信息网络安全 ›› 2023, Vol. 23 ›› Issue (5): 41-49.doi: 10.3969/j.issn.1671-1122.2023.05.005

• 技术研究 • 上一篇    下一篇

基于未知故障模型的多重持续故障分析

毛红晶1,2, 程驭坤1,2, 胡红钢1,2()   

  1. 1.中国科学院电磁空间信息重点实验室,合肥 230027
    2.中国科学技术大学网络空间安全学院,合肥 230027
  • 收稿日期:2023-03-01 出版日期:2023-05-10 发布日期:2023-05-15
  • 通讯作者: 胡红钢 E-mail:hghu2005@ustc.edu.cn
  • 作者简介:毛红晶(1997—),女,黑龙江,硕士研究生,主要研究方向为密码学、侧信道分析|程驭坤(1997—),男,安徽,硕士研究生,主要研究方向为密码学、侧信道分析与故障注入分析|胡红钢(1978—),男,四川,教授,博士,主要研究方向为密码学与网络安全
  • 基金资助:
    国家自然科学基金(61972370)

Multiple Persistent Faults Analysis with Unknown Faults

MAO Hongjing1,2, CHENG Yukun1,2, HU Honggang1,2()   

  1. 1. Key Laboratory of Electromagnetic Space Information, Chinese Academy of Science, Hefei 230027, China
    2. School of Cyber Science, University of Science and Technology of China, Hefei 230027, China
  • Received:2023-03-01 Online:2023-05-10 Published:2023-05-15
  • Contact: HU Honggang E-mail:hghu2005@ustc.edu.cn

摘要:

持续故障分析是2018年提出的一种新型故障分析技术,该技术引起了国内外学者的广泛关注。目前虽然已经提出了各种针对不同密码系统的相关分析方法,但针对未知故障数量的故障模型的研究仍然一片空白。然而这是一种更为实际的攻击条件,尤其在多故障时,攻击者难以控制原始值集合与故障值集合没有重合。基于此,文章提出一种相对宽松的故障模型下的多重持续故障分析模型。攻击者无需知道任何关于故障值、位置,甚至数量的信息。充分利用持续故障在所有加密过程中保持不变的特性,利用密文不同字节的结果缩小故障值范围,最终达到恢复密钥的目的。理论证明和仿真实验验证了分析模型的有效性。以AES-128算法为例,在仅密文的条件下仅使用150条密文就可以将候选密钥数量控制在很小的范围内,攻击成功率为99%以上,有效减少了所需密文数量。当频繁更换密钥后,成功通过增加循环轮数恢复密钥,显著降低了攻击难度。

关键词: 持续故障分析, 侧信道攻击, AES算法, 故障注入攻击

Abstract:

Persistent Fault Analysis (PFA) is a novel fault analysis technique proposed in 2018, which has attracted widespread attention from home and abroad. Although various analysis methods for different cryptographic systems have been proposed, research on the fault model with unknown fault values is still an open problem, which represents a more practical attack scenario. Particularly when dealing with multiple faults, it is more difficult to control the overlap of the original and faulty values. This paper proposed a multiple persistent fault analysis model under a relatively loose fault model. Attackers did not need to know any information about fault values, locations, or even number. By exploiting the property that persistent faults remained unchanged during all encryption processes, the range of fault values was narrowed down using the results of different bytes of ciphertext, eventually leading to key recovery. Both theoretical proof and simulation experiments were conducted to verify the effectiveness of the analysis model. Taking the AES-128 algorithm as an example, with only 150 ciphertexts under the condition of ciphertext-only, the number of candidate keys can be controlled within a small range. The success rate of the attack is above 99%, effectively reduce the required number of ciphertexts. By increasing the number of rounds, the key can be recovered even after frequent key-update, significantly reducing the difficulty of the attack.

Key words: persistent faults analysis, side-channel attacks, AES algorithm, fault injection attacks

中图分类号: