公钥密码的抗边信道攻击研究与实现

发布时间：2018-03-29 23:30

本文选题：RSA　切入点：ECC　出处：《上海交通大学》2014年博士论文

【摘要】：随着信息技术的发展，信息安全也越来越受到社会的广泛关注与重视，使得可以实现多种密码技术的公钥密码学也得到广泛应用。为了更加安全和高效，通常在嵌入式设备中硬件实现公钥密码算法。然而这又很容易引起边信道攻击。边信道攻击指的是攻击者通过分析安全芯片进行密码运算时泄露出来的边信道信息而获取密钥。一般来说，边信道信息主要包括密码运算的运行时间、功耗、电磁辐射、错误结果等。与之对应的攻击分别是时间分析攻击、功耗分析攻击、电磁辐射分析攻击、故障注入分析攻击。其中功耗分析又分为简单功耗分析和差分功耗分析。电磁辐射分析与功耗分析在分析方法上是一样的，只是采集的信号不同而已。本文主要研究了边信道攻击（包括功耗分析攻击、电磁辐射分析攻击、故障注入分析攻击）的理论基础。并介绍了针对于公钥密码算法RSA和ECC的边信道攻击及其防御措施。在这些攻击与防御措施的基础上结合RSA和ECC算法的特性研究了一些安全性高且性能快的方法抵抗边信道攻击。为了进一步提高性能，研究RSA和ECC算法的硬件实现，，尤其是基本单元模乘器的硬件实现，以软硬件结合的方式实现抗边信道攻击方法。最后搭建边信道攻击平台来验证具体的防御措施。在研究过程中，我们取得的成果如下： 1、研究了基于随机化加法链的MIST模幂算法，针对该算法容易受到简单功耗分析攻击的问题，提出一种既安全又高效的抗简单功耗分析攻击的MIST模幂算法，该算法通过添加一些无效的操作使其可以抵抗简单功耗分析攻击，修改除数的选择以提高效率。利用同样的思想应用于标量乘算法中，则这样的标量乘算法也可以抵抗简单功耗分析攻击。 2、分析了针对于模数n的故障注入分析攻击，根据该攻击的特点提出一种抵抗故障注入分析攻击的MIST模幂算法,该算法是在原有MIST算法的基础上增加了模数n的完整性验证以及计算两次最后一步运算并比较两次的运算结果，如果正确则返回，反之返回0。 3、研究了各种ECC的功耗分析攻击的防御方法，发现大多数方法都是以牺牲性能为代价。本文在非邻接表示编码基础上，结合窗口技术(选用两位长的窗口)，提出了一种高效的抵抗简单功耗分析的多标量乘算法，并利用随机分割标量的方法，将一个标量乘算法变成多标量乘算法，使得提出的标量乘算法既可以抵抗简单功耗分析也可以抵抗差分功耗分析，同时又不牺牲性能。 4、研究了抗边信道攻击技术实现相关问题，基于优化的蒙哥马利算法，利用两个32位乘法器设计了一种高效的模乘架构，进而硬件实现RSA和ECC算法，并以软硬件结合的方式实现抗边信道攻击方法，最后搭建攻击平台验证了所提出的抗攻击方法非常有效。
[Abstract]:With the development of information technology, more and more attention has been paid to information security, which makes public key cryptography, which can realize many kinds of cryptography, widely used. Public key cryptography algorithm is usually implemented in embedded devices. However, it is easy to cause side channel attack. Edge channel attack refers to the side channel information that is leaked by an attacker by analyzing the security chip to perform cryptographic operation. To obtain the key. Generally speaking, The side channel information mainly includes the operation time, power consumption, electromagnetic radiation, error result, etc. The corresponding attacks are time analysis attack, power analysis attack, electromagnetic radiation analysis attack, etc. Power analysis is divided into simple power analysis and differential power analysis. Electromagnetic radiation analysis and power analysis are the same in the analysis method, but the collected signals are different. In this paper, edge channel attacks (including power analysis attacks, electromagnetic radiation analysis attacks) are studied. The theory foundation of fault injection analysis attack is introduced, and the side channel attack and its defense measures against public key cryptographic algorithms RSA and ECC are introduced. On the basis of these attacks and defense measures, the characteristics of RSA and ECC algorithms are studied. Some high security and fast performance methods are proposed to resist edge channel attacks. The hardware implementation of RSA and ECC algorithm, especially the hardware implementation of basic modular multiplier, is studied. The method of anti-side channel attack is implemented by combining software and hardware. Finally, a side channel attack platform is built to verify the specific defense measures. In the process of research, we have achieved the following results:. 1. The MIST modular power algorithm based on random addition chain is studied. Aiming at the problem that the algorithm is vulnerable to simple power analysis attack, a safe and efficient MIST modular power algorithm against simple power analysis attack is proposed. By adding some invalid operations, the algorithm can resist simple power analysis attacks and modify the selection of divisor to improve its efficiency. The algorithm is applied to scalar multiplication algorithm with the same idea. This scalar multiplication algorithm can also resist simple power analysis attacks. 2. The fault injection analysis attack aimed at modulus n is analyzed. According to the characteristics of the attack, a MIST modular power algorithm is proposed to resist the fault injection analysis attack. Based on the original MIST algorithm, the algorithm adds the integrity verification of modulus n, calculates two last step operations and compares the results of two operations. If correct, the algorithm returns 0. 3. The defense methods of various ECC power analysis attacks are studied, and it is found that most of them are at the expense of performance. Combined with window technique (selecting two bits long window), this paper presents an efficient multi-scalar multiplication algorithm to resist simple power analysis, and transforms a scalar multiplication algorithm into a multi-scalar multiplication algorithm by using the method of random partitioning scalar. The proposed scalar multiplication algorithm can resist both simple power analysis and differential power analysis without sacrificing performance. 4. Based on the optimized Montgomery algorithm, an efficient modular multiplication architecture is designed by using two 32-bit multipliers, and then the RSA and ECC algorithms are implemented by hardware. The anti-side channel attack method is implemented by combining software and hardware. Finally, the attack platform is built to verify that the proposed anti-attack method is very effective.
【学位授予单位】：上海交通大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TN918.4

【参考文献】