跳到主要內容

臺灣博碩士論文加值系統

(3.236.124.56) 您好!臺灣時間:2021/07/31 04:38
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:吳香翰
研究生(外文):Shain-Han Wu
論文名稱:遮罩保護機制防禦差分能量攻擊之研究
論文名稱(外文):The Research on Masking Countermeasure Against Differential Power Analysis
指導教授:顏嵩銘顏嵩銘引用關係
指導教授(外文):Sung-Ming Yen
學位類別:碩士
校院名稱:國立中央大學
系所名稱:資訊工程研究所
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:英文
論文頁數:66
中文關鍵詞:密碼學新一代加密器晶片卡物理攻擊法乘法遮罩保護乘法反元素遮罩保護機制差分能量攻擊能量攻擊法
外文關鍵詞:AESDPACryptographyTransformed maskingSmart cardsPower analysis attackSide channel attackPhysical cryptanalysisMultiplicative maskInversion
相關次數:
  • 被引用被引用:0
  • 點閱點閱:192
  • 評分評分:
  • 下載下載:13
  • 收藏至我的研究室書目清單書目收藏:0
隨著資訊科技與網際網路的蓬勃發展,資訊安全的問題與需求,與人們的生活息息相關,因此,密碼學之相關研究已然成為現今重要的議題。除了探討密碼演算法本身的特性與結構,密碼系統的實作過程也必須納入安全分析。物理攻擊法便是藉由密碼系統運算過程中所洩漏的物理現象進行攻擊,因此即使是保證安全的密碼演算法,也會因實作過程洩漏些許資訊而可破解密碼系統。
論文中將說明物理攻擊法的基本概念,並特別針對能量消攻擊法加以說明。以現階段技術而言,差分能量攻擊法是目前最有效且易於實施的物理攻擊法。為了有效防禦差分能量攻擊法,對應的防禦方式也被廣泛的討論,其中一類利用導入亂數,致使攻擊法統計分析失效的遮罩保護機制,將於第三章介紹其概念及演進。文中用以介紹防禦技術的新一代加密器AES,將於第二章先行簡介。
在西元2001年,Akkar與Giraud發表新類型的遮罩保護機制,以提昇軟體實作的效能。由於此方法應用到AES,仍無法防止差分能量攻擊,於是,在西元2002年,Trichina等人發表提昇效能與增加安全的改進發法。然而,論文中將針對Trichina發表的方法進行弱點分析,並提出一種應用於此的差分能量攻擊法。
為了兼顧執行效率與系統安全,基於遮罩保護機制的原理,於第四章提出改進的防禦方法。並進行安全分析,證明此防禦法能夠有效防止能量攻擊。接著,針對三種遮罩保護機制比較執行效能,提出的防禦法法提昇效能至少十倍以上。最後,第五章呈現攻擊後的實驗成果,顯示未受保護的密碼系統易於破解,相對地,加上提出的防禦法確實能抵抗差分能量攻擊。
Since the explosive growth in the use of computer and Internet, the requirements for information security generate higher influence in our daily life. Therefore, cryptography becomes an important issue, which not only considers the cryptographic algorithm but also takes their implementations into account. Physical attacks on the security of a cryptosystem are characterized by viewing the information leaking from the cryptosystem being processed.
The preliminary knowledge and requirements of physical cryptanalysis will be discussed. The discussion of physical security is extended to include an important standard, the Advanced Encryption Standard (AES). Further, an approach to the protection of cryptosystem in software-based implementation from power analysis is also addressed.
For opposing differential power analysis, an improved technique to perform the security transformation will be developed. A masking countermeasure resisted power analysis and integrated transformations into original cryptographic architecture is presented. The principles of improved technique are discussed and the analysis of performance and security are provided completely.
Finally, the techniques used to construct improved masking method are examined. The practical masking countermeasure has been implemented and provides the information security against the DPA attack. The experimental results demonstrated the practicality of the DPA attacks on straightforward AES and the security of AES could be achieved by using improved method.
1 Introduction
1.1 Motivation
1.2 Conventional Mathematical Attacks Versus Physical Cryptanalysis
1.2.1 Conventional mathematical attacks
1.2.2 Physical cryptanalysis
1.3 Overview of The Thesis

2 Preliminary Background of Power Analysis Attack and AES
2.1 Power Analysis Attack
2.2 Simple Power Analysis
2.3 Differential Power Analysis
2.4 Brief Review of AES
2.4.1 Physical cryptanalysis against AES

2 Introduction to Masking Countermeasure
3.1 Random Masking Technique
3.2 Masking Conversions
3.3 Transformed Masking Method
3.3.1 Transformed masking on AES
3.3.2 Vulnerability and cryptanalysis procedures
3.3.3 Simplified and enhanced transformed masking

4 An Improved Transformed Masking for AES Implementation
4.1 Motivation
4.2The Proposed Countermeasure
4.2.1 Secure implementation on S-Box transactions
4.2.2 Updating m-Inversion tables
4.3 Security Analysis
4.3.1 Proposed DPA on simplified and enhanced transformed masking
4.3.2 Security against first-order DPA
4.3.3 Security against second-order DPA
4.4 Performance Comparisons with Other Methods
4.4.1 Multiplication in GF(2^8)
4.5 Main Contribution

5 Experimental Work
5.1 Description of Experimental Equipment
5.1.1 Experimental environment
5.1.2 The selection function of DPA
5.2 Experimental Results
5.2.1 Experimental results of straightforward AES implementation
5.2.2 Experimental results of proposed masking method

6 Concluding Remarks
6.1 Brief Review of Main Contributions
6.2 Further Research Topic and Directions
[1] E. Biham and A. Shimar,``Differential Cryptanalysis of DES-like Cryptosystem," In advances in Cryptology -- CRYPTO'90, LNCS537, pp.2-21, Springer-Verlag, 1991.

[2] E. Biham and A. Shimar,``Differential Cryptanalysis of DES-like Cryptosystem," Journal of Cryptology, vol.~4, no.~1, pp. 3-72, 1991.

[3] E. Biham and A. Shimar,``Differential Cryptanalysis of Snefru Khafre, REDOC, LOKI and Lucifer," In Advances in Cryptology -- CRYPTO'91,pp. 156-171, Spribger-Verlag, 1991.

[4] M. Matsui,``Linear Cryptanalysis Method for DES Cipher," In Advances in Cryptology -- EUROCRYPT'93, LNCS765, pp. 386-397, Springer-Verlag, 1994.

[5] E. Biham, ``On Matusi's Linear Cryptanalysis," In Advances in Cryptology -- EUROCRYPT'94, pp. 341-355, Springer-Verlag, 1994.

[6] R. Anderson and M. Kuhn, ``Tamper Resistance -- A Cautionary Note," In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp.1--11, 1996.

[7] P. Kocher, J. Jaffe and B. Jun, ``Introduction to Differential Power Analysis and Related Attacks," 1998, available at URL <http://www.cryptography.com/dpa/technical>.

[8] P. Kocher, J. Jaffe and B. Jun, ``Differential Power Analysis," In Advances in Cryptology -- CRYPTO'99, LNCS1666, pp.388--397, Springer-Verlag, 1999.

[9] E. Biham and A. Shamir, ``Power Analysis of the Key Scheduling of the AES Candidates," In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp.115--121, 1999.

[10] S. Mangrad, ``A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion," In Proceedings of the International Conference on Information Security and Cryptology - ICISC 2002, LNCS2587, pp.343--358, Springer-Verlag, 2002.

[11] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, ``Investigations of Power Analysis Attacks on Smartcards," In Proceedings of USENIX Workshop on Smartcard Technology, pp.151--161, 1999.

[12] J. Kelsey, B. Schneier, D. Wagner and C. Hall, ``Side Channel Cryptanalysis of Product Ciphers," In Proceedings of ESORICS '98, pp. 97-110, Springer-Verlag, 1998.

[13] NBS FIPS PUB 46, ``Data Encryption Standard," National Bureau of Standard, U.S. Department of Commerce, Jan. 1977.

[14] R. M. Davis, ``Some Regular Properties of DES," Computer Security and the Data Encryption Standard, National Bureau of Standards Special Publication, 1978.

[15] NBA FIPS PUB 46-1, ``Data Encryption Standard," National Bureau of Standards, U.S. Department of Commerce, 1988.

[16] S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, ``A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards," In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp.133--147, 1999.

[17] J. Daemen and V. Rijmen, ``Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals," In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp.122--132, 1999.

[18] J. Daemen, V. Rijnmen, ``AES Proposal : Rijndael," In Proceedings of the First Advanced Encryption Standard Candidate Conference (AES), 1998.

[19] T.S. Messerges, ``Securing the AES Finalists Against Power Analysis Attacks,' In Proceedings of Fast Software Encryption Workshop -- FSE2000, LNCS1978, pp.150--164, Springer-Verlag, 2000.

[20]F. Sano, M. Koike, S. Kawamura and M. Shiba, ``Performance Evaluation of AES Finalists on the High-End Smart Card," Presented in the 3rd AES conference, pp.82--93, NY, USA, April 2000.

[21] National Institute of Standards and Technology, ``FIPS-197:Advanced Encryption Standard," Federal Information Processing Standard, FIPS-197, 2001.

[22] http://csrc.nist.gov/encryption/aes/

[23] L. May, M. Henricksen, W. Millan, G. Carter and E. Dawson, ``Strengthening the Key Schedule of the AES," In Proceedings of the Australasian Conference on Information Security and Privacy - ACISP 2002, LNCS2384, pp.226--240, Springer-Verlag, 2002.

[24] L. Goubin and J. Patarin, ``DES and Differential Power Analysis--The Duplication Method," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems -- CHES'99, LNCS1717, pp.158--172, Springer-Verlag, 1999.

[25] S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, ``Towards Sound Approaches to Counteract Power-analysis Attacks," In Advances in Cryptology -- CRYPTO'99, LNCS1666, pp.398--412, Springer-Verlag, 1999.

[26] J.S. Coron and L. Goubin, ``On Boolean and Arithmetic Masking Against Differential Power Analysis," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems -- CHES,2000, LNCS1965, pp.231--237, Springer-Verlag, 2000.

[27] L. Goubin, ``A Sound Method for Switching Between Boolean and Arithmetic Masking," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems - CHES 2001, LNCS 2162, pp.3-15, Springer-Verlag, 2001.

[28] J.S. Coron and A. Tchulkine, ``A New Algorithm for Switching from Arithmetic to Boolean Masking," Cryptographic Hardware and Embedded Systems -- CHES2003, LNCS2779, pp.89-97, Springer-Verlag, 2003.

[29] K. Itoh, M. Takenaka and N. Torii, ``DPA Countermeasure Based on the "Masking Method"," In Proceedings of the International Conference on Information Security and Cryptology - ICISC 2001, LNCS 2288, pp. 440-456, Springer-Verlag, 2001.

[30] M.L. Akkar and C. Giraud, ``An Implementation of DES and AES, Secure Against Some Attacks," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems - CHES 2001, LNCS 2162, pp. 309-318, Springer-Verlag, 2001.

[31] E. Trichina, D. De Seta, and L. Germani, ``Simplified Adaptive Multiplicative Masking for AES and its Secure Implementation," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems - CHES 2002, LNCS2523, pp.187--197, Springer-Verlag, 2002.

[32] J. Dj. Golic and C. Tymen, ``Multiplicative Masking and Power Analysis of AES," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems - CHES 2002, LNCS2523, pp.198--212, Springer-Verlag, 2002.

[33] E. Barkan and E. Biham, ``In How Many Ways Can You Write Rijndael?," In Proceedings of ASIACRYPT 2002, LNCS2501, pp.160--175, Springer-Verlag, 2002.

[34] P. Kocher, ``Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,' In Advances in Cryptology -- CRYPTO'96, LNCS1109, pp.104--113, Springer-Verlag, 1996.

[35] J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, ``A Practical Implementation of the Timing Attack,' Technical Report CG-1998/1, UCL Crypto Group, Universite catholique de Louvain, 1998.

[36] J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, ``A Practical Implementation of the Timing Attack," In Proceedings of CARDIS'98 -- Third Smart Card Research and Advanced Application Conference, UCL, Louvain-la-Neuve, Belgium, Sep. 14-16, 1998.

[37] H. Handschuh, ``A timing attack on RC5," In Proceedings of the Workshop on Selected Areas in Cryptography - SAC'98, Springer-Verlag, 1998.

[38] G. Hachez, F. Koeune, and J.-J. Quisquater, ``Timing Attack: What Can Be Achieved By A Powerful Adversary?," Proceedings of the 20th Symposium on Information Theory, pp. 63--70, 1999.

[39] F. Koeune and J.-J. Quisquater, ``A Timing Attack Against Rijndael," Crypto Group Technical Report Series CG--1999/1, Universit'e Catholique de Louvain, 1999.

[40] A. Hevia and M. Kiwi, ``Strength of Two Data Encryption Standard Implementations under Timing Attack," ACM Transactions on Information and System Security (TISSEC), Vol.2, no.4, pp.416--437, 1999.

[41] W. Schindler, ``A Timing Attack Against RSA with the Chinese Remainder Theorem," Cryptographic Hardware and Embedded Systems -- CHES,2000, LNCS1965, pp.109--124, Springer-Verlag, 2000.

[42] C. D. Walter and S. Thompson, ``Distinguishing Exponent Digits by Observing Modular Subtractions," In Proceedings of the Cryptographers' Track at the RSA conference -- CT-RSA~2001, LNCS2020, pp.192--207, 2001.

[43] W. Schindler, F. Koeune, J.J. Quisquater, ``Unleashing the Full Power of Timing Attack,' UCL Crypto Group, Technical report CG-2001-3, 2001.

[44] T.S. Messerges, ``Using 2nd-order Power Analysis to Attack DPA Resistant Software," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems -- CHES,2000, LNCS1965, pp.238--251, Springer-Verlag, 2000.

[45] M.-L. Akkar and L. Goubin, ``A Generic Protection against High-Order Differential Power Analysis," In Proceedings of FSE 2003, LNCS2887, pp.192--205, Springer-Verlag, 2003.

[46] S. Young, ``Zilog Z80 CPU Specifications," 1997, available at URL <http://www.smspower.org/dev/docs/z80-docs2.zip>.

[47] B.S. Kaliski Jr. and M.J.B. Robshaw, ``Comments on Some New Attacks on Cryptographic Devices," RSA Laboratories Bulletin, no.~5, 1997.

[48] R. Anderson and M. Kuhn, ``Low Cost Attacks on Tamper Resistant Devices," In Proceedings of the 1997 Security Protocols Workshop, Lecture Notes in Computer Science 1361, pp. 125--136, Springer-Verlag, 1997.

[49] J.S. Coron, ``Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems -- CHES'99, LNCS1717, pp.292--302, Springer-Verlag, 1999.

[50] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, ``Power Analysis Attacks of Modular Exponentiation in Smartcards," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems -- CHES'99, LNCS1717, pp.144--157, Springer-Verlag, 1999.

[51] C. Clavier, J.S. Coron, and N. Dabbous, ``Differential power analysis
in the presence of hardware countermeasures," Cryptographic Hardware and Embedded Systems -- CHES2000, LNCS1965, pp.252--263, Springer-Verlag, 2000.

[52] C.D. Walter, ``Sliding windows succumbs to big mac attack," Cryptographic Hardware and Embedded Systems -- CHES,2001, LNCS2162, pp.286--299, Springer-Verlag, 2001.

[53] C. Clavier and M. Joye, ``Universal exponentiation algorithm: A first step towards provable SPA-resistance," Cryptographic Hardware and Embedded Systems -- CHES2001, LNCS2162, pp.300--308, Springer-Verlag, 2001.

[54] T.S. Messerges, E.A. Dabbish and R.H. Sloan, ``Examing Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Trans. on Computers, vol.51, no.~5, 2002.

[55] M.L. Akkar, R. Bevan, P. Dischamp and D. Moyart, ``Power Analysis, What is Now Possible," Advance in Cryptology - ASIACRYPT 2000, LNCS1976, pp.489--502, Springer-Verlag, 2000.

[56] S.M. Yen, ``Amplified Differential Power Cryptanalysis on Rijndael Implementations with Exponentially Fewer Power Traces," In Proceedings of the Australasian Conference on Information Security and Privacy - ACISP 2003, LNCS2727, pp.106--117, Springer-Verlag, 2003.

[57] A. Shamir, ``Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies," In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems -- CHES,2000, LNCS1965, pp.71--77, Springer-Verlag, 2000.

[58] C.N. Chen and S.M. Yen, ``Differential Fault Analysis on AES Key Schedule and Some Countermeasures," In Proceedings of the International Conference on Information Security and Cryptology - ICISC 2003, LNCS2727, pp.118--129, Springer-Verlag, 2003.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
1. 施常花(1988)。兒童讀物在教育性讀書治療的應用與實施。國教月刊,34(7,8),9-15。
2. 林佳慧(2002)。故事啊!故事!--淺談說故事的原則與延伸策略。幼教資訊,137,7-11。
3. 洪慧如(2002)。故事活動的催化劑-談幼稚園故事活動中的座位安排。幼教資訊,139,14-16。
4. 周崇儒 (2000)。談建構主義的教學。研習資訊,17(3),43-49。
5. 李連珠(1991)。將圖畫書帶進教室-課室內的圖畫書。國教之友,43(2),29-36。
6. 王恭志(2000)。教師教學信念與教學實務之探析。教育研究資訊,8(2),84-98。
7. 范長華(1992)。國小課外讀物指導的探討。國教輔導,31(5),12-16。
8. 殷允芃(2002)。閱讀及未來﹘要怎收穫,先那麼栽。天下雜誌,263,222-226。
9. 高強華(1993)。論信念的意義、 結構與特性。現代教育,7(30),74-89。
10. 張湘君(1993)。讀者反應理論及其對兒童文學教育的啟示。載於東師語文學刊,6,285-307。
11. 梁麗雲(1990)。從圖畫書中的教育價值﹘談幼兒圖畫書的選擇。國民教育,31( 1,2),11-14。
12. 郭麗玲(1991)。在畫中說故事的「圖畫書」。社教雙月刊 ,46,20-33。
13. 曾志朗(2000)。閱讀是多元智慧成功的基本條件。教師天地,106,4-5。
14. 曾志華(1997)。以建構論為基礎的科學教育理念。教育資料與研究,14,74-80。
15. 楊龍立(1997)。建構主義教學的檢討。教育資料與研究,18,1-6。