电子与信息学报
電子與信息學報
전자여신식학보
JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY
2014年
1期
101-107
,共7页
王晨旭%李景虎%喻明艳%王进祥
王晨旭%李景虎%喻明豔%王進祥
왕신욱%리경호%유명염%왕진상
密码学%数据安全%Piccolo%相关性功耗分析%攻击模型%防护措施%侧信道攻击标准评估板
密碼學%數據安全%Piccolo%相關性功耗分析%攻擊模型%防護措施%側信道攻擊標準評估闆
밀마학%수거안전%Piccolo%상관성공모분석%공격모형%방호조시%측신도공격표준평고판
Cryptography%Data security%Piccolo%Correlation Power Analysis (CPA)%Attack model%Countermeasure%Side-channel Attack Standard Evaluation BOard (SASEBO)
为了评估Piccolo密码算法的功耗分析安全性,该文提出一种针对Piccolo末轮的攻击模型,基于SASEBO (Side-channel Attack Standard Evaluation BOard)实测功耗数据对该算法进行了相关性功耗分析攻击。针对Piccolo末轮运算中包含白化密钥的特点,将末轮攻击密钥(包括轮密钥RK 24L , RK 24R , WK 2, WK 3)分成4段子密钥,逐个完成各个子密钥的攻击,使80位种子密钥的搜索空间从280降低到(2×220+2×212+216),使种子密钥的恢复成为可能。攻击结果表明,在实测功耗数据情况下,3000条功耗曲线即可恢复80位种子密钥,证实了该攻击模型的有效性和Piccolo硬件面向功耗分析的脆弱性,研究并采取切实有效的防护措施势在必行。
為瞭評估Piccolo密碼算法的功耗分析安全性,該文提齣一種針對Piccolo末輪的攻擊模型,基于SASEBO (Side-channel Attack Standard Evaluation BOard)實測功耗數據對該算法進行瞭相關性功耗分析攻擊。針對Piccolo末輪運算中包含白化密鑰的特點,將末輪攻擊密鑰(包括輪密鑰RK 24L , RK 24R , WK 2, WK 3)分成4段子密鑰,逐箇完成各箇子密鑰的攻擊,使80位種子密鑰的搜索空間從280降低到(2×220+2×212+216),使種子密鑰的恢複成為可能。攻擊結果錶明,在實測功耗數據情況下,3000條功耗麯線即可恢複80位種子密鑰,證實瞭該攻擊模型的有效性和Piccolo硬件麵嚮功耗分析的脆弱性,研究併採取切實有效的防護措施勢在必行。
위료평고Piccolo밀마산법적공모분석안전성,해문제출일충침대Piccolo말륜적공격모형,기우SASEBO (Side-channel Attack Standard Evaluation BOard)실측공모수거대해산법진행료상관성공모분석공격。침대Piccolo말륜운산중포함백화밀약적특점,장말륜공격밀약(포괄륜밀약RK 24L , RK 24R , WK 2, WK 3)분성4단자밀약,축개완성각개자밀약적공격,사80위충자밀약적수색공간종280강저도(2×220+2×212+216),사충자밀약적회복성위가능。공격결과표명,재실측공모수거정황하,3000조공모곡선즉가회복80위충자밀약,증실료해공격모형적유효성화Piccolo경건면향공모분석적취약성,연구병채취절실유효적방호조시세재필행。
To evaluate Piccolo’s security against Power Analysis Attack (PAA), a cipher text attack model is proposed and Correlation Power Analysis (CPA) is conducted on this cipher implementation with measured power traces based on Side-channel Attack Standard Evaluation BOard (SASEBO). Due to the whiten keys for the final round of Piccolo, attacked keys including RK24L, RK24R, WK2 and WK3 are divided into four sub-keys, which are disclosed one by one. This approach can reduce the 80-bit primary key search space from 280 to (2×220+2×212+216) and make it possible to recover the primary key. The attack results show that 3000 measured power traces are enough to recover Piccolo’s 80-bit primary key, which proves the attack model’s feasibility and Piccolo’s vulnerability to CPA against its hardware implementation. So, some countermeasures should be used for Piccolo’s hardware implementation.
