计算机科学 ›› 2021, Vol. 48 ›› Issue (11A): 523-527.doi: 10.11896/jsjkx.210200138
王舰1,2, 陈华1, 匡晓云3, 杨祎巍3, 黄开天3
WANG Jian1,2, CHEN Hua1, KUANG Xiao-yun3, YANG Yi-wei3, HUANG Kai-tian3
摘要: 持久故障攻击是一种利用持久性故障及统计方法恢复密钥信息的强大攻击技术,可应用于分组密码查表实现的密钥恢复,其最大的优势在于仅需一次故障注入即可恢复密钥信息,并且持久故障攻击可以应用于检测技术、掩码技术等经典的分组密码防护实现。虽然如此,经典的故障攻击防护技术仍然提高了持久故障攻击难度,检测、感染技术都使得提取正确密钥所需的密文数量有了常数倍的提升,这对于实际场景中的攻击会造成阻碍。对S盒进行实时的健康性检测是一种防范持久故障攻击的有效手段,一旦检测到S盒被注入故障则不再进行后续加密。持久故障攻击充分利用了S盒的双射特性,故针对S盒的双射特性进行健康性检测是一种高效的防护方法,对于一个8比特的S盒,只需进行255次异或操作即可完成对S盒双射特性的检验,远高于SHA3等通用的校验方法。此外,激光传感器等非算法层面的防护也应受到重视。
中图分类号:
[1]BONEH D,DEMILLO R A,LIPTON R J.On the importance of checking cryptographic protocols for faults[C]//International Conference on the Theory and Applications of Cryptographic Techniques.Berlin,Heidelberg:Springer,1997:37-51. [2]BIHAM E,SHAMIR A.Differential fault analysis of secret key cryptosystems[C]//Annual International Cryptology Conference.Berlin,Heidelberg:Springer,1997:513-525. [3]BIEHL I,MEYER B,MÜLLER V.Differential fault attacks on elliptic curve cryptosystems[C]//Annual International Cryptology Conference.Berlin,Heidelberg:Springer,2000:131-146. [4]DUSART P,LETOURNEUX G,VIVOLO O.Differential fault analysis on AES[C]//International Conference on Applied Cryptography and Network Security.Berlin,Heidelberg:Sprin-ger,2003:293-306. [5]FUHR T,JAULMES E,LOMNÉ V,et al.Fault attacks on AES with faulty ciphertexts only[C]//2013 Workshop on Fault Diagnosis and Tolerance in Cryptography.IEEE,2013:108-118. [6]CLAVIER C.Secret external encodings do not prevent transient fault analysis[C]//International Workshop on Cryptographic Hardware and Embedded Systems.Springer,Berlin,Heidelberg,2007:181-194. [7]CLAVIER D,EICHLSEDER M,KORAK T,et al.SIFA:exploiting ineffective fault inductions on symmetric cryptography[J].IACR Transactions on Cryptographic Hardware and Embedded Systems,2018:547-572. [8]DOBRAUNIG C,EICHLSEDER M,GROβ H,et al.Statistical ineffective fault attacks on masked AES with fault countermeasures[C]//International Conference on the Theory and Application of Cryptology and Information Security.Cham:Springer,2018:315-342. [9]ZHANG F,LOU X,ZHAO X,et al.Persistent fault analysis on block ciphers[J].IACR Transactions on Cryptographic Hardware and Embedded Systems,2018(3):150-172. [10]ZHANG F,ZHANG Y,JIANG H,et al.Persistent fault attack in practice[J].IACR Transactions on Cryptographic Hardware and Embedded Systems,2020(2):172-195. [11]BAR-EL H,CHOUKRI H,NACCACHE D,et al.The sorcerer'sapprentice guide to fault attacks[J].Proceedings of the IEEE,2006,94(2):370-382. [12]LOMNÉ V,ROCHE T,THILLARD A.On the need of randomness in fault attack countermeasures-application to AES[C]//2012 Workshop on Fault Diagnosis and Tolerance in Cryptography.IEEE,2012:85-94. [13]MESSERGES T S.Securing the AES finalists against power analysis attacks[C]//International Workshop on Fast Software Encryption.Berlin,Heidelberg:Springer,2000:150-164. [14]PAN J,ZHANG F,REN K,et al.One fault is all it needs:breaking higher-order masking with persistent fault analysis[C]//2019 Design,Automation & Test in Europe Conference &Exhibition (DATE).IEEE,2019:1-6. [15]BLOM G,HOLST L,SANDELL D.Problems and Snapshotsfrom the World of Probability[M].Springer Science & Business Media,1993. [16]CAFORIO A,BANIK S.A study of persistent fault analysis[C]//International Conference on Security,Privacy,and Applied Cryptography Engineering.Cham:Springer,2019:13-33. [17]SELMKE B,BRUMMER S,HEYSZL J,et al.Precise laser fault injections into 90 nm and 45 nm sram-cells[C]//International Conference on Smart Card Research and Advanced Applications.Cham:Springer,2015:193-205. [18]STALLINGS W.Cryptography and Network Security:Princi-ples and Practice[M].Beijing:Publishing House of Electronics Industry,2017:153-179. [19]MANGARD S,OSWALD E,POPP T.Power Analysis Attacks[M].Beijing:Science Press,2010:181-185. [20]YAO Y,YANG M,PATRICK C,et al.Fault-assisted side-channel analysis of masked implementations[C]//2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).IEEE,2018:57-64. [21]DWORKIN M J.SHA-3 standard:Permutation-based hash and extendable-output functions:Federal Inf.Process.Stds.(NIST FIPS) - 202 [S].NIST:2015. [22]MATSUDA K,FUJII T,SHOJI N,et al.A 286 f 2/cell distri-buted bulk-current sensor and secure flush code eraser against laser fault injection attack on cryptographic processor[J].IEEE Journal of Solid-State Circuits,2018,53(11):3174-3182. |
[1] | 沈璇, 王欣玫, 何俊, 孙志远. PFP算法改进的不可能差分分析 Revised Impossible Differential Cryptanalysis of PFP Block Cipher 计算机科学, 2020, 47(7): 263-267. https://doi.org/10.11896/jsjkx.200200034 |
[2] | 朱仁杰. 扩大故障注入范围的SM4差分故障攻击研究 Study on SM4 Differential Fault Attack Under Extended Fault Injection Range 计算机科学, 2019, 46(11A): 493-495. |
[3] | 李浪,刘波涛. Surge:一种新型、低资源、高效的轻量级分组密码算法 Surge:A New Low-resource and Efficient Lightweight Block Cipher 计算机科学, 2018, 45(2): 236-240. https://doi.org/10.11896/j.issn.1002-137X.2018.02.041 |
[4] | 李浪,邹祎,李株华,刘波涛. DBlock密码算法差分故障分析 Differential Fault Analysis on DBlock Cipher Algorithm 计算机科学, 2017, 44(7): 116-119. https://doi.org/10.11896/j.issn.1002-137X.2017.07.022 |
[5] | 黄玉划,代学俊,时阳阳,刘宁钟,曾庆喜,苏菲. 基于Feistel结构的超轻量级分组密码算法(PFP) Ultra-lightweight Block Cipher Algorithm (PFP) Based on Feistel Structure 计算机科学, 2017, 44(3): 163-167. https://doi.org/10.11896/j.issn.1002-137X.2017.03.036 |
[6] | 马猛,赵亚群,刘庆聪. Zodiac算法的零相关-积分攻击 Integral Zero-correlation Cryptanalysis on Zodiac 计算机科学, 2017, 44(2): 202-205. https://doi.org/10.11896/j.issn.1002-137X.2017.02.032 |
[7] | 代学俊,黄玉划,刘宁钟. 基于双伪随机变换和Feistel结构的轻量级分组密码VHF VHF:A Lightweight Block Cipher Based on Dual Pseudo-random Transformation and Feistel Structure 计算机科学, 2017, 44(2): 192-194. https://doi.org/10.11896/j.issn.1002-137X.2017.02.030 |
[8] | 董大强,殷新春. 基于REESSE3+算法的改进算法 New Improved Algorithm Based on REESSE3+ 计算机科学, 2017, 44(12): 120-125. https://doi.org/10.11896/j.issn.1002-137X.2017.12.024 |
[9] | 高红杰,卫宏儒. 用不可能差分法分析12轮ESF算法 Impossible Differential Attack on 12-round Block Cipher ESF 计算机科学, 2017, 44(10): 147-149. https://doi.org/10.11896/j.issn.1002-137X.2017.10.028 |
[10] | 陈玉磊,卫宏儒. ESF算法的不可能差分密码分析 Impossible Differential Cryptanalysis of ESF 计算机科学, 2016, 43(8): 89-91. https://doi.org/10.11896/j.issn.1002-137X.2016.08.018 |
[11] | 孙翠玲 卫宏儒. SMS4算法的不可能差分攻击研究 Research on Impossible Differential Attack of Cipher SMS4 计算机科学, 2015, 42(7): 191-193. https://doi.org/10.11896/j.issn.1002-137X.2015.07.042 |
[12] | 温雅敏,黎凤霞,龚 征,唐韶华. 一种AVR环境下KLEIN分组密码抗计时和缓存边信道攻击的快速保护方法 Fast Implementation of KLEIN for Resisting Timing and Cache Side-channel Attacks on AVR 计算机科学, 2015, 42(3): 148-152. https://doi.org/10.11896/j.issn.1002-137X.2015.03.031 |
[13] | 邱丰品,卫宏儒. CLEFIA-128算法的不可能差分密码分析 Impossible Differential Cryptanalysis of CLEFIA-128 计算机科学, 2015, 42(11): 208-211. https://doi.org/10.11896/j.issn.1002-137X.2015.11.043 |
[14] | 殷广丽,卫宏儒. CLEFIA算法的不可能差分密码分析 Impossible Differential Cryptanalysis of CLEFIA 计算机科学, 2014, 41(Z6): 352-356. |
[15] | 计锋,王韬,赵新杰,张金中. ARIA分组密码相关性功耗分析 Correlation Power Analysis on ARIA Block Cipher 计算机科学, 2012, 39(2): 92-94. |
|