基于线性判别分析的模幂掩码模板攻击方法
Linear Discriminant Analysis-Based Template Attack for Masked Implementation of Modular Exponentiation
- 电子学报 2023年51卷第11期 页码:3024-3032
- 作者机构:
1.中国科学院软件研究所可信计算与信息保障实验室,北京 100190
2.中国科学院大学,北京 100049
3.北京中电华大电子设计有限责任公司,北京 102209
- 作者简介:
[ "韩绪仓 男,1987年10月出生于陕西省西安市,现为中国科学院软件研究所博士研究生,研究方向为密码算法侧信道分析与防护. E-mail: xucang2020@isccas.ac.cn" ]
[ "陈波涛 男,1976年12月出生于四川省汉源县,高级工程师,现为北京中电华大电子设计有限责任公司副总经理,主要研究方向为集成电路设计、芯片硬件安全攻防.中国电子学会会员编号:E190029014M. E-mail: chenbt@hed.com.cn" ]
[ "曹伟琼 (通讯作者) 女,1986 年 1 月出生于桂林市 . 现为中国科学院软件研究所助理研究员 . 主要研究方向为公钥算法的侧信道分析与防护. E-mail: caoweiqiong@iscas.ac.cn" ]
[ "陈华 女,1976年10月生于山东省日照市,现为中国科学院软件研究所正高级工程师,博士生导师,研究方向为侧信道分析与防护、密码检测.E-mail: chenhua@iscas.ac.cn" ]
[ "李昊远 男,1995年11月出生于山东省,现为中国科学院软件研究所博士研究生,主要研究方向为密码算法的侧信道分析与防护.E-mail: haoyuan2019@isccas.ac.cn" ]
- 基金信息:国家自然科学基金(62172395)
DOI:10.12263/DZXB.20230419
中图分类号: TN918;TP309收稿:2023-05-10,
修回:2023-08-30,
纸质出版:2023-11-25
- 稿件说明:
移动端阅览
韩绪仓,陈波涛,曹伟琼等.基于线性判别分析的模幂掩码模板攻击方法[J].电子学报,2023,51(11):3024-3032.
HAN Xu-cang,CHEN Bo-tao,CAO Wei-qiong,et al.Linear Discriminant Analysis-Based Template Attack for Masked Implementation of Modular Exponentiation[J].ACTA ELECTRONICA SINICA,2023,51(11):3024-3032.
韩绪仓,陈波涛,曹伟琼等.基于线性判别分析的模幂掩码模板攻击方法[J].电子学报,2023,51(11):3024-3032. DOI: 10.12263/DZXB.20230419.
HAN Xu-cang,CHEN Bo-tao,CAO Wei-qiong,et al.Linear Discriminant Analysis-Based Template Attack for Masked Implementation of Modular Exponentiation[J].ACTA ELECTRONICA SINICA,2023,51(11):3024-3032. DOI: 10.12263/DZXB.20230419.
摘要
掩码在模幂安全实现中被广泛采用,其抵抗侧信道分析的能力已被充分证明.本文发现模乘运算中读操作数的功耗将泄露操作数的地址,进而提出了一种基于线性判别分析的模板攻击方法,可对模幂掩码实现进行攻击.相比以往基于操作数的泄露,读操作数的功耗泄露将不受掩码的影响,对常见的带掩码防护的模幂实现仍有效.本文提出的方法首先将测试向量泄露检测技术应用于泄露特征提取,降低了无关点对攻击的影响;然后将线性判别分析扩展用于对曲线的分类和降维,提升了曲线的类可分离性.最后,本文以硬件模幂掩码实现为实验对象,通过实验验证了基于读取操作数的泄露分布在整个模乘运算中,且对不同类型模乘分类的准确率可达到99.98%.
Abstract
Masking is widely used in secure implementations of modular exponentiation
and its ability of side-channel resilient has been well-demonstrated. During the modular multiplication in modular exponentiation
we discovered that there are several fetch operations
and variations in the power consumption
which revealed the address of the operands
and then proposed a template attack based on linear discriminant analysis aiming at this vulnerability. In contrast to operand-based leakage
fetch-based leakage is not affected by mask and thus can be effective in attacking masking-based modular exponentiation. In our analysis
we extended testing vector leakage detection to the extraction of leaked features
which reduced the influence of irrelevant points. Second
linear discriminant analysis was utilized to trace classification and reduced the dimensionality of traces
which improved the ability of trace separability. Finally
an attack was conducted on a hardware implementation of masking-based modular exponentiation. Results showed that fetch-based leakage was distributed in the entire modular multiplication operation
and the correct ratio of modulo multiplication identification is up to 99.98%.
关键词
Keywords
references
MESSERGES T S , DABBISH E A , SLOAN R H . Power analysis attacks of modular exponentiation in smartcards [C ] // Cryptographic Hardware and Embedded Systems . Berlin : Springer , 1999 : 144 - 157 .
SCHINDLER W , ITOH K . Exponent blinding does not always lift (partial) spa resistance to higher-level security [C ] // Applied Cryptography and Network Security . Berlin : Springer , 2011 : 73 - 90 .
HOMMA N , MIYAMOTO A , AOKI T , et al . Collision-based power analysis of modular exponentiation using chosen-message pairs [C ] // Cryptographic Hardware and Embedded Systems—CHES 2008 . Berlin : Springer , 2008 : 15 - 29 .
AMIEL F , FEIX B , TUNSTALL M , et al . Distinguishing multiplications from squaring operations [C ] // Selected Areas in Cryptography . Berlin : Springer , 2009 : 346 - 360 .
WITTEMAN M F , VAN WOUDENBERG J G J , MENARINI F . Defeating RSA multiply-always and message blinding countermeasures [C ] // Topics in Cryptology—CT-RSA 2011 . Berlin : Springer , 2011 : 77 - 88 .
CLAVIER C , FEIX B , GAGNEROT G , et al . ROSETTA for single trace analysis [C ] // Progress in Cryptology-INDOCRYPT 2012: 13th International Conference on Cryptology in India . Berlin : Springer , 2012 : 140 - 155 .
CLAVIER C , FEIX B , GAGNEROT G , et al . Horizontal correlation analysis on exponentiation [C ] // Information and Communications Security . Berlin : Springer , 2010 : 46 - 61 .
COURRÈGE JC , FEIX B , ROUSSELLET M . Simple power analysis on exponentiation revisited [C ] // Smart Card Research and Advanced Application : 9th IFIP WG 8 .8/11.2 International Conference, CARDIS 2010 . Berlin : Springer , 2010: 65 - 79 .
BAUER A , JAULMES E , PROUFF E , et al . Horizontal and vertical side-channel attacks against secure RSA implementations [C ] // Topics in Cryptology—CT-RSA 2013 . Berlin : Springer , 2013 : 1 - 17 .
HANLEY N , KIM H , TUNSTALL M . Exploiting collisions in addition chain-based exponentiation algorithms using a single trace [C ] // Lecture Notes in Computer Science . Cham : Springer International Publishing , 2015 : 431 - 448 .
BATINA L , CHMIELEWSKI Ł , PAPACHRISTODOULOU L , et al . Online template attacks [J ] . Journal of Cryptographic Engineering , 2019 , 9 ( 1 ): 21 - 36 .
DUGARDIN M , PAPACHRISTODOULOU L , NAJM Z , et al . Dismantling real-world ECC with horizontal and vertical template attacks [C ] // Constructive Side-Channel Analysis and Secure Design: 7th International Workshop , COSADE 2016 . Cham : Springer International Publishing , 2016: 88 - 108 .
HHEYSZL J , IBING A , MANGARD S , et al . Clustering algorithms for non-profiled single-execution attacks on exponentiations [M ] // Smart Card Research and Advanced Applications . Cham : Springer International Publishing , 2014 : 79 - 93 .
PERIN G , CHMIELEWSKI Ł . A semi-parametric approach for side-channel attacks on protected RSA implementations [M ] // Smart Card Research and Advanced Applications . Cham : Springer International Publishing , 2016 : 34 - 53 .
MAGHREBI H , PORTIGLIATTI T , PROUFF E . Breaking cryptographic implementations using deep learning techniques [M ] // Security, Privacy, and Applied Cryptography Engineering . Cham : Springer International Publishing , 2016 : 3 - 26 .
CARBONE M , CONIN V , CORNÉLIE M A , et al . Deep learning to evaluate secure RSA implementations [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2019 , 2019( 2 ): 132 - 161 .
ZAID G , BOSSUET L , HABRARD A , et al . Efficiency through diversity in ensemble models applied to side-channel attacks [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2021 , 2021( 3 ): 60 - 96 .
PERIN G , CHMIELEWSKI Ł , BATINA L , et al . Keep it unsupervised: Horizontal attacks meet deep learning [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2020 , 2021 ( 1 ): 343 - 372 .
SAITO K , ITO A , UENO R , et al . One truth prevails: A deep-learning based single-trace power analysis on RSA—CRT with windowed exponentiation [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2022 , 2022( 4 ): 490 - 526 .
周志华 . 机器学习 [M ] . 北京 : 清华大学出版社 , 2016 : 60 - 63 .
ZHOU Z H . Machine Learning [M ] . Beijing : Tsinghua University Press , 2016 : 60 - 63 . (in Chinese)
GOODWILL G , JUN B , JAFFE J , et al . A testing methodology for side-channel resistance validation [C ] // NIST Non-Invasive Attack Testing Workshop (NIAT2011) . Gaithersburg : NIST , 2011 : 115 - 136 .
KAYA KOC C , ACAR T , KALISKI B S . Analyzing and comparing Montgomery multiplication algorithms [J ] . IEEE Micro , 1996 , 16 ( 3 ): 26 - 33 .
0
浏览量
12
下载量
0
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies