簡易檢索 / 詳目顯示

回結果列表
研究生: 黃淑菁
Huang, Sue-Jing
論文名稱: 應用同構合成場於AES以抵禦差分電力攻擊之研究
On the Application of Isomorphic Composite Fields for AES against Differential Power Analysis
指導教授: 謝明得
Shieh, Ming-Der
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電機工程學系
Department of Electrical Engineering
論文出版年: 2007
畢業學年度: 95
語文別: 中文
論文頁數: 68
中文關鍵詞: 差分電力分析進階加密標準同構合成場
外文關鍵詞: AES, composite field, DPA
相關次數: 點閱:80下載:1
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 自從Paul Kocher於1996年證明通道攻擊法(Side-Channel Attack)能有效地破解資料加密標準(Data Encryption Standard)後,許多密碼系統設計人員不再只針對演算法上的安全做分析,也開始注意硬體實現之安全性;而在2001年,美國國家標準與技術局(NIST)所宣布新一代的進階加密標準(Advanced Encryption Standard),也同樣遭受到通道攻擊的威脅。其中差分電力分析(Differential Power Analysis)攻擊法就是利用硬體在加、解密時,通道上所洩露的電力資訊來推導出秘密金鑰;當電力的消耗是與處理的資料有關且此資料是含有金鑰的資訊,那麼中間值的漢明差值與電力消耗就會有相關性存在。
    相對於許多設計者提出防禦方法針對實現在微處理機上的密碼系統,本論文則是從特殊用途晶片設計(ASIC)的觀點探討AES晶片如何防禦DPA的攻擊。硬體加密時,攻擊者觀察暫存器的電力消耗來預測中間值,因此為了防禦DPA的攻擊,我們隨機產生一同構合成場(Isomorphic Composite Fields)來運算S-box。假設攻擊者不知道所使用的合成場,則無法從電力得到有用的資訊,因此我們就達到擾亂中間值的目的;換句話說,降低電力消耗與中間值的相關性即提高AES密碼系統的安全性。

    Since Paul Kocher proved that side-channel attack (SCA) efficiently break Data Encryption Standard (DES) in 1996, many cryptosystem designers have not only focused on the mathematic security but also concerned about its hardware implementation security of cryptography. In 2001, National Institute of Standard and Technology (NIST) announced the new generation Advanced Encryption Standard (AES) which is also threatened under side-channel attack. Differential power analysis (DPA) involves the leaked power information to deduce the secret key during the execution of the algorithm. When the power consumption depends on processed data which covers a part of the secret key, the correlation exists between Hamming weight of the intermediate values and power consumption.
    In contrast to the countermeasures on a microprocessor, our thesis focuses on AES architecture against DPA for ASIC implementation view point. During encryption, the attacker observes the power consumption of the register to predict the intermediate values, so we propose a countermeasure against DPA by randomly generating a composite field to compute S-box. Assume that attacker does not know which the composite field is used, and then the useful information can not be obtained from power. Hence, we achieve the purpose of randomizing intermediate values. In other words, while we reduce the correlation between power consumption and intermediate values, the security of cryptosystem is increased.

    目錄 iv 圖目錄 vi 表目錄 vii 第一章 緒論 1 1.1 動機 1 1.2 全文架構 2 第二章 研究背景 3 2.1簡介 3 2.1.1 參數與符號定義 4 2.1.2 位元狀態之表示 4 2.1.3 有限場運算 5 2.1.3.1 加、減法運算 6 2.2 AES演算法 6 2.2.1 SubBytes( ) 與InvSubBytes( )轉換 8 2.2.2 ShiftRows( )與InvShiftRows( )轉換 11 2.2.3 MixColumns( )與InvMixColumns( )轉換 12 2.2.4 AddRoundKey( )轉換 13 2.2.5 EeyExpansion( )金鑰擴充與排程 14 2.2.6 反元素運算建立在GF((24)2) 16 2.3 通道攻擊法(Side-channel Attack)之介紹 17 2.3.1差分電力分析法(Differential Power Analysis) 18 2.3.2相關電力分析法(Correlation Power Analysis) 19 第三章 探討合成場與AES電路架構 21 3.1 映射矩陣與映射反矩陣的求法 21 3.2 映射矩陣與映射反矩陣的特性 23 3.2.1 映射矩陣之特性 24 3.2.2 映射反矩陣之特性 27 3. 3 AES電路架構 29 3.3.1 防禦DPA之AES架構 29 3.3.2 映射矩陣之電路 33 3.3.3 映射反矩陣之電路 36 3.3.4 常數乘法λ 38 3.3.5 總結 39 第四章 實驗結果 42 4.1模擬未防禦DPA之AES電路 42 4.2模擬防禦DPA之AES電路 45 4.3 理論預測相關係數值 49 4.4 討論 52 第五章 結論與未來規劃 56 5.1 結論 56 5.2 未來規劃 56 參考文獻 58 附錄A 61 附錄B 62 附錄C 64 附錄D 65 附錄E 66 附錄F 67

    [1] P. Kocher, “Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS and other Systems,” in Proc. Advances in Cryptology, CRYPTO, no. 1109, pp. 104-113, 1996.

    [2] S. B. Örs, F. Gurkaynak, E. Oswald, and B. Preneel, “Power-Analysis Attack on an ASIC AES Implementation,” in Proc. IEEE ITCC Conf., vol. 2, pp. 546-552, Apr. 2004.

    [3] F.-X. Standaert, E. Peeters, G. Rouvroy, and J.-J. Quisquater, “An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays,” in Proc. IEEE, vol. 94, no. 2, pp. 383-394, Feb. 2006.

    [4] S. Mangard, N. Pramstaller, and E. Oswald, “Successfully Attacking Masked AES Hardware Implementations,” in Proc. Cryptographic Hardware and Embedded Systems, vol. 3659, pp.157-171, 2005.

    [5] F. Gurkaynak, S. Oetiker, H. Kaeslin, N. Felber, and W. Fichtner, “Improving DPA Security by Using Globally-Asynchronous Locally-Synchronous Systems,” in Proc. IEEE ESSCIRC Conf., pp. 407-410, Sept. 2005.

    [6] M.-L. Akkar and C. Giraud, “An Implementation of DES and AES, Secure against Some Attacks,” in Proc. Cryptographic Hardware and Embedded Systems, vol. 2162, pp. 309-318, 2001.

    [7] J. D. Golic and C. Tymen, “Multiplicative Masking and Power Analysis of AES,” in Proc. Cryptographic Hardware and Embedded Systems, vol. 2523, pp. 31-47, 2003.

    [8] K. Tiri and I. Verbauwhede, “Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology,” in Proc. Cryptographic Hardware and Embedded Systems, vol. 2779, pp. 125-136, 2003.

    [9] K. Tiri, M. Akmal , and I. Verbauwhede, “A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards,” in Proc. IEEE ESSCIRC Conf., pp. 403-406, Sept. 2002.

    [10] E. Barkan and E. Biham, “In How Many Ways Can You Write Rijndael?,” in Proc. Advances in Cryptology, ASIACRYPT, vol. 2501, pp. 160-175, 2002.

    [11] National Institute of Standards and Technology. FIPS 197: Advanced Encryption Standard, Nov. 2001.

    [12] A. Rudra, P. K. Dubey, C. S. Jutla, V. Kumar, J. R. Rao, and P. Rohatgi, “Efficient Rijndael Encryption Implementation with Composite Field Arithmetic,” in Proc. Cryptographic Hardware and Embedded Systems, vol. 2162, pp. 171-184, 2001.

    [13] P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS and Other Systems,” in Proc. Advances in Cryptology, CRYPTO, vol. 1109, pp. 104-113, Aug. 1996.

    [14] D. Boneh, R. A. DeMillo, and R. J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” in Proc. Advances in Cryptology, EUROCRYPT, vol. 1233, pp. 37-51, 1997.

    [15] J. M. Rabaey, Digital Integrated Circuits. Englewood Cliffs, NJ: Prentice-Hall, 1996.

    [16] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” in Proc. Advances in Cryptology, CRYPTO, vol. 1666, pp. 388-397, 1999.

    [17]A. Hald, Statistical Theory with Engineering Applications. New York: Wiley,1952.

    [18] S. B. Örs, E. Oswald, and B. Preneel, “Power-analysis attacks on an FPGA-First experimental results,” in Proc. Cryptographic Hardware and Embedded Systems, vol. 2279, pp. 35-50, 2003.

    [19] F.-X. Standaert, S. B. Örs, and B. Preneel, “Power analysis of an FPGA Implementation of Rijndael: Is Pipeline a DPA Countermeasure?,” in Proc. Cryptographic Hardware and Embedded Systems, vol. 3156, pp. 30-44, 2004.

    [20] C. Paar, “Efficient VLSI Architectures for Bit Parallel Computation in Galois Field,” Ph.D. dissertation, Institute for Experimental Mathematics, University of Essen, Germany, 1994.

    [21] J. W. Lyu, “Design and Implementation of Composite-Dual Cipher Based on AES,” M.S. thesis, Institute of Computer and Communication Engineering NCKU, Tainan, Taiwan, R.O.C, June 2006.

    [22] X. Zhang and K. K. Parhi, “High-speed VLSI Architectures for the AES Algorithm,” IEEE Trans. Vrey Large Scale Integration Systems, vol. 12, no. 9, pp. 957-967, Sept. 2004.

    [23] W. Bryc, A. Dembo, and A. Kagan, “On the Maximum Correlation Coefficient,”
    Dept. Statistics, Stanford Univ., Tech. Rep. 2002-25, Aug. 2002.

    [24] K. Tiri and I. Verbauwhede, “A Digital Design Flow for Secure Integrated Circuit,” IEEE Trans. Computer-Aided Design of Integrated Circuits and Systems, vol. 25, no. 7, pp. 1197-1208, July 2006.

    [25] J. Blömer, J. G. Merchan and V. Krummel, “Provably Secure Masking of AES,” Selected Area in Cryptography, SAC 2004, vol. 3357, pp. 69-83, 2005.

    下載圖示 校內:2009-08-21公開
    校外:2009-08-21公開
    QR CODE