基于未知故障模型的多重持续故障分析

doi:10.3969/j.issn.1671-1122.2023.05.005

信息网络安全 ›› 2023, Vol. 23 ›› Issue (5): 41-49.doi: 10.3969/j.issn.1671-1122.2023.05.005

基于未知故障模型的多重持续故障分析

毛红晶¹^,², 程驭坤¹^,², 胡红钢¹^,²()

1.中国科学院电磁空间信息重点实验室，合肥 230027
2.中国科学技术大学网络空间安全学院，合肥 230027

收稿日期:2023-03-01 出版日期:2023-05-10 发布日期:2023-05-15
通讯作者: 胡红钢 E-mail:hghu2005@ustc.edu.cn
作者简介:毛红晶（1997—），女，黑龙江，硕士研究生，主要研究方向为密码学、侧信道分析|程驭坤（1997—），男，安徽，硕士研究生，主要研究方向为密码学、侧信道分析与故障注入分析|胡红钢（1978—），男，四川，教授，博士，主要研究方向为密码学与网络安全
基金资助:
国家自然科学基金(61972370)

Multiple Persistent Faults Analysis with Unknown Faults

MAO Hongjing¹^,², CHENG Yukun¹^,², HU Honggang¹^,²()

1. Key Laboratory of Electromagnetic Space Information, Chinese Academy of Science, Hefei 230027, China
2. School of Cyber Science, University of Science and Technology of China, Hefei 230027, China

Received:2023-03-01 Online:2023-05-10 Published:2023-05-15
Contact: HU Honggang E-mail:hghu2005@ustc.edu.cn

摘要/Abstract

摘要：

持续故障分析是2018年提出的一种新型故障分析技术，该技术引起了国内外学者的广泛关注。目前虽然已经提出了各种针对不同密码系统的相关分析方法，但针对未知故障数量的故障模型的研究仍然一片空白。然而这是一种更为实际的攻击条件，尤其在多故障时，攻击者难以控制原始值集合与故障值集合没有重合。基于此，文章提出一种相对宽松的故障模型下的多重持续故障分析模型。攻击者无需知道任何关于故障值、位置，甚至数量的信息。充分利用持续故障在所有加密过程中保持不变的特性，利用密文不同字节的结果缩小故障值范围，最终达到恢复密钥的目的。理论证明和仿真实验验证了分析模型的有效性。以AES-128算法为例，在仅密文的条件下仅使用150条密文就可以将候选密钥数量控制在很小的范围内，攻击成功率为99%以上，有效减少了所需密文数量。当频繁更换密钥后，成功通过增加循环轮数恢复密钥，显著降低了攻击难度。

关键词: 持续故障分析, 侧信道攻击, AES算法, 故障注入攻击

Abstract:

Persistent Fault Analysis (PFA) is a novel fault analysis technique proposed in 2018, which has attracted widespread attention from home and abroad. Although various analysis methods for different cryptographic systems have been proposed, research on the fault model with unknown fault values is still an open problem, which represents a more practical attack scenario. Particularly when dealing with multiple faults, it is more difficult to control the overlap of the original and faulty values. This paper proposed a multiple persistent fault analysis model under a relatively loose fault model. Attackers did not need to know any information about fault values, locations, or even number. By exploiting the property that persistent faults remained unchanged during all encryption processes, the range of fault values was narrowed down using the results of different bytes of ciphertext, eventually leading to key recovery. Both theoretical proof and simulation experiments were conducted to verify the effectiveness of the analysis model. Taking the AES-128 algorithm as an example, with only 150 ciphertexts under the condition of ciphertext-only, the number of candidate keys can be controlled within a small range. The success rate of the attack is above 99%, effectively reduce the required number of ciphertexts. By increasing the number of rounds, the key can be recovered even after frequent key-update, significantly reducing the difficulty of the attack.

Key words: persistent faults analysis, side-channel attacks, AES algorithm, fault injection attacks

中图分类号:

TP309

毛红晶, 程驭坤, 胡红钢. 基于未知故障模型的多重持续故障分析[J]. 信息网络安全, 2023, 23(5): 41-49.

MAO Hongjing, CHENG Yukun, HU Honggang. Multiple Persistent Faults Analysis with Unknown Faults[J]. Netinfo Security, 2023, 23(5): 41-49.

图/表 8

表1

图1

图2

表2

图3

图4

图5

表3

参考文献 16

[1]	JOVE M, TUNSTALL M. Fault Analysis in Cryptography[M]. Berlin: Springer 2012.
[2]	ALDERIGHI M, CASINI F, D’ANGELO S, et al. Evaluation of Single Event Upset Mitigation Schemes for SRAM Based FPGAs Using the FLIPPER Fault Injection Platform[C]// IEEE. 22nd IEEE International Symposium on Defect and Fault-Tolerance in VLSI Systems (DFT 2007). New York: IEEE, 2007: 105-113.
[3]	BAR-EI H, CHOUKRI H, NACCACHE D, et al. The Sorcerer’s Apprentice Guide to Fault Attacks[EB/OL]. (2006-01-23)[2023-02-20]. https://ieeexplore.ieee.org/document/1580506/metrics#metrics.
[4]	TORRANCE R, JAMES D. The State-of-the-Art in IC Reverse Engineering[C]// Springer. Cryptographic Hardware and Embedded Systems-CHES 2009: 11th International Workshop Lausanne. Berlin:Springer, 2009: 363-381.
[5]	ZHANG Fan, LOU Xiaoxuan, ZHAO Xinjie, et al. Persistent Fault Analysis on Block Ciphers[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018, 3: 150-172.
[6]	ZHANG Fan, ZHANG Yiran, JIANG Huilong, et al. Persistent Fault Attack in Practice[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2020, 2: 172-195.
[7]	XU Guorui, ZHANG Fan, YANG Bolin, et al. Pushing the Limit of PFA: Enhanced Persistent Fault Analysis on Block Ciphers[C]// IEEE. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems. New York: IEEE, 2020: 1102-1116.
[8]	ZHANG Fan, FENG Tianxiang, LI Zhiqi, et al. Free Fault Leakages for Deep Exploitation: Algebraic Persistent Fault Analysis on Lightweight Block Ciphers[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022, 2: 289-311.
[9]	ENGELS S, SCHELLENBERG F, PAAR C. SPFA: SFA on Multiple Persistent Faults[C]// IEEE. 2020 Workshop on Fault Detection and Tolerance in Cryptography (FDTC). New York: IEEE, 2020: 49-56.
[10]	ZHENG Shihui, LIU Xudong, ZANG Shoujin, et al. A Persistent Fault-Based Collision Analysis Against the Advanced Encryption Standard[J]. IEEE Transactions on Computer Aided Design of Integrated Circuits and Systems, 2021, 40(6): 1117-1129. doi: 10.1109/TCAD.2021.3049687 URL
[11]	SOLEIMANY H, BAGHERI N, HADIPOUR H, et al. Practical Multiple Persistent Faults Analysis[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022, 1: 367-390.
[12]	BAGHERI N, SADEGHI S, RAVI P, et al. SIPFA: Statistical Ineffective Persistent Faults Analysis on Feistel Ciphers[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2022, 3: 367-390.
[13]	TANG Honghui, LIU Qiang. MPFA: An Efficient Multiple Faults-Based Persistent Fault Analysis Method for Low-Cost FIA[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2022, 41(9): 2821-2834. doi: 10.1109/TCAD.2021.3117512 URL
[14]	DAEMEN J, RIJMEN V. The Rijndael Block Cipher: AES Proposal[C]// NIST. First AES Candidate Conference (AES1). Gaithersburg: NIST, 1999: 343-348.
[15]	GRUBER M, PROBST M, TEMPELMEIER M. Persistent Fault Analysis of Ocb, Deoxys and Colm[C]// IEEE. 2019 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). New York: IEEE, 2019: 17-24.
[16]	CARRE S, GUILLEY S, RIOUL O. Persistent Fault Analysis with Few Encryptions[C]// Springer. International Workshop on Constructive Side-Channel Analysis and Secure Design. Berlin:Springer, 2020: 3-24.

符号	说明
$C\left[ j \right]$	密文的第$j$个字节
${{K}_{R}}$	密文的第$j$个字节对应的最后一轮密钥
${{C}_{min}}$	注入故障后，密文某字节的缺失值
${{C}_{max}}$	注入故障后，密文某字节出现最多的值
$D\left[ j \right]$	密文第$j$个字节的缺失密文值集合
$M\left[ j \right]$	密文第$j$个字节出现最多的密文值集合
$v$	S盒中被替换的故障值
$u$	缺失密文值对应的S盒中的值
$\lambda $	注入持续故障的个数
$\lambda '$	$D\left[ j \right]$中元素的个数

故障数量$\lambda $	$2$		4		8		16
密文数量$N$	150	200	150	200	150	200	150	200
理论缺少密文值数量$\lambda '$	142.72	117.57	142.96	117.95	143.2	118.33	143.45	118.72
实际缺少密文值数量$\lambda '$	143	117	143	$118$	143	118	143	119
攻击成功率	99.213%	99.967%	99.269%	99.695%	99.323%	99.972%	99.374%	99.975%
候选故障值集合	${{2}^{7.3}}$	${{2}^{8}}$	${{2}^{8.17}}$	${{2}^{8}}$	${{2}^{8.11}}$	${{2}^{8}}$	${{2}^{8.07}}$	${{2}^{8}}$
候选密钥数量	${{2}^{23.13}}$	${{2}^{23}}$	${{2}^{8.11}}$	${{2}^{8}}$	${{2}^{8.07}}$	${{2}^{8}}$	${{2}^{8.02}}$	${{2}^{8}}$
计算复杂度	${{2}^{18.29}}$	${{2}^{17.73}}$	${{2}^{18.27}}$	${{2}^{17.71}}$	${{2}^{18.26}}$	${{2}^{17.69}}$	${{2}^{18.24}}$	${{2}^{17.68}}$

方案	$\lambda =2$			$\lambda >2$
方案	文献[9]方案	文献[11]方案	本文方案	文献[9]方案	文献[11]方案	本文方案
所需密文数量	7775	1552	146	1643	477	137
候选密钥数量	${{2}^{50}}$	${{2}^{23}}$	${{2}^{23}}$	${{2}^{50}}$	${{2}^{24.52}}$	${{2}^{8}}$
抗密钥更新策略	N	N	Y	N	N	Y
未知故障数量	N	N	Y	N	N	Y

基于未知故障模型的多重持续故障分析

Multiple Persistent Faults Analysis with Unknown Faults

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 16

相关文章 8

编辑推荐

Metrics

本文评价

[1]	高博, 陈琳, 严迎建. 基于CNN-MGU的侧信道攻击研究[J]. 信息网络安全, 2022, 22(8): 55-63.
[2]	洪晟, 李雷, 原义栋, 高欣妍. 处理器微架构存储体系侧信道协同安全技术研究[J]. 信息网络安全, 2022, 22(6): 26-37.
[3]	段晓毅, 李邮, 令狐韫行, 胡荣磊. 基于RF算法的侧信道攻击方法研究[J]. 信息网络安全, 2022, 22(1): 19-26.
[4]	张良峰, 汪毅, 吴源燚, 孔睿. 基于统计的浏览器指纹采集技术[J]. 信息网络安全, 2019, 19(11): 49-55.
[5]	王庆, 屠晨阳, shenjiahui@iie.ac.cn. 侧信道攻击通用框架设计及应用[J]. 信息网络安全, 2017, 17(5): 57-62.
[6]	贾徽徽, 王潮, 顾健, 陆臻. 基于Grover量子中间相遇搜索算法的ECC攻击错误bit的修正[J]. 信息网络安全, 2016, 16(6): 28-34.
[7]	陈宇航, 贾徽徽, 姜丽莹, 王潮. 基于Grover算法的ECC扫描式攻击[J]. 信息网络安全, 2016, 16(2): 28-32.
[8]	张文;夏戈明;周翱隆;万山川. 一种安全加固的NFC无线通信连接认证加速系统[J]. , 2013, 13(11): 0-0.