习伟3,
范丽敏1,
焦志鹏1, 4,
冯婧怡1, 4
1.中国科学院软件研究所可信计算与信息保障实验室 北京 100190
2.密码科学技术国家重点实验室 北京 100878
3.南方电网科学研究院 广州 510663
4.中国科学院大学 北京 100049
基金项目:国家重点研发计划(2018YFB0904900, 2018YFB0904901),十三五国家密码发展基金(MMJJ20170214, MMJJ20170211)
详细信息
作者简介:陈华:女,1976年生,正高级工程师,博士生导师,研究方向为侧信道分析与防护、密码检测
习伟:男,1980年生,高级工程师,研究方向为智能电网与电力芯片
范丽敏:女,1978年生,高级工程师,硕士生导师,研究方向为侧信道分析与防护、密码检测
焦志鹏:男,1992年生,博士生,研究方向为侧信道分析与防护
冯婧怡:女,1991年生,博士生,研究方向为侧信道分析与防护
通讯作者:陈华 chenhua@tca.iscas.ac.cn
中图分类号:TN918; TP309计量
文章访问数:1092
HTML全文浏览量:490
PDF下载量:118
被引次数:0
出版历程
收稿日期:2019-11-01
修回日期:2020-06-05
网络出版日期:2020-07-07
刊出日期:2020-08-18
Side Channel Analysis and Evaluation on Cryptographic Products
Hua CHEN1, 2,,,Wei XI3,
Limin FAN1,
Zhipeng JIAO1, 4,
Jingyi FENG1, 4
1. TCA Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China
2. State Key Laboratory of Cryptology, Beijing 100878, China
3. Electric Power Research Institute, China Southern Power Grid, Guangzhou 510663, China
4. University of Chinese Academy of Sciences, Beijing 100049, China
Funds:The National Key R&D Program of China (2018YFB0904900, 2018YFB0904901), The National Cryptography Development Fund of China (MMJJ20170214, MMJJ20170211)
摘要
摘要:作为一类重要的信息安全产品,密码产品中所使用的密码技术保障了信息的保密性、完整性和不可抵赖性。而侧信道攻击是针对密码产品的一类重要的安全威胁,它主要利用了密码算法运算过程中侧信息(如时间、功耗等)的泄露,通过分析侧信息与秘密信息的依赖关系进行攻击。对密码产品的抗侧信道攻击能力进行评估已成为密码测评的重要内容。该文从攻击性测试、通用评估以及形式化验证3个角度介绍了目前密码产品抗侧信道评估的发展情况。其中攻击性测试是目前密码侧信道测评所采用的最主要的评估方式,它通过执行具体的攻击流程来恢复密钥等秘密信息。后两种方式不以恢复秘密信息等为目的,而是侧重于评估密码实现是否存在侧信息泄露。与攻击性测试相比,它们无需评估人员深入了解具体的攻击流程和实现细节,因此通用性更强。通用评估是以统计测试、信息熵计算等方式去刻画信息泄露的程度,如目前被广泛采用的测试向量泄露评估(TVLA)技术。利用形式化方法对侧信道防护策略有效性进行评估是一个新的发展方向,其优势是可以自动化/半自动化地评估密码实现是否存在侧信道攻击弱点。该文介绍了目前针对软件掩码、硬件掩码、故障防护等不同防护策略的形式化验证最新成果,主要包括基于程序验证、类型推导及模型计数等不同方法。
关键词:密码产品/
侧信道/
信息泄露/
形式化验证
Abstract:As a kind of important information security products, the cryptographic technique adopted by cryptographic products guarantees the confidentiality, integrity and non-repudiation of information. The side channel attack is an important security threat against cryptographic products. It mainly utilizes the leakage of side information (such as time, power consumption, etc.) during the operation of cryptographic algorithm, and attacks by analyzing the dependence between side information and secret information. It has become an important test content to evaluate the ability of cryptographic products to defend against the side channel attack. The development of side channel evaluation of cryptographic products is introduced from three aspects of attack test, general evaluation and formal verification. The attack test is the most popular way adopted in side channel evaluation, which aims to recover the secret imformation such as the key by executing specific attack process. The latter two methods are not for the purpose of recovering secret information, but focus on assessing whether there is any side information leakage in the cryptographic implementation. They are more general than the attack test because they do not require the evaluator to go into the details of the attack process and implementation. The general evaluation is to describe the degree of information leakage by means of statistical test and information entropy calculation. For example, Test Vector Leakage Assessment (TVLA) technology is widely used at present. The formal method is a new development direction to evaluate the effectiveness of side channel protection strategy which has the advantage that it can automatically/semi-automatically evaluate whether the cryptographic implementation has side channel attack vulnerability. The latest results of formal verification for different protection strategies such as software mask, hardware mask and fault protection is introduced in this paper, mainly including program verification, type inference and model counting.
Key words:Cryptographic product/
Side channel/
Information leakage/
Formal verification
PDF全文下载地址:
https://jeit.ac.cn/article/exportPdf?id=56cf5c4c-69e9-485f-9657-a3bd6fe2383e