密码产品的侧信道分析与评估

陈华; 习伟; 范丽敏; 焦志鹏; 冯婧怡

doi:10.11999/JEIT190853

密码产品的侧信道分析与评估

doi: 10.11999/JEIT190853

陈华^{1, 2, ,},
习伟³,
范丽敏¹,
焦志鹏^{1, 4},
冯婧怡^{1, 4}

1.
中国科学院软件研究所可信计算与信息保障实验室北京 100190
2.
密码科学技术国家重点实验室北京 100878
3.
南方电网科学研究院广州 510663
4.
中国科学院大学北京 100049

基金项目: 国家重点研发计划(2018YFB0904900, 2018YFB0904901)，十三五国家密码发展基金(MMJJ20170214, MMJJ20170211)

详细信息

作者简介:
陈华：女，1976年生，正高级工程师，博士生导师，研究方向为侧信道分析与防护、密码检测

习伟：男，1980年生，高级工程师，研究方向为智能电网与电力芯片

范丽敏：女，1978年生，高级工程师，硕士生导师，研究方向为侧信道分析与防护、密码检测

焦志鹏：男，1992年生，博士生，研究方向为侧信道分析与防护

冯婧怡：女，1991年生，博士生，研究方向为侧信道分析与防护

通讯作者:
陈华　chenhua@tca.iscas.ac.cn

中图分类号: TN918; TP309
计量
- 文章访问数: 2357
- HTML全文浏览量: 1523
- PDF下载量: 250
- 被引次数: 0
出版历程
- 收稿日期: 2019-11-01
- 修回日期: 2020-06-05
- 网络出版日期: 2020-07-07
- 刊出日期: 2020-08-18

Side Channel Analysis and Evaluation on Cryptographic Products

Hua CHEN^{1, 2
, ,},
Wei XI³,
Limin FAN¹,
Zhipeng JIAO^{1, 4},
Jingyi FENG^{1, 4}

1.
TCA Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
2.
State Key Laboratory of Cryptology, Beijing 100878, China
3.
Electric Power Research Institute, China Southern Power Grid, Guangzhou 510663, China
4.
University of Chinese Academy of Sciences, Beijing 100049, China

Funds: The National Key R&D Program of China (2018YFB0904900, 2018YFB0904901), The National Cryptography Development Fund of China (MMJJ20170214, MMJJ20170211)

摘要

摘要: 作为一类重要的信息安全产品，密码产品中所使用的密码技术保障了信息的保密性、完整性和不可抵赖性。而侧信道攻击是针对密码产品的一类重要的安全威胁，它主要利用了密码算法运算过程中侧信息(如时间、功耗等)的泄露，通过分析侧信息与秘密信息的依赖关系进行攻击。对密码产品的抗侧信道攻击能力进行评估已成为密码测评的重要内容。该文从攻击性测试、通用评估以及形式化验证3个角度介绍了目前密码产品抗侧信道评估的发展情况。其中攻击性测试是目前密码侧信道测评所采用的最主要的评估方式，它通过执行具体的攻击流程来恢复密钥等秘密信息。后两种方式不以恢复秘密信息等为目的，而是侧重于评估密码实现是否存在侧信息泄露。与攻击性测试相比，它们无需评估人员深入了解具体的攻击流程和实现细节，因此通用性更强。通用评估是以统计测试、信息熵计算等方式去刻画信息泄露的程度，如目前被广泛采用的测试向量泄露评估(TVLA)技术。利用形式化方法对侧信道防护策略有效性进行评估是一个新的发展方向，其优势是可以自动化/半自动化地评估密码实现是否存在侧信道攻击弱点。该文介绍了目前针对软件掩码、硬件掩码、故障防护等不同防护策略的形式化验证最新成果，主要包括基于程序验证、类型推导及模型计数等不同方法。
- 密码产品 /
- 侧信道 /
- 信息泄露 /
- 形式化验证
Abstract: As a kind of important information security products, the cryptographic technique adopted by cryptographic products guarantees the confidentiality, integrity and non-repudiation of information. The side channel attack is an important security threat against cryptographic products. It mainly utilizes the leakage of side information (such as time, power consumption, etc.) during the operation of cryptographic algorithm, and attacks by analyzing the dependence between side information and secret information. It has become an important test content to evaluate the ability of cryptographic products to defend against the side channel attack. The development of side channel evaluation of cryptographic products is introduced from three aspects of attack test, general evaluation and formal verification. The attack test is the most popular way adopted in side channel evaluation, which aims to recover the secret imformation such as the key by executing specific attack process. The latter two methods are not for the purpose of recovering secret information, but focus on assessing whether there is any side information leakage in the cryptographic implementation. They are more general than the attack test because they do not require the evaluator to go into the details of the attack process and implementation. The general evaluation is to describe the degree of information leakage by means of statistical test and information entropy calculation. For example, Test Vector Leakage Assessment (TVLA) technology is widely used at present. The formal method is a new development direction to evaluate the effectiveness of side channel protection strategy which has the advantage that it can automatically/semi-automatically evaluate whether the cryptographic implementation has side channel attack vulnerability. The latest results of formal verification for different protection strategies such as software mask, hardware mask and fault protection is introduced in this paper, mainly including program verification, type inference and model counting.
- Cryptographic product /
- Side channel /
- Information leakage /
- Formal verification

HTML全文

表 1 密码测评标准中的抗侧信道防护要求比较

测评标准		FIPS140～3(1～4级)	GM/T0028(1～4级)	GM/T0008(1～3级)
非侵入/半侵入式	能量	1～4级	1～4级	2～3级
	计时	1～4级	1～4级	2～3级
	电磁	1～4级	1～4级	2～3级
	温度	3～4级	3～4级	2～3级
	电压	3～4级	3～4级	2～3级
	错误注入	4级	4级	3级
侵入式		2～4级	2～4级	2～3级

下载: 导出CSV

表 2 能量攻击防护方案通用评估方法对比

评估方法	优点	缺点
TVLA	简单高效	低噪声情况下以及泄露信息分布在多个统计距情况下不适用
χ²-test	有效弥补TVLA的不足，在低噪声以及泄露信息分布在多个统计距的情况下仍然适用	在信噪比较低的情况下，效率较低
DL-LA	无需预处理，更低的误报率	存在概率适应性以及过拟合等问题

下载: 导出CSV

表 3 3种评估方法对比

评估方法	优点	缺点	适用场景
侧信道攻击测评	评估思路简单直接：利用现有攻击逐一尝试，攻击成功则不通过，失败则为通过	由于攻击方法繁多，实现繁琐，评估周期长，同时难以保障评估的完备性	符合攻击条件的侧信道泄露场景，也可作为其它评估技术的验证
基于信息泄露的通用评估	评估实现简单，评估结果可提供一定的理论安全依据	评估的准确度和解释性有待提高与增强	可单独作为评估技术使用，也可作为攻击测评中侧信息泄露点定位工具
形式化验证技术	可为防护实现提供安全性的理论评估，自动化程度高	实现代价大，评估效率较低	可作为可证明安全防护设计方案的验证工具

下载: 导出CSV

参考文献(42)

KOCHER P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C]. The 16th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 1996: 104–113. doi: 10.1007/3-540-68697-5_9.

KOCHER P, JAFFE J, and JUN B. Differential power analysis[C]. The 19th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 1999: 388–397. doi: 10.1007/3-540-48405-1_25.

GANDOLFI K, MOURTEL C, and OLIVIER F. Electromagnetic analysis: Concrete results[C]. The 3rd International Workshop Paris on Cryptographic Hardware and Embedded Systems, Paris, France, 2001: 251–261. doi: 10.1007/3-540-44709-1_21.

BONEH D, DEMILLO R A, and LIPTON R J. On the importance of checking cryptographic protocols for faults[C]. International Conference on the Theory and Application of Cryptographic Techniques Konstanz on Advances in Cryptology, Konstanz, Germany, 1997: 37–51. doi: 10.1007/3-540-69053-0_4.

MANGARD S, OSWALD E, POPP T. 冯登国, 周永彬, 刘继业, 等译. 能量分析攻击[M]. 北京: 科学出版社, 2010: 3–4, 49–50.

MANGARD S, OSWALD E, and POPP T. FENG Dengguo, ZHOU Yongbin, LIU Jiye, et al. translation. Power Analysis Attacks[M]. Beijing: Science Press, 2010: 3–4, 49–50.

NIST. FIPS 140–3 Security requirements for cryptographic modules[S]. NIST, 2019.

ISO/IEC 19790: 2012. Information technology-security techniques-security requirements for cryptographic modules[S]. 2012.

State Cryptography Administration. GM/T 0028–2014 Cryptography module security technical requirements[S]. Beijing: China Standard Press, 2014.

国家密码管理局. GM/T 0008–2012 安全芯片密码检测准则[S]. 北京: 中国标准出版社, 2012.

State Cryptography Administration. GM/T 0008–2012 Cryptography test criteria for security IC[S]. Beijing: China Standard Press, 2012.

BRIER E, CLAVIER C, and OLIVIER F. Correlation power analysis with a leakage mode[C]. The 6th International Workshop Cambridge on Cryptographic Hardware and Embedded Systems, Cambridge, USA, 2004: 16–29. doi: 10.1007/978-3-540-28632-5_2.

GIERLICHS B, BATINA L, TUYLS P, et al. Mutual information analysis[C]. The 10th International Workshop on Cryptographic Hardware and Embedded Systems, Washington, USA, 2008: 426–442. doi: 10.1007/978-3-540-85053-3_27.

CHARI S, RAO J R, and ROHATGI P. Template attacks[C]. The 4th International Workshop Redwood Shores on Cryptographic Hardware and Embedded Systems, Redwood City, USA, 2002: 13–28. doi: 10.1007/3-540-36400-5_3.

HOSPODAR G, GIERLICHS B, DE MULDER E, et al. Machine learning in side-channel analysis: A first study[J]. Journal of Cryptographic Engineering, 2011, 1(4): 293. doi: 10.1007/s13389-011-0023-x

LERMAN L, BONTEMPI G, and MARKOWITCH O. A machine learning approach against a masked AES[J]. Journal of Cryptographic Engineering, 2015, 5(2): 123–139. doi: 10.1007/s13389-014-0089-3

MAGHREBI H, PORTIGLIATTI T, and PROUFF E. Breaking cryptographic implementations using deep learning techniques[C]. The 6th International Conference on Security, Privacy, and Applied Cryptography Engineering, Hyderabad, India, 2016: 3–26. doi: 10.1007/978-3-319-49445-6_1.

TIMON B. Non-profiled deep learning-based side-channel attacks with sensitivity analysis[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019(2): 107–131.

BIHAM E and SHAMIR A. Differential fault analysis of secret key cryptosystems[C]. The 17th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 1997: 513–525. doi: 10.1007/BFb0052259.

BIEHL I, MEYER B, and MÜLLER V. Differential fault attacks on elliptic curve cryptosystems[C]. The 20th Annual International Cryptology Conference Santa Barbara on Advances in Cryptology, Santa Barbara, USA, 2000: 131–146. doi: 10.1007/3-540-44598-6_8.

SCHMIDT J M and MEDWED M. A fault attack on ECDSA[C]. The 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography, Lausanne, Switzerland, 2009: 93–99. doi: 10.1109/FDTC.2009.38.

GOODWILL G, JUN B, JAFFE J, et al. A testing methodology for side-channel resistance validation[C]. NIST Non-Invasive Attack Testing Workshop, Nara, Japan, 2011: 115–136.

BECKER G, COOPER J, DEMULDER E, et al. Test Vector Leakage Assessment (TVLA) methodology in practice[C]. International Cryptographic Module Conference, Gaithersburg, USA, 2013: 13.

DING A A, CHEN Cong, and EISENBARTH T. Simpler, faster, and more robust t-test based leakage detection[C]. The 7th International Workshop on Constructive Side, Graz, Austria, 2016: 163–183. doi: 10.1007/978-3-319-43283-0_10.

MORADI A, RICHTER B, SCHNEIDER T, et al. Leakage detection with the X²-test[J]. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2018(1): 209–237. doi: 10.13154/tches.v2018.i1.209-237

WEGENER F, MOOS T, and MORADI A. DL-LA: Deep learning leakage assessment[J]. IACR Cryptology ePrint Archive, 2019. https://eprint.iacr.org/2019/505.pdf.

SAKIYAMA K, LI YANG, IWAMOTO M, et al. Informationtheoretic approach to optimal differential fault analysis[J]. IEEE Transactions on Information Forensics and Security, 2012, 7(1): 109–120. doi: 10.1109/TIFS.2011.2174984

BERTONI G, BREVEGLIERI L, KOREN I, et al. Error analysis and detection procedures for a hardware implementation of the advanced encryption standard[J]. IEEE Transactions on Computers, 2003, 52(4): 492–505. doi: 10.1109/tc.2003.1190590

JOYE M, MANET P, and RIGAUD J B. Strengthening hardware AES implementations against fault attacks[J]. IET Information Security, 2007, 1(3): 106–110. doi: 10.1049/iet-ifs:20060163

GHOSH S, SAHA D, SENGUPTA A, et al. Preventing fault attacks using fault randomization with a case study on AES[C]. The 20th Australasian Conference on Information Security and Privacy, Brisbane, Australia, 2015: 343–355. doi: 10.1007/978-3-319-19962-7_20.

TUPSAMUDRE H, BISHT S, and MUKHOPADHYAY D. Destroying fault invariant with randomization[C]. The 16th International Workshop on Cryptographic Hardware and Embedded Systems, Busan, Korea, 2014: 93–111. doi: 10.1007/978-3-662-44709-3_6.

FENG Jingyi, CHEN Hua, LI Yang, et al. A framework for evaluation and analysis on infection countermeasures against fault attacks[J]. IEEE Transactions on Information Forensics and Security, 2020, 15: 391–406. doi: 10.1109/TIFS.2019.2903653

GOUBIN L and PATARIN J. DES and differential power analysis the “duplication” method[C]. The 1st International Workshop on Cryptographic Hardware and Embedded Systems, Worcester, USA, 1999: 158–172. doi: 10.1007/3-540-48059-5_15.

BAYRAK A G, REGAZZONI F, NOVO D, et al. Sleuth: Automated verification of software power analysis countermeasures[C]. The 15th International Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, USA, 2013: 293–310. doi: 10.1007/978-3-642-40349-1_17.

BARTHE G, BELAÏD S, DUPRESSOIR F, et al. Strong non-interference and type-directed higher-order masking[C]. The 2016 ACM SIGSAC Conference on Computer and Communications Security, New York, USA, 2016: 116–129. doi: 10.1145/2976749.2978427.

BARTHE G, BELAÏD S, DUPRESSOIR F, et al. Verified proofs of higher-order masking[C]. The 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, Sofia, Bulgaria, 2015: 457–485. doi: 10.1007/978-3-662-46800-5_18.

CORON J S. Formal verification of side-channel countermeasures via elementary circuit transformations[C]. The 16th International Conference on Applied Cryptography and Network Security, Leuven, Belgium, 2018: 65–82. doi: 10.1007/978-3-319-93387-0_4.

EL OUAHMA I B, MEUNIER Q L, HEYDEMANN K, et al. Side-channel robustness analysis of masked assembly codes using a symbolic approach[J]. Journal of Cryptographic Engineering, 2019, 9(3): 231–242. doi: 10.1007/s13389-019-00205-7

ELDIB H, WANG Chao, and SCHAUMONT P. Formal verification of software countermeasures against side-channel attacks[J]. ACM Transactions on Software Engineering and Methodology, 2014, 24(2): 1–24. doi: 10.1145/2685616

ELDIB H, WANG Chao, and SCHAUMONT P. SMT-based verification of software countermeasures against side-channel attacks[C]. The 20th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, Grenoble, France, 2014: 62–77. doi: 10.1007/978-3-642-54862-8_5.

ZHANG Jun, GAO Pengfei, SONG Fu, et al. SCINFER: Refinement-based verification of software countermeasures against side-channel attacks[C]. The 30th International Conference on Computer Aided Verification, Oxford, England, 2018: 157–177. doi: 10.1007/978-3-319-96142-2_12.

BERTONI G and MARTINOLI M. A methodology for the characterisation of leakages in combinatorial logic[C]. The 6th International Conference on Security, Privacy, and Applied Cryptography Engineering, Hyderabad, India, 2016: 363–382. doi: 10.1007/978-3-319-49445-6_21.

BLOEM R, GROSS H, IUSUPOV R, et al. Formal verification of masked hardware implementations in the presence of glitches[C]. The 37th Advances in Cryptology, Tel Aviv, Israel, 2018: 321–353. doi: 10.1007/978-3-319-78375-8_11.

GOUBET L, HEYDEMANN K, ENCRENAZ E, et al. Efficient design and evaluation of countermeasures against fault attacks using formal verification[C]. The 14th International Conference on Smart Card Research and Advanced Applications, Bochum, Germany, 2015: 177–192. doi: 10.1007/978-3-319-31271-2_11.

施引文献

资源附件(0)

访问统计