st Embodiment of this invention. It is the flowchart which showed operation | movement of the side channel information measuring apparatus which concerns on the 1st Embodiment of this invention. It is the flowchart which showed operation | movement of the side channel information measuring apparatus which concerns on the 2nd Embodiment of this invention. It is the flowchart which showed operation | movement of the side channel information measuring apparatus which concerns on the 3rd Embodiment of this invention. It is a schematic block diagram of the side channel information measuring apparatus which concerns on the 4th Embodiment of this invention. It is the flowchart which showed operation | movement of the side channel information measuring apparatus which concerns on the 4th Embodiment of this invention. It is the flowchart which showed operation | movement of the side channel information measuring apparatus which concerns on the 5th Embodiment of this invention. It is a schematic block diagram of the side channel information measuring apparatus which concerns on the 6th Embodiment of this invention. It is a schematic block diagram in case it has a clock frequency estimation part of the side channel information measuring apparatus which concerns on the 6th Embodiment of this invention. It is a schematic block diagram of the side channel information measuring apparatus which concerns on the 7th Embodiment of this invention. It is the flowchart which showed operation | movement of the side channel information measuring apparatus which concerns on the 7th Embodiment of this invention. It is the flowchart which showed operation | movement of the side channel information measuring apparatus which concerns on the 8th Embodiment of this invention. In the Example of this invention, it is a graph which shows the power spectrum of the power consumption waveform which is side channel information when a sampling rate is measured at 1 GHz. In the Example of this invention, it is a graph which shows the analysis success rate of AES by the differential power analysis using the power consumption waveform when a sampling rate is measured at 500 MHz. In the Example of this invention, it is a graph which shows the analysis success rate (25 MHz-500 MHz) with respect to each sampling rate. In the Example of this invention, it is a graph which shows the analysis success rate (625 MHz-5 GHz) with respect to each sampling rate.

  Next, a side channel information measuring device, a method thereof, and a mode for implementing the program according to the present invention will be described in detail with reference to the drawings.

[First Embodiment]
FIG. 1 is a diagram showing a schematic configuration of a side channel information measuring apparatus according to the first embodiment of the present invention.

  Referring to FIG. 1, in the present embodiment, a side channel information measuring unit (side channel information measuring unit) 2 that measures side channel information of an encryption device 1 to be evaluated, and a side channel information measuring unit 2 at the time of measurement. A side channel information measuring apparatus including a parameter setting unit (parameter setting means) 3 for setting a sampling rate and side channel attack resistance of the encryption apparatus 1 using side channel information obtained from the side channel information measuring apparatus. And a side channel attack resistance evaluation device 4 that evaluates whether or not it is possible.

  The encryption device 1 is a device that performs encryption / decryption processing such as encryption on plaintext and decryption on ciphertext. As the encryption device 1, various information processing devices that perform encryption / decryption processing can be employed. For example, there are a personal computer (PC), a portable terminal, a contact type and non-contact type IC card, a reader / writer, and the like.

  The side channel information measuring unit 2 measures side channel information leaked when the encryption device 1 performs encryption / decryption processing. As the side channel information, various types of information affected by internal processing in the encryption apparatus can be adopted. For example, there are power, electromagnetic waves, sound, temperature and the like. If electromagnetic waves are used as side channel information, the side channel information measuring device 2 can employ an oscilloscope, a spectrum analyzer, or the like. In measurement, it is necessary to set various parameters such as sampling rate, vertical and horizontal scales and offsets, record length, and type of measurement trigger.

  The parameter setting unit 3 sets parameters when the side channel information measurement unit 2 measures the side channel information. Although there are several parameters to be set at the time of measurement, the parameter setting unit 3 of the present embodiment sets the sampling rate. The sampling rate is set based on the clock frequency of the encryption device 1. The clock frequency is obtained by a method input by the user of the apparatus, a method of quoting from information registered in the database, a method of estimating from the side channel information once measured by the side channel measuring unit 2, and the like.

  If the sampling rate is required to be higher than the clock frequency and only changes due to the clock are captured, the sampling rate may be twice the clock frequency. However, in order to evaluate the resistance against side channel attacks, it is related to various factors, such as operations in the CPU (Central Processing Unit) that occur during cryptographic processing included in the side channel information and data writing to registers. It is necessary to measure the changing portions, and it is difficult to capture them at twice the clock frequency. Therefore, it is necessary to set the sampling rate higher than twice the clock frequency.

  On the other hand, as the sampling rate increases, the amount of data also increases. In addition, as the amount of data increases, the cost of calculation time increases. In evaluating resistance to side channel attacks, evaluation may be performed by measuring a large amount of side channel information and analyzing the measured large amount of information. Therefore, when the amount of data per information increases, the data capacity required for analysis becomes extremely large. Therefore, the parameter setting unit 3 sets a sampling rate that can accurately evaluate the resistance to side channel attacks and can suppress the data amount.

  How much the sampling rate is set depends on the evaluation method in the side channel attack resistance evaluation apparatus 4 and the surrounding environment, but for example, 5 times, 10 times, 20 times, 25 times, 30 times the clock frequency. It can be considered to be around double, 50 times, 100 times, and 200 times. In particular, when the sampling rate is 10 to 25 times the clock frequency, the effect is high in tolerance evaluation and data amount suppression.

  In addition, the parameter setting part 3 can also consider the structure which can set parameters other than a sampling rate.

  The side channel attack resistance evaluation device 4 performs the resistance evaluation against the side channel attack of the encryption device 1 using the side channel information input from the side channel information measurement device. Evaluation methods include a side channel attack on side channel information and a method of using the determination result of whether the attack is successful or a method of using correlation, distance, and similarity with the reference waveform. It is done.

  In the tolerance evaluation, when a plurality of side channel information is required, it is possible to acquire a plurality of side channel information by performing the measurement process in the side channel information measuring unit 2 a plurality of times. is there. In addition, when the parameter setting unit 3 has a function of adjusting the sampling rate according to the content of resistance evaluation of side channel attacks (presence / absence of resistance, correlation value, distance, similarity, etc.), the content of the evaluation is parameter setting unit 3 Have means to propagate.

  In the side channel information measuring apparatus configured as described above, first, the clock frequency of the encryption apparatus 1 is input to the parameter setting unit 3. Next, the parameter setting unit 3 sets the sampling rate in the measurement used by the side channel information measurement unit 2 based on the input clock frequency. Next, encryption processing is executed by the encryption device 1 to be evaluated, and side channel information leaked from the encryption device 1 by the side channel information measurement unit 2 is determined based on the sampling rate set by the parameter setting unit 3. taking measurement. Finally, the side channel attack resistance evaluation device 4 performs the evaluation of resistance against the side channel attack of the encryption device 1 using the measured side channel information.

  Next, an operation example in the first embodiment will be described.

  FIG. 2 is a flowchart showing the operation of the side channel information measuring apparatus according to this embodiment.

  First, when the process is started (step A1), the clock frequency of the encryption device 1 is input to the parameter setting unit 3 (step A2). Next, according to the input clock frequency, the parameter setting unit 3 determines the measurement sampling rate (step A3). Then, the side channel information measuring unit 2 measures the side channel information leaked from the encryption device 1 at the determined sampling rate (step A4). Finally, using the measured side channel information, the side channel attack resistance evaluation device 4 performs resistance evaluation of the encryption device 1 (step A5), and ends the processing (step A6).

  By implementing the first embodiment described above, it is possible to measure side channel information at an appropriate sampling rate with respect to the cryptographic device to be evaluated, and to suppress the amount of data and processing time, and to withstand accurate side channel attacks. Can be evaluated.

[Second Embodiment]
Subsequently, a second embodiment of the present invention will be described. Constituent elements and operation steps similar to those in the above embodiment are denoted by the same reference numerals, and description thereof is simplified or omitted.

  In the present embodiment, the clock frequency of the encryption device 1 to be evaluated or the estimated clock frequency is input to the parameter setting unit 3. Then, the sampling rate used for measurement is set to a constant multiple of the input clock frequency.

  FIG. 3 is a flowchart showing the operation of the side channel information measuring apparatus in the present embodiment. The difference from the first embodiment is that the parameter setting unit 3 sets the sampling rate to a constant multiple of the input clock frequency (step A3 → A3a).

  For the constant, a numerical value that is twice or more is set in advance. Examples of constant candidates include numerical values such as 2 times, 5 times, 10 times, 20 times, 25 times, 50 times, 100 times, and 200 times. The parameter setting unit 3 can change the sampling rate according to the result of the side channel attack resistance evaluation and the state of the side channel information.

  By implementing the second embodiment described above and setting the sampling rate to a constant multiple of the clock frequency, the side channel information can be measured at the sampling rate corresponding to the clock frequency for the encryption device to be evaluated, and the amount of data and processing It is possible to evaluate resistance to an accurate side channel attack while suppressing time.

[Third Embodiment]
Subsequently, a third embodiment of the present invention will be described. Constituent elements and operation steps similar to those in the above embodiment are denoted by the same reference numerals, and description thereof is simplified or omitted.

  In the present embodiment, the clock frequency of the encryption device 1 to be evaluated or the estimated clock frequency is input to the parameter setting unit 3. Then, the sampling rate used for measurement is set within a range of 10 to 25 times the input clock frequency.

  FIG. 4 is a flowchart showing the operation of the side channel information measuring apparatus according to this embodiment. The difference from the second embodiment is that the parameter setting unit 3 sets the sampling rate to 10 to 25 times the input clock frequency (step A3a → A3b).

  By implementing the third embodiment described above and setting the sampling rate to 10 to 25 times the clock frequency, the side channel information can be measured at an appropriate sampling rate for the encryption device to be evaluated, and the data amount and processing time can be measured. It is possible to evaluate the resistance to an accurate side channel attack while suppressing the above.

[Fourth Embodiment]
Subsequently, a fourth embodiment of the present invention will be described. Constituent elements and operation steps similar to those in the above embodiment are denoted by the same reference numerals, and description thereof is simplified or omitted.

  In this embodiment, the clock frequency of the encryption device 1 is estimated by the clock frequency estimation unit (clock frequency estimation means) 5. For this estimation, side channel information once measured by the side channel information measuring unit 2 is used. Then, the estimated clock frequency is input to the parameter setting unit 3, and the parameter setting unit 3 sets a sampling rate in accordance with the clock frequency. Then, the side channel information measuring unit 2 measures the side channel information leaked from the encryption device 1 at the set sampling rate.

  FIG. 5 is a configuration example of the side channel information measuring apparatus in the present embodiment. The difference from the configuration example of the first embodiment is that the clock frequency of the encryption device 1 is obtained by estimating the clock frequency by the clock frequency estimating unit 5 using the side channel information measured by the side channel information measuring unit 2. .

  FIG. 6 is a flowchart showing the operation of the side channel information measuring apparatus in the present embodiment. The difference from the operation example of the first embodiment is that instead of inputting the sampling rate (step A2), the parameter setting unit 3 first sets the initial sampling rate (step A7), and then sets the side channel information. The measurement unit 2 measures side channel information leaked from the encryption device 1 (step A4), and the clock frequency estimation unit 5 estimates the clock frequency of the encryption device 1 based on the measured side channel information (step A8). The parameter setting unit 3 determines the sampling rate based on the estimated clock frequency (step A3).

  As means for estimating the clock frequency of the cryptographic apparatus 1 that is the basis of the sampling rate, a method of estimating from the frequency information such as the power spectrum and frequency spectrum of the side channel information, and reference side channel information are prepared in advance. A method of estimating the clock frequency of the encryption device 1 by obtaining the distance and correlation between the reference information and the side channel information can be considered.

  By implementing the fifth embodiment described above, it is possible to evaluate side channel attack resistance even in an encryption device whose clock frequency is unknown. In addition, when evaluating a plurality of cryptographic devices, it is possible to automatically set the sampling rate without setting the sampling rate according to each cryptographic device.

[Fifth Embodiment]
Subsequently, a fifth embodiment of the present invention will be described. Constituent elements and operation steps similar to those in the above embodiment are denoted by the same reference numerals, and description thereof is simplified or omitted.

  In the present embodiment, the clock frequency estimation unit 5 shown in FIG. 5 estimates the clock frequency of the encryption device 1 to be evaluated from the frequency information such as the power spectrum and the frequency spectrum of the measured side channel information. Set the sampling rate from the clock frequency.

  FIG. 7 is a flowchart showing the operation of the side channel information measuring apparatus according to this embodiment. The difference from the operation example of the fourth embodiment is that the means for estimating the clock frequency of the encryption device 1 is based on the frequency information of the side channel information (step A8 → A8a).

  As a means for estimating the clock frequency of the cryptographic device 1 that is the basis of the sampling rate, a method is considered in which a peak is detected in the power spectrum or frequency spectrum obtained from the side channel information and the frequency at which the peak appears is used as the clock frequency. It is done. Further, as another method, when a peak repeatedly appears, a method in which the peak is the clock frequency and its harmonics and the peak interval is the clock frequency is also conceivable.

  By implementing the fifth embodiment described above, it is possible to evaluate side channel attack resistance even in an encryption device whose clock frequency is unknown. Also, when evaluating multiple cryptographic devices, the sampling rate is automatically input without setting the sampling rate for each cryptographic device, so side channel information measurement and side channel attack resistance evaluation Can be implemented.

[Sixth Embodiment]
Subsequently, a sixth embodiment of the present invention will be described. Constituent elements and operation steps similar to those in the above embodiment are denoted by the same reference numerals, and description thereof is simplified or omitted.

  In the present embodiment, the side channel information leaking from the encryption device 1 by the side channel information measuring unit 2 is measured based on the sampling rate set by the parameter setting unit 3, and the side channel attack resistance evaluating unit (side channel attack resistance evaluating unit). (Evaluation means) 6 performs evaluation of resistance against the side channel attack of the cryptographic device 1 by using the measured side channel information.

  FIG. 8 is a configuration example of the side channel information measuring apparatus in the present embodiment. The difference from the first embodiment is that the side channel attack resistance evaluation unit 6 in the apparatus has the function of the side channel attack resistance evaluation apparatus 4 shown in FIG.

  The flowchart showing the operation of the side channel information measuring apparatus in the present embodiment is the same as in FIG. 2, and the side channel attack resistance evaluation (step A5) by the side channel attack resistance evaluation apparatus 4 is evaluated as the side channel attack resistance evaluation inside the apparatus. The only difference is that it is implemented in part 6.

  By performing the above-described sixth embodiment, it is possible to collectively perform the measurement from the side channel information to the attack resistance evaluation with a single device. In addition, measurement linked to the evaluation can be performed by changing the measurement parameter using the evaluation result and performing side channel information measurement and resistance evaluation again.

  In addition, about the structure which has the function of the side channel attack tolerance evaluation apparatus 4 in the side channel attack tolerance evaluation part 6 inside an apparatus, the structure which has the clock frequency estimation part 5 described in 4th Embodiment is applicable. FIG. 9 shows a configuration example when the clock frequency estimation unit 5 is provided.

[Seventh Embodiment]
Subsequently, a seventh embodiment of the present invention will be described. Constituent elements and operation steps similar to those in the above embodiment are denoted by the same reference numerals, and description thereof is simplified or omitted.

  In this embodiment, the evaluation result in the side channel attack tolerance evaluation unit 4 is input to the parameter setting unit 3, and the parameter setting unit 3 changes the sampling rate according to the evaluation result.

  FIG. 10 is a configuration example of the side channel information measuring apparatus in the present embodiment. The difference from the first embodiment is that the result of side channel attack resistance evaluation by the side channel attack resistance evaluation device 4 is passed to the parameter setting unit 3.

  FIG. 11 is a flowchart showing the operation of the side channel information measuring apparatus in the present embodiment. The difference from the operation example of the first embodiment is that the tamper resistance is evaluated by the side channel attack resistance evaluation device 4 (step A5), and then the evaluation result is checked by the parameter setting unit 3 (step A9). If the evaluation result is tamper resistant (step A9: OK), the process returns to the setting of the sampling rate by the parameter setting unit 3 (step A3) to measure the side channel information (step A4) and the resistance to side channel attack. It is a point which repeats evaluation (step A5). On the other hand, when the evaluation result indicates that there is no tamper resistance (step A9: NG), the process is terminated (step A6).

  The parameter setting unit 3 obtains the sampling rate from the clock frequency. However, depending on the surrounding environment (noise, measurement error, etc.) and the tolerance evaluation method, the sampling rate is insufficient and the secret information of the cryptographic device cannot be analyzed. There is a possibility that it is erroneously determined as being resistant. In addition, since the sampling rate is too high, the part to be measured is out of the measurement range, and as a result, it may be erroneously determined as having resistance. Therefore, even if it is determined that there is tolerance, it is possible to perform a correct tolerance evaluation by resetting the sampling rate and performing measurement and analysis again.

  If the sampling rate is set low and it is determined that the sampling rate is robust, the parameter setting unit 3 performs the measurement and evaluation by increasing the sampling rate by one level, or by increasing the sampling rate by two or more levels according to the evaluation result. If it is determined that the upper limit of the sampling rate or the rate set in advance is resistant, it can be determined that the cryptographic device to be evaluated is resistant to the side channel attack.

  By implementing the seventh embodiment described above, it is possible to adaptively change the sampling rate, and as a result, it is possible to perform measurement according to the cryptographic device and the surrounding environment. And it becomes possible to carry out a more accurate side channel attack resistance evaluation.

[Eighth Embodiment]
Subsequently, an eighth embodiment of the present invention will be described. Constituent elements and operation steps similar to those in the above embodiment are denoted by the same reference numerals, and description thereof is simplified or omitted.

  In the present embodiment, after measuring the side channel information at the estimated sampling rate, the state of the measured side channel information is checked to determine whether the estimated sampling rate is correct.

  FIG. 12 is a flowchart showing the operation of the side channel information measuring apparatus according to this embodiment. The difference from the fourth embodiment is that the parameter setting unit 3 sets the sampling rate (step A3), the side channel information measurement unit 2 measures the side channel information (step A4), and then the parameter setting unit 3 3, the measured side channel information is checked (step A10).

  In this case, after measuring at the initial sampling rate by the side channel information measurement unit 2 (steps A7 to A4), the clock frequency estimation unit 5 estimates the clock frequency of the encryption device 1 (step A8), and parameters The setting unit 3 sets the sampling rate (step A3). At this time, if the initial sampling rate is lower than twice the clock frequency, the clock frequency cannot be estimated correctly. This is because aliasing occurs when the clock frequency is twice or less.

  Therefore, after measuring the side channel information based on the estimated clock frequency by the side channel information measurement unit 2 (step A4), the parameter setting unit 3 checks the state of the side channel information again (step A10). Check if the estimated clock frequency was correct.

  The side channel information state is checked by measuring the side channel information based on the estimated clock frequency by the side channel information measuring unit 2 and then estimating the clock frequency from the side channel information again by the clock frequency estimating unit 5. (Step A8), and it can be determined whether or not the reestimated clock frequency matches the clock frequency estimated before that.

  If they do not match (step A10: NG), it is determined that the previously estimated clock frequency is not correct, the process returns to step A4, and the clock frequency estimation unit 5 re-estimates the clock frequency (step A8). The sampling rate is reset by the parameter setting unit 3 (step A3), the side channel information is measured again by the side channel information measurement unit 2 at the reestimated clock frequency (step A8), and the side setting is again performed by the parameter setting unit 3. The state of channel information is checked (step A10).

  As a result, if they match (step A10: OK), the side channel attack resistance evaluation device 4 evaluates the side channel attack resistance using the measured side channel information, assuming that the previously estimated clock frequency was correct. (Step A5).

  By implementing the above-described eighth embodiment, it is possible to suppress a decrease in accuracy of side channel attack resistance evaluation due to erroneous estimation of the clock frequency.

  Next, specific examples of the present invention will be described.

  In this example, the above-described fifth embodiment is applied, AES (Advanced Encryption Standard) is mounted on an evaluation board (encryption device 1) capable of performing encryption, and an oscilloscope (side channel information measurement unit 2) is used. Then, the power consumption (side channel information) leaked from the evaluation board during encryption processing is measured, and the clock frequency of the evaluation board is estimated from the power consumption measured by the clock frequency estimation unit 5. Then, the sampling rate is set based on the clock frequency estimated by the parameter setting unit 3, and the side channel attack resistance evaluation device 4 evaluates the side channel attack resistance using the power consumption measured by the oscilloscope at the set sampling rate. To do.

  In this embodiment, the sampling rate is set to 20 times the clock frequency of the evaluation board, and the initial sampling rate is 1 GHz. Also, the power consumption waveform of the evaluation board is measured. In estimating the clock frequency of the evaluation board, the power spectrum of the power consumption waveform is obtained, and the interval at which the peak generated in the power spectrum appears is set as the clock frequency.

  The evaluation method in the side channel attack resistance evaluation apparatus 4 uses differential power analysis (see Non-Patent Document 2). This analysis is performed, and the presence / absence of resistance to side channel attacks is determined based on how many bytes are correct among the 16-byte keys.

  First, 1 GHz is set as the initial sampling rate of the oscilloscope (FIG. 7: step A7), and the power consumption waveform of the evaluation board is measured with the oscilloscope (FIG. 7: step A4). Next, the clock frequency estimation unit 5 obtains the power spectrum of the measured power consumption waveform, and estimates the clock frequency from the peak interval of the power spectrum (FIG. 7: step A8a).

  FIG. 13 shows the power spectrum of the power consumption waveform. Here, the horizontal axis represents frequency (unit: MHz), and the vertical axis represents power (unit: V 2 · s / Hz). It can be seen from FIG. 13 that power spectrum peaks occur every 24 MHz. Therefore, the clock frequency estimation unit 5 estimates the clock frequency of the evaluation board as 24 MHz because the peak interval is 24 MHz as a result of detecting the peak of the power spectrum.

  Next, the parameter setting unit 3 sets 480 MHz, which is 20 times the estimated clock frequency, as the sampling rate (FIG. 7: Step A3). However, since there is an oscilloscope limitation, 500 MHz close to 480 MHz is set as the sampling rate.

  Next, the power consumption waveform of the evaluation board is measured with an oscilloscope whose sampling rate is set to 500 MHz (FIG. 7: step A4). Here, in order to perform the differential power analysis, 10000 waveforms are measured at the same sampling rate.

  Then, differential power analysis is performed using the measured 10,000 power consumption waveforms to determine whether the evaluation board has resistance to side channel attacks.

  FIG. 14 shows the analysis success rate of the differential power analysis when the embodiment of the present invention is used. Here, the horizontal axis represents the number of waveforms, and the vertical axis represents the analysis success rate. It can be determined that the higher the analysis success rate, the lower the resistance of the evaluation board to side channel attacks. In FIG. 14, the analysis success rate increases as the number of waveforms increases, and when the number of waveforms is 8000 to 10,000, the analysis success rate reaches 88%, and the analysis of most of the keys is successful. . That is, the evaluation board can be regarded as having low side channel attack resistance.

  Here, the sampling rate is 50 MHz (about 2 times), 125 MHz (about 5 times), 250 MHz (about 10 times), 500 MHz (about 20 times), 625 MHz (about 25 times), 1 GHz (about 40 times), 2. The difference in the analysis success rate when 5 GHz (about 100 times) and 5 GHz (about 200 times) is described. Here, () indicates how many times the sampling rate is with respect to the clock frequency.

  FIG. 15 and FIG. 16 show the analysis success rates for the above sampling rates. The horizontal and vertical axes in the figure are the same as those in FIG.

  From FIG. 15, when the sampling rate is 50 MHz or 125 MHz, the analysis success rate is almost 0%. In this case, it is erroneously determined that there is side channel attack resistance. On the other hand, when the sampling rate is 250 MHz or higher, as shown in FIGS. 15 and 16, there is a difference in the method of increasing the analysis success rate, but in either case, the analysis success rate is 80% or more with 10,000 waveforms. It can be determined that there is no side channel attack resistance. Thus, even if the sampling rate is set extremely high such as 100 times or 200 times as high as the clock frequency, it can be seen that the accuracy of the tolerance evaluation does not change much compared to the case where the sampling rate is set low such as 10 to 25 times. .

  Therefore, if the clock frequency is known or can be estimated, by setting the sampling rate according to it, it is possible to evaluate the tolerance with sufficient accuracy while suppressing the cost of data volume and calculation time. The side channel information that can be implemented can be measured.

  For example, if the size of one data is 10 Mbytes when the sampling rate is measured at 5 GHz, the amount of data necessary for the analysis is 100 Mbytes with 10 M * 10000 waveforms. On the other hand, when the present embodiment is applied and the sampling rate is measured at 500 MHz, the size of one data can be reduced to 1/10 of 1 Mbyte, and the amount of data necessary for analysis can be reduced to 10 Gbyte. . In addition, since the amount of data is small, the calculation time can be shortened.

  In addition, each part (each means) of the side channel information measuring apparatus which is each said embodiment of this invention is realizable with a hardware, software, and those combination.

  For example, the side channel information measuring device according to each of the above embodiments of the present invention can be realized by hardware, but a program for causing a computer to function as the device is read from a computer-readable recording medium. It can also be realized by executing the above.

  In addition, the side channel information measurement method according to each of the above embodiments of the present invention can be realized by hardware, but a program for causing a computer to execute the method is read from a computer-readable recording medium. It can also be realized by executing the above.

  While the present invention has been described with reference to the embodiments, the present invention is not limited to the above embodiments. Various changes that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.

  As described above, the present invention provides side channel information having a function of setting parameters for measuring side channel information leaked from a cryptographic device to those suitable for performing resistance evaluation against side channel attacks. It can be used for a measuring device, a method thereof, a program thereof, and the like.

DESCRIPTION OF SYMBOLS 1 Encryption apparatus 2 Side channel information measurement part 3 Parameter setting part 4 Side channel attack tolerance evaluation apparatus 5 Clock frequency estimation part 6 Side channel attack tolerance evaluation part

Claims (24)

Side channel information measuring means for measuring side channel information generated from the cryptographic device to be evaluated;
A side channel information measuring apparatus comprising: parameter setting means for setting a sampling rate in measurement by the side channel information measuring means based on a clock frequency of the encryption apparatus. In the side channel information measuring device according to claim 1,
The side channel information measuring apparatus, wherein the parameter setting means sets the sampling rate to a constant multiple of the clock frequency. In the side channel information measuring device according to claim 1 or 2,
The side channel information measuring apparatus, wherein the parameter setting means sets the sampling rate to 10 to 25 times the clock frequency. In the side channel information measuring device according to any one of claims 1 to 3,
Based on side channel information obtained by the measurement of the side channel information measuring means, further comprising a clock frequency estimating means for estimating the clock frequency of the encryption device;
The side channel information measuring apparatus, wherein the parameter setting means sets a sampling rate in the measurement of the side channel information measuring means based on the estimated clock frequency. In the side channel information measuring device according to claim 4,
The side channel information measuring device, wherein the clock frequency estimating means estimates a clock frequency of the encryption device based on a frequency spectrum or a power spectrum of the side channel information. In the side channel information measuring device according to any one of claims 1 to 5,
The apparatus further comprises side channel attack resistance evaluation means for determining whether or not the evaluation target cryptographic device is resistant to a side channel attack using the side channel information obtained by the measurement of the side channel information measurement means. Side channel information measuring device. In the side channel information measuring device according to claim 6,
The side channel information measuring apparatus, wherein the parameter setting unit varies the sampling rate according to an evaluation result in the side channel attack resistance evaluation unit. In the side channel information measuring device according to any one of claims 4 to 7,
The side channel information measuring apparatus, wherein the parameter setting unit checks the state of the side channel information obtained by the side channel information measuring unit, and resets the sampling rate according to the check result. A side channel information measurement step for measuring side channel information generated from the cryptographic device to be evaluated;
And a parameter setting step for setting a sampling rate in the measurement by the side channel information measuring means based on a clock frequency of the encryption device. The side channel information measurement method according to claim 9, wherein
The method for measuring side channel information, wherein the parameter setting step sets the sampling rate to a constant multiple of the clock frequency. The side channel information measuring method according to claim 9 or 10,
The method for measuring side channel information, wherein the parameter setting step sets the sampling rate to 10 to 25 times the clock frequency. In the side channel information measuring method according to any one of claims 9 to 11,
A clock frequency estimating step of estimating a clock frequency of the encryption device based on side channel information obtained by the measurement of the side channel information measuring step;
The parameter setting step sets a sampling rate in the measurement of the side channel information measurement step based on the estimated clock frequency. The side channel information measuring method according to claim 12,
The side channel information measuring method, wherein the clock frequency estimating step estimates a clock frequency of the encryption device based on a frequency spectrum or a power spectrum of the side channel information. In the side channel information measuring method according to any one of claims 9 to 13,
Using the side channel information obtained in the measurement of the side channel information measurement step, further comprising a side channel attack resistance evaluation step for determining whether the evaluation target encryption device is resistant to a side channel attack. To measure side channel information. The side channel information measuring method according to claim 14,
The method for measuring side channel information, wherein the parameter setting step varies the sampling rate in accordance with an evaluation result in the side channel attack resistance evaluation step. The side channel information measurement method according to any one of claims 12 to 15,
The parameter setting step checks the state of the side channel information obtained by the side channel information measurement step, and resets the sampling rate according to the check result. A side channel information measurement function for measuring side channel information generated from the cryptographic device to be evaluated;
A side channel information measuring program for causing a computer to realize a parameter setting function for setting a sampling rate in measurement of the side channel information measuring function based on a clock frequency of the encryption device. In the side channel information measurement program according to claim 17,
The side channel information measurement program, wherein the parameter setting function sets the sampling rate to a constant multiple of the clock frequency. The side channel information measurement program according to claim 17 or 18,
The side channel information measurement program, wherein the parameter setting function sets the sampling rate to 10 to 25 times the clock frequency. The side channel information measurement program according to any one of claims 17 to 19,
Based on the side channel information obtained by the measurement of the side channel information measurement function, further causing the computer to realize a clock frequency estimation function for estimating the clock frequency of the encryption device,
The side channel information measurement program, wherein the parameter setting function sets a sampling rate in the measurement of the side channel information measurement function based on the estimated clock frequency. The side channel information measurement program according to claim 20,
The side channel information measurement program, wherein the clock frequency estimation function estimates a clock frequency of the encryption device based on a frequency spectrum or a power spectrum of the side channel information. The side channel information measurement program according to any one of claims 17 to 21,
Using the side channel information obtained by the measurement of the side channel information measurement function, further causing the computer to realize a side channel attack resistance evaluation function for determining whether the evaluation target encryption device is resistant to a side channel attack. Side channel information measurement program characterized by In the side channel information measurement program according to claim 22,
The side channel information measurement program, wherein the parameter setting function varies the sampling rate according to an evaluation result in the side channel attack resistance evaluation function. In the side channel information measurement program according to any one of claims 20 to 23,
The side-channel information measurement program, wherein the parameter setting function checks a state of side-channel information obtained by the side-channel information measurement function and resets the sampling rate according to the check result.

Images