信息网络安全 ›› 2017, Vol. 17 ›› Issue (5): 57-62.doi: 10.3969/j.issn.1671-1122.2017.05.009

• • 上一篇    下一篇

侧信道攻击通用框架设计及应用

王庆1, 屠晨阳2, shenjiahui@iie.ac.cn2   

  1. 1.中国信息安全测评中心,北京 100085
    2. 中国科学院信息工程研究所,北京 100093
  • 收稿日期:2017-04-20 出版日期:2017-05-20 发布日期:2020-05-12
  • 作者简介:

    作者简介: 王庆(1980—),男,北京,助理研究员,硕士,主要研究方向为信息安全风险评估; 屠晨阳(1988—),男,北京,助理研究员,博士,主要研究方向为信息安全;沈嘉荟(1989—),女,辽宁,助理工程师,硕士,主要研究方向为网络与系统安全。

  • 基金资助:
    国家自然科学基金[U163620068];中科院战略合作专项[AQ-1708 AQ-1703]

Design and Application of General Framework for Side Channel Attack

Qing WANG1, Chenyang TU2, shenjiahui@iie.ac.cn2   

  1. 1. China Information Technology Security Evaluation Center, Beijing 100085, China
    2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
  • Received:2017-04-20 Online:2017-05-20 Published:2020-05-12

摘要:

目前,密码算法、模块、设备在设计生产时都增加了评估侧信道风险这一过程。侧信道攻击的对象主要分为无保护的密码算法/模块和有保护的密码算法/模块两大类,如果针对每种攻击对象单独设计攻击方案是费时费力的,所以,基于实际侧信道攻击基础理论,结合经典侧信道分析思路,文章提出一种通用型分析框架涵盖所有攻击流程。文章将实际侧信道攻击分为3个递进的步骤,分别是侧信道逻辑漏洞评估、侧信道信息采集以及侧信道分析优化,详细阐述各步骤的实现方法,并利用该框架对改进的低熵掩码与指令乱序的双重方案对被保护的软件进行攻击测试。实验结果表明该框架具备合理性和有效性,能应对绝大多数侧信道攻击。

关键词: 密码算法, 密码设备, 侧信道风险评估, 侧信道攻击, 通用型分析框架

Abstract:

At present, many cryptographic algorithms and cryptographic devices add the process of evaluating the risk of side channel when being designed. Side channel attack object is divided into two categories: unprotected cipher algorithm / module and protected cipher algorithm / module. If the attacks are designed separately for each attack object, it is time-consuming and laborious. Therefore, this paper proposes a new generalized analysis framework which can be applied to the vast majority of side channel attacks. Actual side channel attacks would be divided into three steps, the progressive side channel logic vulnerability assessment, side channel information collection, and side channel analysis optimization, in this paper, we detail the realization method of each step. Then, this framework covers all attacking processes and can be applied on the software which is protected by improved low entropy mask and out-of-order instructions. The experiment results verify the rationality and validity of the framework which adapts to most side channel attacks.

Key words: cryptographic algorithm, cipher device, side channel risk assessment, side channel attack, generalized analysis framework

中图分类号: