# 臺灣博碩士論文加值系統

(44.200.165.168) 您好！臺灣時間：2024/08/04 23:03

:::

### 詳目顯示

:

• 被引用:0
• 點閱:448
• 評分:
• 下載:28
• 書目收藏:0
 在現今科技進步的時代，如Smart Card, PDA等等有效率且精密的電子設備紛紛被研發，並用以輔助使用者處理或儲存個人的秘密資料。然而，此類電子設備通常操作在公開的環境中，因此極有可能在某些條件之下，而洩漏秘密資料，進而危及個人權益。 而在近幾年，實體密碼攻擊法(physical cryptanalysis)已經在密碼學中自成一門新興的領域。現存的各類密碼演算法，經常被設計成硬體或軟體，一旦在設計時，考慮不周詳，即可能遭到實體密碼攻擊法的攻擊。在本篇論文中，實體密碼攻擊法將被仔細的討論，且將特別針對錯誤攻擊法(fault-based attack)以及時序攻擊法(timing attack)加以討論。 在第四章，一種新型態錯誤攻擊法被發表，該錯誤攻擊法可以用來分析IDEA, RC5與RC6。該攻擊法主要針對模加法(modular addition)與模乘法(modular multiplication)兩種運算加以分析。正因為這兩種運算被廣泛的使用在傳統加密器中，所以其相對的安全性更需要被仔細的討論。 在傳統設計中，除法鏈演算法(division chain algorithm)是被用來提昇指數運算效率的演算法，正因為其具有良好的效率，所以受到廣泛的重視。隨機亂序除法鏈的觀念在第五章被提出來，該觀念用來防禦現行可能的時序攻擊法，並且相關的執行效率也一併被討論。 混合式攻擊法(Hybrid attacks)基本上是合併兩種以上的實體密碼攻擊法，同時用以分析密碼系統。在某些合理的假設之下，混合式攻擊法將較單一的實體密碼攻擊法更有效率。在第六章，混合式攻擊法以及可行的防禦機制設計觀念將被提出來討論。
 Nowadays, some popular and small electronic devices, e.g., smart IC cards, are developed in order to provide possible solutions for data security, such as data processing and storage. However, these devices operate frequently in public environments and may suffer to leak secret information. In this thesis, physical cryptanalysis will be examined with great details. Physical cryptanalysis analyze careless implements of cryptosystems and open a brand new direction of cryptanalysis during the past few years. In this thesis, we focus especially on the fault-based attack and timing attack. In Chapter 4, new fault-based attacks on IDEA and RC5 (and also RC6) ciphers are considered. These attacks are conducted upon either modular addition or modular multiplication. Moreover, these two modular operations are used frequently in many cryptosystems, so their security should be considered extensively. Analysis shows that the considered cryptanalysis in this thesis is reasonable. Division chain algorithm was originally developed for improving exponentiation computation. In Chapter 5, the concept of randomized division chain is proposed to counteract the possible timing cryptanalysis when performing an exponentiation computation. Hybrid attacks, i.e., a novel combination of more than one physical cryptanalysis at the same time, are believed to be much powerful than any single physical cryptanalysis. In Chapter 6, possible guidelines, although not exhaustive, to prevent hybrid attacks are considered.
 Abstract………………………………………………………………… I Acknowledgements……………………………………………………… II Contents………………………………………………………………… III List of Tables………………………………………………………… V List of Figures…………………………………………………………VII Contents 1.Introduction………………………………………………………… 1 1.1 Motivation……………………………………………………… 1 1.2 Conventional Engineering and Security Engineering……2 1.3 Taxonomy of Cryptanalysis……………………………………2 1.4 Physical Security Cryptanalysis……………………………3 1.5 Overview of the Thesis……………………………………… 4 2.Review of Hardware Fault Cryptanalysis……………………… 5 2.1 Introduction…………………………………………………… 5 2.1.1History……………………………………………………… 5 2.1.2Types of Fault………………………………………………6 2.2 Bellcore Fault Attack…………………………………………7 2.2.1Fault model………………………………………………… 7 2.2.2An attack on “RSA-CRT”…………………………………8 2.3 Differential Fault Analysis…………………………………9 2.3.1Fault model of DFA…………………………………………9 2.3.2A differential fault analysis on DES…………………10 2.4 Discussion……………………………………………………… 13 3.Review of Timing Attack and Power Monitoring Attack………15 3.1 Kocher’s Timing Attack………………………………………17 3.1.1Preliminaries……………………………………………… 17 3.1.2Attack procedure……………………………………………18 3.1.3Analysis of Kocher’s timing attack………………… 20 3.1.4Possible countermeasures…………………………………21 3.2 Improved Timing Attack……………………………………… 21 3.2.1Preliminaries……………………………………………… 21 3.2.2Attack by exploiting multiplication………………… 23 3.2.3Attack by exploiting squaring………………………… 23 3.2.4Possible countermeasures…………………………………25 3.3 The Other Timing Attacks…………………………………… 25 3.4 Power Monitoring Attack………………………………………26 3.4.1Simple power analysis…………………………………… 26 3.4.2Differential power analysis…………………………… 27 3.4.3Improved DPA…………………………………………………30 3.4.4Possible countermeasures…………………………………31 3.5 Discussion……………………………………………………… 32 4.Differential Fault Attack on IDEA Cipher…………………… 33 4.1 Introduction…………………………………………………… 33 4.2 Fault Model and Cryptanalysis Procedure…………………33 4.2.1Assumption and general model……………………………34 4.2.2Our simple fault model……………………………………35 4.3 Cryptanalysis Complexity…………………………………… 39 4.3.1Computing cost of attacking multiplication modulo 2^16+1……………………………………………… 39 4.3.2Computing cost of attacking addition modulo 2^16……………………………………………………………39 4.4 Discussion and Open Problems……………………………… 40 5.Countermeasure against Timing Cryptanalysis by Randomized Division Chain……………………………………………………… 43 5.1 Introduction…………………………………………………… 43 5.2 The Division Chain for Exponentiation……………………43 5.3 Timing Cryptanalysis over Division Chain……………… 44 5.3.1The characteristic of division chain…………………45 5.3.2Timing cryptanalysis procedure…………………………46 5.3.3Possible countermeasures…………………………………47 5.3.4Penalties of countermeasures……………………………49 5.4 Discussion……………………………………………………… 52 6.Some Remarks of Cryptanalysis……………………………………53 6.1 Common Conception of Physical Attack…………………… 53 6.2 Design Rule of Countermeasures…………………………… 56 6.3 Discussion……………………………………………………… 57 7.Conclusions……………………………………………………………59 7.1 Brief Review of Main Contributions……………………… 59 7.2 Further Research Topics and Directions………………… 60 Reference…………………………………………………………………63