姜会龙^{1, 2},
朱翔^{1, 2,,},
李悦¹,
马英起¹,
上官士鹏^{1, 2},
韩建伟¹,
蔡莹^{1, 2}
1.中国科学院国家空间科学中心 北京 100190
2.中国科学院大学 北京 100049
基金项目:中国科学院重点部署项目(KGFZD-135-16-005)，中国科学院空间科学预先研究项目(XDA15014600)

详细信息

作者简介:姜会龙：男，1994年生，博士生，研究方向为密码芯片激光故障攻击
朱翔：男，1985年生，高级工程师，研究方向为器件辐射效应
李悦：女，1987年生，助理研究员，研究方向为数字集成电路可靠性分析方法

通讯作者:朱翔　 zhuxiang@nssc.ac.cn

中图分类号:TN918.2

计量

文章访问数:393
HTML全文浏览量:258
PDF下载量:51
被引次数:0

出版历程

收稿日期:2020-03-10
修回日期:2020-10-25
网络出版日期:2020-11-19
刊出日期:2021-05-18

Research on Laser Injection Attack for AES Based on Micro-Controller Unit

HuiLong JIANG^{1, 2},
Xiang ZHU^{1, 2,,},
Yue LI¹,
Yingqi MA¹,
Shipeng SHANGGUAN^{1, 2},
Jianwei HAN¹,
Ying CAI^{1, 2}
1. National Space Science Center, Chinese Academy of Sciences, Beijing 100190, China
2. University of Chinese Academy of Sciences, Beijing 100049, China
Funds:The Key Deployment Projects of Chinese Academy of Sciences (KGFZD-135-16-005), The Space Science Advance Research Projects of Chinese Academy of Sciences (XDA15014600)


摘要
摘要:密码设备面临故障攻击的威胁，针对密码芯片的故障攻击手段研究是密码学和硬件安全领域的重要研究方向。脉冲激光具有较好的时空分辨性，是一种准确度较高的故障攻击手段。该文详细描述了激光注入攻击的原理和方法，以集成AES-128算法的微控制器(MCU)为例实施了激光注入攻击实验。实验以微控制器的SRAM为攻击目标，分别成功实现了差分故障攻击和子密钥编排攻击，恢复了其16 Byte的完整密钥，其中后一种攻击是目前首次以激光的手段实现。研究表明，激光注入攻击能准确定位关键数据存放的物理位置，并能在任意的操作中引入错误，实现单比特的数据翻转，满足故障攻击模型的需求。激光注入攻击能在较短时间内完成自动攻击和密文收集，攻击过程贴近真实场景，对密码芯片具有极大的威胁。
关键词:故障攻击/
微控制器/
AES/
激光注入/
SRAM
Abstract:The security of cryptosystem is threatened by fault attacks, and implementation of fault attacks for crypto chips become an important research direction in the field of cryptography and hardware security. The pulse laser is a method with high accuracy for its high temporal-spatial resolution. In this paper, the principle and method of laser injection attacks are described in detail, and experiments are carried out on a Micro-Controller Unit (MCU) with AES-128 algorithm as an example. The SRAMs of the MCU are taken as the attack targets. Differential fault attack and the subkey expansion attack are successfully implemented, and the 16 Byte complete keys are recovered respectively. The latter attack is first implemented by the laser. The research shows that laser injection attack has many benefits to meet the requirements of fault attack models, including accurate location of critical data, error injection in any operation, and generation of single bit flip. The laser injection attacks and ciphertext collection can be completed automatically in a short time in a nearly real-life scenario, which has a great threat to the crypto chips.
Key words:Fault attack/
Micro-Controller Unit (MCU)/
Advanced Encryption Standard (AES)/
Laser injection/
SRAM



PDF全文下载地址:

https://jeit.ac.cn/article/exportPdf?id=4ad067d7-64a6-4c49-b010-9aee46cde7c6