| 英文摘要 | Side-channel attacks have become an increasingly important branch of ongo-
ing cryptanalysis theoretical researches and cryptographic engineering practices.
Unlike its traditional black-box based counterpart, side-channel cryptanalysis not
only investigates mathematical properties of underlying cryptographic scheme,
but also concerns a broad spectrum of unintended observable leakages during its
execution, such as running time, power consumptions, electromagnetic emana-
tions and so on. Power analysis attacks, one of the most widely believed types
of powerful side-channel attacks, pose serious threats to the physical security
of multiple kinds of smart secure devices (say smart card for instance) running
cryptographic schemes, and therefore have attracted wide attentions from both
academia and industrial sectors since its first introduction by P. Kocher in 1999.
Motivated by this, this dissertation investigated the mechanisms of power
analysis attacks and their countermeasures, aiming to establish practical effective
characterization and analysis approaches, to propose effective countermeasures,
and to capture the effectiveness of these in a reasonable and objective way. We
argue that these works are not only of theoretical significance, but also of prac-
tical interest for the design, analysis, construction and testing of cryptographic
modules. Specifically, main contents and contributions of this dissertation are
five-fold as follows.
Characterization of Power Leakage
Accurate characterization of the power leakages of crypto devices is an essen-
tial prerequisite for developing more effective power analysis attacks. Even most
of the currently existing online characterization approaches are capable of catch-
ing the characteristics of power consumption leakages, they bear one restriction
that a full access to target devices is explicitly assumed, which severely limits
their practicality. We proposed a compact yet efficient approach to more accu-
rately characterizing side-channel leakages. It is called Bitwisely Weighted Char-
acterization (BWC for short) approach. One remarkable property of BBC is thativ it is completely independent of the underlying cryptographic scheme, and only
concerns the inherent power consumption characteristics of the crypto devices,
which immediately implies more genericity than those algorithm-dependent.
Construction and Analysis of Distinguisher
Basically, power analysis attacks work because they exploit the dependency
between power leakages and intermediate values related to the secret key being
used. Consequently, how to effectively exploit this dependency is considerably
pertinent to developing more powerful attacks. Therefore, construction and anal-
ysis of side-channel distinguishers has been, and is one of core issues for power
analysis attacks, with effectiveness and genericity being its two main goals. As a
concrete application of BBC approach, we constructed two new BWC-based side-
channel distinguishers, namely BWC-DPA and BWC-CPA. The effectiveness of
these two distinguishers is better than that of their original counterparts. On
the other hand, we developed a new generic side-channel distinguisher based on
partial Kolmogorov-Smirnov test, namely PKS distinguisher. PKS distinguisher
overcomes some serious limitations inherent in existing MIA-type distinguishers.
Specifically, PKS distinguisher has obvious advantages over existing MIA-like dis-
tinguishers in terms of both success rate and guessing entropy, and shows better
applicability as well.
Design and Analysis of Algorithmic Countermeasure
Light weight block ciphers are especially suitable for resource-restricted com-
puting devices (eg. RFID tags and wireless sensors), and turns to be one of the
most active research topics. In order to enhance the resistance level of light weight
block cipher implementations against power analysis attacks, we proposed an al-
gorithmic countermeasure called Bitwisely Balanced enCoding (BBC for short).
Taking LBlock and PRESENT as two cases of study, we performed simulation
experiments and the results show that BBC countermeasure can obtain high
security enhancement with reasonable cost.
Evaluation of Distinguisher’s Effectiveness
How to properly investigate the real threats of power analysis attacks and
how to objectively evaluate the actual resistance of countermeasures against at-ABSTRACT v
tacks remains to be one challenging task, one of which is the construction of
usable quantitative metrics. We proposed a sound approach to evaluating the ef-
fectiveness of DPA attacks from the perspective of distinguishers’ statistical char-
acteristics. Specifically, we formally defined the notion of Gaussian Distinguisher
in one typical DPA attack setting and then proved that two most frequently used
DPA distinguishers were Gaussian. After that, Distinctive Level, a useful quanti-
tative metric, was introduced to evaluate the effectiveness of DPA attacks. This
metric virtually equips the designer with the capability of judging to what extent
attacks will succeed. We performed experiments using both simulated and real
power traces afterwards, the results of which evidently demonstrated the validity
and the effectiveness of the methods we had proposed. In addition, we examined
the relationship between distinctive level and success rate by theoretical reason-
ing as well as experimental evaluation, and the results validate the soundness of
distinctive level.
Design and Development of Basic Supporting Tools for Cryptanal-
ysis and Testing
The availability of some basic supporting tools for cryptanalysis and testing
is appallingly helpful for those practioners who carry out real analysis and testing
of cryptographic algorithms and modules. This also serves a crucial step towards
practicalization of available or self-developed approaches and techniques. This
motivates the design and development of some basic supporting tools for these
tasks. On the one hand, we designed and developed one DSP-based high-speed
random testing device, namely LOIS-RTC card, tailoring for the task of perform-
ing randomness testing of cryptographic schemes. The functions of this device
are fully compatible with those specified in national random testing standard,
and it is vital for performing traditional cryptanalysis and testing. On the other
hand, we proposed an instruction-level power consumption software simulation
approach, aiming to analyze and assess the resistance of cryptographic imple-
mentations in the presence of power analysis attacks. Additionally, we designed
and developed one prototype system of power consumption simulations for cryp-
tographic implementations, called IMScale. This prototype is instrumental for
performing side-channel cryptanalysis. Keywords: Cryptography, Side-Cannel Cryptanalysis, Power Analysis Attack,
Distinguisher, Countermeasure, Quantitative Metrics, Instruction-Level Power
Simulation, Randomness Testing |
修改评论