在我們當今的日常生活中，人類對於網路和3C產品的使用越來越頻繁，而秘密資訊便可利用這些產品來做傳遞。為了確保這些資訊安全，加密系統必須廣泛的使用在這些產品上。不過，加密系統雖然提供了這些產品的安全性，但沒有人可以保證這些加密系統是絕對的讓人放心。
差分能量分析攻擊法是一種可以從這些密碼系統中揭露出秘密資訊的威脅，而差分能量分析攻擊法的執行效率是根據於能量模型的選擇與建立。只要選擇與建立良好適合的能量模型，攻擊過程將可以省去很多的時間成本。本篇論文將以AES 90奈米製程的實體晶片為例，實行兩種不同能量模型的攻擊法。漢明差值模型便是其中一種，它的模型是依據於S-box的輸入端與輸出端的關係。利用漢明差值的差分能量分析攻擊法可以對於使用查表方式實現S-box的AES晶片成功攻擊。但根據實驗結果，如果AES晶片的S-box是用composite-field的方式實現的話，針對S-box輸出輸入端作攻擊的這種漢明差值便無法使我們成功攻擊這顆晶片。因此，我們必須找出替代的能量模型，針對S-box來攻擊，並且完成破解晶片的研究。而我們想使用這能量模型，觸動計數模型，來取代漢明差值模型。它統計了當S-box正在運行時所產生logic gate的所有轉換。

In our daily life, the applications of internet and 3C products are used more frequently. The secret information is transported through these applications. In order to ensure the information security, some cryptographic systems have been adopted widely. Cryptographic system indeed can provide the security. However, no one can ensure that cryptographic system can absolutely protect the information security.
Differential power analysis (DPA) attack is one of the threats [11] that could reveal the secret in the cryptographic system. The main efficiency of DPA attack is depended on the power model of attack method. Getting suitable power model, it could cost less time to finish the attack. This thesis describes differential power analysis attack with two kinds of power models on an Advanced Encryption Standard (AES) chip fabricated in 90nm CMOS. One kind of power model is Hamming-Distance model that calculates the relationship between input and output of S-box. The differential power analysis attack with the Hamming-distance model can attack the AES chip based on look-up-table S-box successfully. But according to the experiment results, it cannot attack the AES chip based on composite-field S-box successfully. So, other power model should substitute for the Hamming-distance model to complete the DPA attack. The substitute power model is toggle-count model that get the statistics of the switching activities from the logic gates during the S-Box process.

摘 要 i
Abstract iii
誌 謝 v
Content vii
List of Figures ix
1 Introduction 1
1.1 Motivation 1
1.2 Thesis Organization 2
2 Differential Power Analysis Attack (DPA) 3
2.1 General Introduction 3
2.2 The Strategy of the DPA Attack 4
2.3 Statistical Analysis 11
3 Introduction of Advanced Encryption Standard (AES) 14
3.1 General Introduction 14
3.2 AES Algorithm Steps 17
3.2.1 SubBytes Transformation 17
3.2.2 ShiftRows Transformation 19
3.2.3 MixColumns Tranformation 20
3.2.4 AddRoundKeys Transformation 21
3.2.5 KeyExpansion 22
4 Practical Implementation for DPA Attack on AES 26
4.1 Measurement Environment 26
4.2 Practical Implementation 30
4.3 Power Model 34
4.3.1 Hamming-distance Power Model 35
4.3.2 Toggle-count Power Model 36
4.4 Result 40
4.5 Inference and Comparison 42
5 Conclusion and Future Work 43
5.1 Conclusion 43
5.2 Future Work 44
Reference 45

[1] P. Kocher, J. Jaffe, B. Jun. “Differential Power Analysis”, Advances in Cryptographt-CRYPTO’99, LNCS 1666, pp.388-397, Springer-Verlag, 1999.
[2] NIST. AES: Advanced encryption standard. http://csrc.nist.gov/CryptoToolkit/aes/.
[3] M. Aigner, E. Oswald. “Power Analysis Tutorial”, Technical Report, TU Graz.
[4] S. Mangard, E. Oswald, T. Popp. “Power Analysis Attacks: Revealing the Secrets of Smart Cards”, Springer, Heidelberg (2007).
[5] S. Mangard, T. Popp, B. M. Gammel. “Side-Channel Leakage of Masked CMOS Gates”, in Alfred Menezes, editor, Topics in Cryptology – CTRSA 2005, The Cryptographers’ Track at the RSA Conference 2005, San Francisco, CA, USA, February 2005, Proceedings, LNCS 3379, pages 351–365. Springer, 2005.
[6] S. Mangard, N. Pramstaller, E. Oswald. “Successfully Attacking Masked AES Hardware Implementation”, CHES 2005, LNCS 3659, pp. 157-171, Springer-Verlag, 2005.
[7] D.D. Hwang et al. “AES-Based Security Coprocessor IC in 0.18-µm CMOS with Resistance to Differential Power Analysis Side-Channel Attacks”, IEEE J. Solid-State Circuits, vol. 41, no. 4, Apr. 2006.
[8] K. Tiri, I. Verbauwhede. “Securing Encryption Algorithms against DPA at the Logic Level: Next Generation Smart Card Technology”, CHES 2003 pp. 125–136.
[9] K. Tiri and I. Verbauwhede. “Secure Logic Synthesis”. In International Conference on Field Programmable Logic and Applications (FPL), LNCS, 3203, pages 1052–1056, Aug. 2004. Antwerpen, Belgium.
[10] T. H. Le, J. Clédière, C. Canovas, C. Servière, J. L. Lacoume and B. Robisson. "A proposition for Correlation Power Analysis enhancement", In Proceedings of CHES 2006, LNCS 4249, Springer-Verlag, Yokohama, Japan 2006
[11] Le, T.H., Canovas, C., Clédière, J. “An overview of side channel analysis attacks”. In ASIACCS’08: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 33–43. ACM, New York (2008).
[12] R. Bevan, E. Knudsen. “Ways to Enhance DPA”, In proceedings of ICISC 2002, LNCS 2587, pp.327-342, Springer-Verlag, 2003.
[13] J.S. Coron, P. Kocher, D. Naccache. “Statistics and Secret Leakage”, In proceedings of Financial Cryptography, LNCS 1972, pp. 157-173, Springer-Verlag, 2000.
[14] T. Messerges, E. Dabbish, and R. Sloan. “Examining Smart-Card Security under the Threat of Power Analysis Attacks”, IEEE Transactions on Computers, 51(5): 541–552, May 2002.
[15] E. Brier, C. Clavier, and F. Olivier. “Correlation power analysis with a leakage model”. In Cryptographic Hardware and Embedded Systems − CHES 2004, LNCS 3156, pp. 16–29. Springer-Verlag, 2004.
[16] P.C. Liu, H.C. Chang, and C.Y. Lee. “A Low Overhead DPA Countermeasure Circuit Based on Ring Oscillators”. IEEE Transactions on Circuits and Systems Part II: Express Briefs, vol. 57, no. 7, July 2010.
[17] R.L. Schwartz, and T. Phoenix. “Learning Perl”, O’REILLY. (2003).
[18] T. Messerges. “Using Second-Order Power Analysis to Attack DPA Resistant Software”. CHES 2000, LNCS 1965, pp.238-351, Springer-Verlag, 2000.
[19] J. Daemen and V. Rijmen, AES Proposal: Rijndael, AES Algorithm Submission, September 3, 1999.
[20] J. Daemen and V. Rijmen. “The block cipher Rijndael”, Smart Card Research and Applications, LNCS 1820, Springer-Verlag, pp. 288-296.
[21] A. Menezes, P. van Oorschot, and S. Vanstone. “Handbook of Applied Cryptography”, CRC Press, New York, 1997, p. 81-83.
[22] E. Brier, C. Clavier, and F. Oliver. “Correlation Power Analysis with a Leakage Model”, In proceeding of CHES 2004, LNCS 3156, pp. 16-29, Springer-Verlag, 2004.
[23] A.V. Oppenheim, P.W Schafer, and J.R. Buck. “Discrete-time Signal Processing”, Signal Processing Series. Prentice Hall, 2nd edition, 1999.
[24] M. Bucci, L. Giancane, R. Luzzi, G. Scotti, and A. Trifiletti. “Enhancing Power Analysis Attacks Against Cryptographic device”. In International Symposium on Circuits and Systems (ISCAS2006), Island of Kos, Greece, May 21-24, 2006, Proceedings, pp. 2905-2908. IEEE, May 2006.
[25] J.S. Coron, P. Kocher, and D. Naccache. “Statistics and Secret Leakage”. In proceedings of Financial Cryptography, LNCS 1972, pp 157-173, Springer-Verlag, 2000.
[26] D. Agrawal, J.R. Rao, and P. Rohatgi. “Multi-Channel Attacks”. In: C.D. Walter, C.K. Koc, C. Paar (eds.): Cryptographic Hardware and Embedded Systems — CHES 2003, Springer, LNCS 2779, Berlin 2003, 2–16.
[27] P. Kocher, J. Jaffe, and B. Jun. “Introduction to Differential Power Analysis and Related Attacks”, in http://www.cryptography.com/dpa/technical, 1998.
[28] S. Chari, J.R. Rao, and P. Rohatgi. “Template Attacks”, Proc CHES 2002.
[29] P. Kocher. “Timing Attack's on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”, Advances in Cryptology, proceedings of CRYPTO'96, LNCS 1109, pp. 104-113, 1996.
[30] D. Boneh‚ R.A. DeMillo‚ and R.J. Lipton. “On the Importance of Checking Cryptographic Protocols for Faults”. Advances in Cryptology – EUROCRYPT ’97‚ LNCS 1233‚ pages 37–51. Springer-Verlag‚ 1997.
[31] E. Prouff. “DPA Attacks and S-Boxes”, FSE 2005, LNCS 3557, pp. 424-441.
[32] L. Goubin and J. Patarin. “DES and Differential Power Analysis—The Duplication Method,” Proc. Workshop Cryptographic Hardware and Embedded Systems, pp. 158-172, Aug. 1999.