摘要
旁路功耗分析已成为密码芯片渗透性测试的重要手段.为了在电路设计阶段验证防护措施的有效性,通常设计者会利用功耗仿真工具或FPGA来测量电路功耗,并进而进行旁路分析.在对一些通过安全认证的密码芯片进行试验后,发现用仿真功耗方法对这些芯片的原始电路代码进行分析,仍旧可以发现一些旁路泄露信息.甚至是对于一些采用掩码的防护措施,也可以通过一阶分析的方法攻击成功.并且不同实现方式下,不同功耗数据形式下,分析存在一定差异.本文通过理论和实验结合,以分组密码算法DES为例,深入分析了仿真功耗和实际功耗的差异,揭示已有防护措施仍旧存在旁路信息泄露的原因.本文的实验结果证实了功耗仿真和FPGA平台的有效性,改进建议有助于低价带防护方案的实现.
Side channel power analysis has become an important method for penetration testing of cryptographic chips.In order to verify the effectiveness of the countermeasures during the periods of circuit design,it is common for designers to use simulation or FPGA to measure the power consumption of the circuit,which is a basis for side channel analysis.This paper found that some simulation on the circuit can pass the security verification,which means that there still exists some information leakage.Even within the masking protection,attacks can be successfully performed through first order analysis.Analysis depends on implementations and the form of power consumption.Through the combination of theory and experiment,this paper chooses the block cipher algorithm DES to deeply analyze the differences between simulation and physical implementation,revealing what causes the side channel leakage.The experimental results confirm the effectiveness of simulation and FPGA platform,and some possible improvements are proposed to reduce the information leakage.
作者
郭筝
GUO Zheng(ZhiXun Crypto Testing and Evaluation Technology Co.Ltd.,Shanghai 201601,China)
出处
《密码学报》
CSCD
2021年第2期307-313,共7页
Journal of Cryptologic Research
基金
国家自然科学基金(U1636217)
上海市科委科研计划(19511103900)。
作者简介
通信作者:郭筝(1980-),上海人,博士.主要研究领域为侧信道攻击、芯片安全攻防技术、密码产品和系统测评技术.E-mail:guozheng@zxcsec.com。
