谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

Yanjiao Chen,Rui Guan,Xueluan Gong,Jianshuo Dong,Meng Xue

DOI: https://doi.org/10.1109/sp46215.2023.10179406

2023-01-01

Abstract:Recent studies show that machine learning models are vulnerable to model extraction attacks, where the adversary builds a substitute model that achieves almost the same performance of a black-box victim model simply via querying the victim model. To defend against such attacks, a series of methods have been proposed to disrupt the query results before returning them to potential attackers, greatly degrading the performance of existing model extraction attacks. In this paper, we make the first attempt to develop a defensepenetrating model extraction attack framework, named D- DAE, which aims to break disruption-based defenses. The linchpins of D- DAE are the design of two modules, i.e., disruption detection and disruption recovery, which can be integrated with generic model extraction attacks. More specifically, after obtaining query results from the victim model, the disruption detection module infers the defense mechanism adopted by the defender. We design a meta-learning-based disruption detection algorithm for learning the fundamental differences between the distributions of disrupted and undisrupted query results. The algorithm features a good generalization property even if we have no access to the original training dataset of the victim model. Given the detected defense mechanism, the disruption recovery module tries to restore a clean query result from the disrupted query result with well-designed generative models. Our extensive evaluations on MNIST, FashionMNIST, CIFAR-10, GTSRB, and ImageNette datasets demonstrate that D- DAE can enhance the substitute model accuracy of the existing model extraction attacks by as much as 82.24% in the face of 4 state-of-the-art defenses and combinations of multiple defenses. We also verify the effectiveness of D-DAE in penetrating unknown defenses in real-world APIs hosted by Microsoft Azure and Face++.

丁国良,李志祥,尹文龙,赵强

DOI: https://doi.org/10.3724/sp.j.1087.2009.02200

2009-01-01

Abstract:To study the vulnerability of Advanced Encryption Standard (AES) against electromagnetic side channel attacks, the article analyzed the electromagnetic information leakage model of microcomputer and the choice of D function. Then, concerning the AES-128 bits cryptographic system realized by the 89C51 microchip, Differential Electromagnetic Analysis (DEMA) algorithm, which was used into an attack experiment and succeeded in obtaining 128 bits secret key of AES-128, was described. After analyzing the experimental results, the leakage of secret information produced by ByteSub transformation was detected. This method can be regarded as a new protective measure in cryptographic systems.

Xiaoxin Cui,Rui Li,Wei Wei,Juan Gu,Xiaole Cui

DOI: https://doi.org/10.1109/ASICON.2013.6812024

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two countermeasures against DPA attack. But masking or RDI alone does not prevent DPA attack, they only enhance the difficulty of the attack. This paper proposes a novel countermeasure which associating masking with RDI. Furthermore, multi-masking instead of transformed masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented and verified on Data Encryption Standard (DES) algorithm. The results show that the combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA with only 28% performance penalty.

Hongying Liu,Yukiyasu Tsuoo,Yibo Fan,Bin Hu,Satoshi Goto

DOI: https://doi.org/10.2299/jsp.16.241

2012-01-01

Journal of Signal Processing

Abstract:Electromagnetic emissions leak confidential data of cryptographic devices. By exploiting such emissions, electromagnetic analysis (EMA) is performed with EM probes to extract secret information from these devices. Owing to the locality of EM emissions, namely, secret information may leak from multiple locations around cryptographic devices, it is difficult to determine the exact location before conducting an EMA. In this paper, signal variance of EM emissions during encryption is proposed to identify the information leakage of unprotected and protected cryptographic modules. We prove that signal variance is an equivalent metric to Difference of Means (DoM). Thus, by computing the higher signal variances based on near-field scan, the data-dependent EM emissions are disclosed, namely, the leakage locations are found. In addition, a small and low-cost probe is made to verify the proposed EMA on application-specific integrated circuit (ASIC) implementations. The experiment on AES PPRM1 implementation indicates that misjudgments of leakage are reduced, and the accuracy is improved 48.6% compared with existing methods. Moreover, the experiment of EMA against AES WDDL implementation shows that signal variance is also effective in exposing the leakage locations in the presence of countermeasures. The performance of EMA is enhanced.

Wenhai Zhou,Fan-tong Kong

DOI: https://doi.org/10.1109/ICCT46805.2019.8947185

2019-10-01

Abstract:Correlative electromagnetic side channel attack (CEMA) is a common and effective method in side channel attacks. However, a large amount of data acquisition and processing restricts the time of key cracking. This paper proposes a fast side channel attack method, which encrypts the selected plaintexts and filters the collected electromagnetic data on frequency domain, and then performs CEMA analysis. Finally, only 150 pieces of electromagnetic data are used to successfully crack all the keys of the advanced encryption standard (AES) cryptographic algorithm, and the cracking time is reduced to 1/50 of the traditional method.

Engineering,Computer Science

LI Jing,LI Lin-sen

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.07.045

2013-01-01

Abstract:Based on the principle of Side-channel Analysis(SCA) and power leakage of IC chip,this paper analyzes the relationship of encryption process and power leakage of IC chip.According to the problem of power leakage in chip Data Encryption Stardard(DES) encryption,it brings out power diff-function Differential Power Analysis(DPA) and correlation analysis method,which are based on S-box output.It uses Inspector platform to do DPA examinations,and is succeed in cracking the key of some chip's DES encryption.Examinations results not only prove the correctness of test method,but also find the power leakage security vulnerability of traditional DES algorithm used in IC chip.

yijie ge,zheng guo,zhigang mao,junrong liu,jiachao chen

DOI: https://doi.org/10.2991/csic-15.2015.14

2015-01-01

Abstract:Security of cryptographic embedded devices has become a prevalent concern, especially since the introduction of Differential Power Analysis (DPA) by Paul Kocher et al. In the past years, many efforts have been made to improve the resistance against Side Channel Attack (SCA) of cryptographic devices. Among the countermeasures, masking is a typical and efficient strategy. However, a number of effective attacks on masked cryptographic devices have been developed in recent years, and this paper continues this line of research. On theory, a DES with a masking scheme is secure under first order SCA, but we dig out a new leakage problem which makes it possible to attack a masked DES without using higher-order power analysis. Concretely, we perform a first-order correlation power analysis based on the leakage relationship between two different arithmetic components of DES. And the reason for this leakage is analyzed and verified by us through simulation and real card attacks.

Chenguang Wang,Qiang Zhou,Yici Cai,Haoyi Wang

DOI: https://doi.org/10.1145/3240765.3240804

2018-11-05

Abstract:Electromagnetic (EM) analysis is to reveal the secret information by analyzing the EM emission from a cryptographic device. EM analysis (EMA) attack is emerging as a serious threat to hardware security. It has been noted that the on-chip power grid (PG) has a security implication on EMA attack by affecting the fluctuations of supply current. However, there is little study on exploiting this intrinsic property as an active countermeasure against EMA. In this paper, we investigate the effect of PG on EM emission and propose an active countermeasure against EMA, i.e. EM Equalizer (EME). By adjusting the PG impedance, the current waveform can be flattened, equalizing the EM profile. Therefore, the correlation between secret data and EM emission is significantly reduced. As a first attempt to the co-optimization for power and EM security, we extend the EME method by fixing the vulnerability of power analysis. To verify the EME method, several cryptographic designs are implemented. The measurement to disclose (MTD) is improved by 1138x with area and power overheads of 0.62% and 1.36%, respectively.

Engineering,Computer Science

Rui Li,Xiaoxin Cui,Wei Wei,Di Wu,Kai Liao,Nan Liao,KaiSheng Ma,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/EDSSC.2013.6628153

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two effective countermeasures against DPA attack. This paper propose a novel countermeasure which associating masking with RDI, further, Multi-Masking instead of Transformed Masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented on Data Encryption Standard (DES). The results show that combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA.

QIAN Si-jin,ZHANG Kai-ze,WANG Yan-bo,HE De-quan

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.32.044

2007-01-01

Abstract:Based on the thorough analysis of the Differential Power Analysis theory,a DES-oriented DPA system is designed in this paper and the DPA analysis correct rate is achieved.Through detail observation and analysis of the experimental data,we’ve found one factor which may seriously affect the DES’ DPA analysis correct rate,that is the 4th S-Box collision phenomenon which is deserved to be researched deeply in the future.

Kun Gu,Liji Wu,Xiangyu Li,Xiangxin Zhang

DOI: https://doi.org/10.1109/cis.2011.149

2011-01-01

Abstract:Information security is very important for the smart cards. Electromagnetic analysis (EMA) attack is a common method of side channel attacks which is a serious threat for the security of smart cards. So it is necessary to build a system to estimate the ability of the smart card to resist EMA attack. In this paper, an automatic EMA system for smart cards is designed and implemented. This system can measuring the electromagnetic field of smart card and can also carry out EMA attack. To verify the effectiveness of this system, an EMA attack was successfully carried out by it on a FPGA which 3DES cryptographic algorithm was loaded and implemented. 3DES is widely used in bank IC card and USB key. It is important to make sure of the safety of these financial IC cards. The experimental results showed that the applicable electromagnetic field signal can be traced to estimate the ability of the security device to resist EMA attack.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

LI Hai-bin,ZHOU Yu-jie

DOI: https://doi.org/10.3969/j.issn.1002-0802.2007.11.105

2007-01-01

Abstract:Since the introduction of Power Analysis on smart cards by Paul Kocher,many countermeasures have been suggested to protect implementations of cryptographic algorithms.In this paper,a new protection principle ——the transformed masking method is proposed.And this method is applied to protect the most popular block cipher: DES.

Xinjie Zhao,Fan Zhang,Shize Guo,Tao Wang,Zhijie Shi,Huiying Liu,Keke Ji

DOI: https://doi.org/10.1007/978-3-642-29912-4_17

2012-01-01

Abstract:Algebraic side-channel attack (ASCA) is a powerful cryptanalysis technique different from conventional side-channel attacks. This paper studies ASCA from three aspects: enhancement, analysis and application. To enhance ASCA, we propose a generic method, called Multiple Deductions-based ASCA (MDASCA), to cope the multiple deductions caused by inaccurate measurements or interferences. For the first time, we show that ASCA can exploit cache leakage models. We analyze the attacks and estimate the minimal amount of leakages required for a successful ASCA on AES under different leakage models. In addition, we apply MDASCA to attack AES on an 8-bit microcontroller under Hamming weight leakage model, on two typical microprocessors under access driven cache leakage model, and on a 32-bit ARM microprocessor under trace driven cache leakage model. Many better results are achieved compared to the previous work. The results are also consistent with the theoretical analysis. Our work shows that MDASCA poses great threats with its excellence in error tolerance and new leakage model exploitation.

J. Longo,E. De Mulder,D. Page,M. Tunstall

DOI: https://doi.org/10.1007/978-3-662-48324-4_31

2015-01-01

Abstract:Increased complexity in modern embedded systems has presented various important challenges with regard to side-channel attacks. In particular, it is common to deploy SoC-based target devices with high clock frequencies in security-critical scenarios; understanding how such features align with techniques more often deployed against simpler devices is vital from both destructive (i.e., attack) and constructive (i.e., evaluation and/or countermeasure) perspectives. In this paper, we investigate electromagnetic-based leakage from three different means of executing cryptographic workloads (including the general purpose ARM core, an on-chip co-processor, and the NEON core) on the AM335x SoC. Our conclusion is that addressing challenges of the type above is feasible, and that key recovery attacks can be conducted with modest resources.

Xin Min

2002-01-01

Abstract:Based on an analysis of the DES algorithm,a programme realization of the DES algorithm is discussed in detail.

Qian Lei,Liji Wu,Shaohui Zhang,Xiangmin Zhang,Xiangyu Li,Liyang Pan,Zhimeng Dong

DOI: https://doi.org/10.1109/cis.2015.102

2015-01-01

Abstract:Side-channel analysis is becoming a major threat to the security chips of smart cards, including power analysis, electromagnetic analysis and fault injection. Based on software hardware co-design, we implemented a side-channel analysis platform covering CPA/DPA/TA/CA methods, which could effectively reveal the secret keys on security chips. Our work integrates power analysis, electromagnetic analysis and fault injection into single platform, which contains regular international cryptographic algorithm of AES/3DES/ RSA/ECC and China standard cryptographic algorithm of SM2/SM3/SM4. And a novel UML model for software implementation is proposed. Six smart card products with countermeasures have been analyzed on our platform, and all keys have been revealed successfully. Particularly, the key of a contactless smart card product was revealed by 350,000 power traces, and compared to the foreign report out of 1,000,000 power traces, we have about 65% increase on efficiency of revealing keys.

Han Gan,Hongxin Zhang,Muhammad Saad Khan,Xueli Wang,Fan Zhang,Pengfei He

DOI: https://doi.org/10.1109/cc.2017.8068768

2017-01-01

China Communications

Abstract:Correlation power analysis (CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts (RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition (EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions (IMFs), we extract a certain intrinsic mode function (IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.

Qihui Zhang,Jian Cao,Xixin Cao,Xing Zhang,Yin Ye,Yanguang Zhao,Botao Chen

DOI: https://doi.org/10.1109/CONIELECOMP.2015.7086938

2015-01-01

Abstract:DES has been widely used in current financial security application, but side-channel attacks are considered as serious threats to DES cryptographic algorithm. Asynchronous DES design will be a proper solution because of its natural properties. First, a low power asynchronous DES architecture and sub key generation architecture are proposed. Then, optimized Balsa implementation, GTECH-based implementation and black-box-based implementation are described to reduce area and power. Furthermore, a dual-rail implementation is carried out for future security applications and a Spartan-6 FPGA verification is checked before taping out. ASIC implementation results show that our proposed asynchronous DES architecture and black-box-based scheme can achieve about 20% lower power with 25% area increase of its synchronous equivalent, and its energy is only 8.2% and 27.3% of those reported in other papers, respectively. FPGA experimental results show that our proposed asynchronous DES exhibits an operation frequency of 196.2 MHz and costs only 4% slice LUTs. Moreover, it can be suitably integrated into contactless smart cards.