Yu Han,Xuecheng Zou,Zhenglin Liu,Yicheng Chen

DOI: https://doi.org/10.1109/wicom.2007.556

2007-01-01

Abstract:This paper presents an alternative way to enhance power analysis attacks on AES hardware implementations for wireless sensor network (WSN) nodes. The proposed attack method adopts hamming differences of intermediate results as the power model and arranges plaintext inputs to maximize the differences of power traces, A simulation-based experimental environment is built, and various power attacks are conducted on our AES hardware implementation. Unlike on software implementations, conventional power attacks on hardware implementations may not succeed or require more computations. However, our proposed method improves the success rate effectively using acceptable number of power traces and fewer computations. Furthermore, experimental results also demonstrate that the linear operations of AES hardware implementations extremely leak the data-dependent power information vulnerable to power attacks.

谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

Yicheng Chen,Xuecheng Zou,Zhenglin Liu,Yu Han

DOI: https://doi.org/10.3321/j.issn:1671-4512.2007.11.027

2007-01-01

Abstract:On the basis of discussing Hamming distance power model, proposed was a novel max differential power attack (MDPA) algorithm to attack advanced encryption standard (AES) hardware implementation, which can find the correct key by comparing energy difference which was produced by real key and equivalent plaintexts. The equivalent plaintexts were generated by changing partly plaintexts using the corresponding keys to appoint the value which was imported by the attacked S-box. The different technique was applied to remove most parts of noise. Attack simulations were illustrated by MDPA and correlation power analysis (CPA). The experimental result shows that MDPA scheme was an effective power attack method, and able to enhance the CPA effectually at a reasonable cost.

HAN Yu,ZOU Xue-cheng,LIU Zheng-lin,CHEN Yi-cheng

DOI: https://doi.org/10.3969/j.issn.1000-7180.2007.12.013

2007-01-01

Abstract:Firstly a Hamming power model is used for modeling the power consumption of the hardware implementation of AES in this paper.Then we perform a power analysis attack based on bit transitions of registers against the behavior of the algorithm.Furthermore,a sound attack is executed with the power traces recorded by simulating the power consumption of the hardware implementation at gate level.

Qingsheng Hu,Xiangning Fan,Qiaowei Zhang

DOI: https://doi.org/10.1109/cyberc.2019.00019

2019-01-01

Abstract:In order to improve the efficiency of side-channel attack and reduce attack costs, an effective differential power analysis (DPA) method for advanced encryption standard (AES) is presented. By building the power acquisition platform based on current main stream EDA tools, a lot of power consumption traces can be achieved with ease. In addition, a critical distinguishing function is investigated so as to the key recovering can be more efficient and practical. Finally, two attacking experiments using our analytical method for AES are performed based on the developed DPA platform. Simulation results show that the key of the AES can be cracked correctly illustrating our analytical method has high effectiveness.

LIU Zheng-lin,HAN Yu,ZOU Xue-cheng,CHEN Yi-cheng

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.03.006

2008-01-01

Abstract:The power consumption of a digital circuit implemented in the CMOS technology depends on the data that the circuit is processing. Power analysis attacks based on the fact pose a serious threat to cryptographic devices for extracting secret data. In this paper, we discuss the vulnerability of AES hardware implementations, and present the hypothetical circuit model. We also assess the susceptibility to differential power analysis (DPA) and correlation power analysis (CPA) attacks using different statistical methods in theoretical estimation. Furthermore, we give some possible hardware countermeasures against PA attacks.

Yu Bo,Li Xiangyu,Chen Cong,Sun Yihe,Wu Liji,Zhang Xiangmin

DOI: https://doi.org/10.1088/1674-4926/33/6/065009

2012-01-01

Abstract:This paper presents an AES (advanced encryption standard) chip that combats differential power analysis (DPA) side-channel attack through hardware-based random order execution. Both decryption and encryption procedures of an AES are implemented on the chip. A fine-grained dataflow architecture is proposed, which dynamically exploits intrinsic byte-level independence in the algorithm. A novel circuit called an HMF (Hold-Match-Fetch) unit is proposed for random control, which randomly sets execution orders for concurrent operations. The AES chip was manufactured in SMIC 0.18 μm technology. The average energy for encrypting one group of plain texts (128 bits secrete keys) is 19 nJ. The core area is 0.43 mm2. A sophisticated experimental setup was built to test the DPA resistance. Measurement-based experimental results show that one byte of a secret key cannot be disclosed from our chip under random mode after 64000 power traces were used in the DPA attack. Compared with the corresponding fixed order execution, the hardware based random order execution is improved by at least 21 times the DPA resistance.

Ying Zhou,Guoyu Qian,Yueying Xing,Hongying Liu,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.56

2010-01-01

Abstract:Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on revealing the key, more and more people become interested in how to defend DPA attack. In this paper, we propose a method by adding a set of register and a random generator to defend DPA attack. The proposed method has been implemented on SASEBO board. It can process data with 2.56 Gbps at 200 MHz frequency. And we use the DPA attack to prove it can effectively defend the normal DPA attack.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Miao Yuan,Guoqiang Bai

DOI: https://doi.org/10.1109/cis.2015.101

2015-01-01

Abstract:Higher Order Differential Power Analysis (HODPA) has been introduced for more than ten years. Various combining functions are applied to attack the masked AES implementation, but finding an appropriate combining function is still a big issue. We study the weakness of absolute difference method when using multi-bit variables to mount an attack. In this paper, an optimized method is proposed to improve its efficiency. Simulation results based on different combining functions show that the success rate of our method is twice as high as that of normal absolute difference and sum combining function. Our idea is also confirmed by physical traces measured on a FPGA platform.

guoyu qian,ying zhou,yueying xing,yibo fan,yukiyasu tsunoo,satoshi goto

DOI: https://doi.org/10.1109/ASICON.2009.5351546

2009-01-01

Abstract:Research on Differential Power Analysis (DPA) is becoming more and more popular nowadays. Against different hardware, DPA attack will lead to different results, e.g. attack on FPGA is easy but on ASIC is relatively difficult. However, how could we draw the conclusion that we finish a successful attack? How to build the connection between result data and successful rate is a meaningful topic. Same data with different statistical processing method will lead to different results. In this paper, we focus on DPA attack against an ASIC implementation. We analyzed two current statistical methods, pointed out the limitations. Then, we proposed a weighted statistical analysis method. According to number of traces and repetitions, we adjust the weight value. Finally, we improved the accuracy and efficiency of DPA attack on ASIC by reducing the number of traces used in attack.

Xiaoxin Cui,Rui Li,Wei Wei,Juan Gu,Xiaole Cui

DOI: https://doi.org/10.1109/ASICON.2013.6812024

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two countermeasures against DPA attack. But masking or RDI alone does not prevent DPA attack, they only enhance the difficulty of the attack. This paper proposes a novel countermeasure which associating masking with RDI. Furthermore, multi-masking instead of transformed masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented and verified on Data Encryption Standard (DES) algorithm. The results show that the combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA with only 28% performance penalty.

Yuanman Tong,Zhiying Wang,Kui Dai,Hongyi Lu

2008-01-01

Abstract:To validate the resistibility to power analysis attacks for different countermeasures, this paper presented the method which can find the feasible power analysis attacks in various implementations of cryptographic algorithms. The presented method includes three parts, the basic theory for identifying the feasible attacks, the enhanced data dependence graph which used to describe the implementation of a cryptographic algorithm, and the algorithm for identifying different kinds of power analysis attacks. A typical countermeasure of AES based on random masking is used to illustrate how to identify the feasible attacks. By Combining with the quantitative analysis of the resistibility to power analysis attacks for a cryptographic device, the design flow of power analysis attacks resistant cryptographic device can be established.

Han Gan,Hongxin Zhang,Muhammad Saad Khan,Xueli Wang,Fan Zhang,Pengfei He

DOI: https://doi.org/10.1109/cc.2017.8068768

2017-01-01

China Communications

Abstract:Correlation power analysis (CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts (RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition (EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions (IMFs), we extract a certain intrinsic mode function (IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.

Shuaiwei Zhang,Xiaoyuan Yang,Weidong Zhong,Yujuan Sun

DOI: https://doi.org/10.3970/cmc.2018.??

2018-01-01

Abstract:As one of the typical method for side channel attack, DPA has become a serious trouble for the security of encryption algorithm implementation. The potential capability of DPA attack induces researchers making a lot of efforts in this area, which significantly improved the attack efficiency of DPA. However, most of these efforts were made based on the hypothesis that the gathered power consumption data from the target device were stable and low noise. If large deviation happens in part of the power consumption data sample, the efficiency of DPA attack will be reduced rapidly. In this work, a highly efficient method for DPA attack is proposed with the inspiration of genetic algorithm. Based on the designed fitness function, power consumption data that is stable and less noisy will be selected and the noisy ones will be eliminated. In this way, not only improves the robustness and efficiency of DPA attack, but also reduces the number of samples needed. With experiments on block cipher algorithms of DES and SM4, 10% and 12.5% of the number of power consumption curves have been reduced in average with the proposed DPAG algorithm compared to original DPA attack respectively. The high efficiency and correctness of the proposed algorithm and novel model are proved by experiments.

Liu Lifei,Cui Xiaole,Ran Yalin,Cui Xiaoxin

DOI: https://doi.org/10.1109/ASICON.2015.7517206

2015-01-01

Abstract:Elliptic Curve Cryptosystem (ECC) is one of the most advantageous cryptosystems because of the shortened number of key bits when compared with RSA at the same security level. However, just as the other cryptosystems, ECC hardware is vulnerable to the side-channel analysis attacks which have been proposed. Power Analysis Attack (PA), as one of the most popular side-channel analysis attacks, is implemented easily, so more and more works concentrate on it. This work proposes a countermeasure to resist against Power Analysis. Then we design a unified hardware architecture which is multi-purpose and implementation to verify the effectiveness of the proposed method. The experiment results of FPGA verification platform show that the protected hardware can defend DPA with up to 105 measured power traces.

Yan Ting Ren,Li Ji Wu

DOI: https://doi.org/10.4028/www.scientific.net/amr.718-720.2376

2013-01-01

Advanced Materials Research

Abstract:In order to test the security of cryptographic devices against Side Channel Attacks (SCA), an automatic general-purpose power analysis system (TH-PAS-01) is designed and implemented. TH-PAS-01 is scalable and can be applied to many cryptographic devices when specific modules are installed. Using the system TH-PAS-01, correlation power analysis (CPA) are carried out on an AES chip under two working models: normal and shuffling mode. The security level of the countermeasure provided by the target chip is verified by TH-PAS-01. The experimental results show that the correct key of the AES chip is obtained with around 50,000 power traces when the chip was working under normal mode, while the whole key bits are not obtained with 960,000 power traces when the chip works under shuffling mode. The automatic general-purpose system TH-PAS-01 is feasible for security analysis on power analysis for cryptographic devices.

Jia Zhao,Jun Han,Xiaoyang Zeng,Liang Li,Yunsong Deng

DOI: https://doi.org/10.1109/icasic.2007.4415761

2007-01-01

Abstract:This paper proposes a low cost VLSI implementation of a masked AES algorithm resistant to DPA (Differential Power Analysis) attack. In order to minimize the influence of the modification to the hardware cost while enabling it resistant to DPA, such methods as altering calculation order, module reuse and composite field computation are employed to reduce chip area and maintain its speed. Using the HHNEC 0.25 mum CMOS process, the scale of the design is about 48 K equivalent gates and its system frequency is up to 70 MHz. The throughput of the 128-bit data encryption and decryption are as high as 380 Mbit/s.

Jie Li,Weiwei Shan,Chaoxuan Tian

DOI: https://doi.org/10.4028/www.scientific.net/amm.121-126.867

2011-01-01

Applied Mechanics and Materials

Abstract:In order to evaluate the security of Application Specific Integrated Circuit (ASIC) implemented cryptographic algorithms at an early design stage, a Hamming distance model based power analysis is proposed. The Data Encryption Standard (DES) algorithm is taken as an example to illustrate the threats of differential power analysis (DPA) attack against the security of ASIC chip. A DPA attack against the ASIC implementation of a DES algorithm is realized based on hamming distance power model (HD model), and it realized the attack by successfully guessing the right 48-bit subkey. This result indicates that the power analysis attack based on the HD model is simple, rapid and effective for the design and evaluation of security chips.

Rui Li,Xiaoxin Cui,Wei Wei,Di Wu,Kai Liao,Nan Liao,KaiSheng Ma,Dunshan Yu,Xiaole Cui

DOI: https://doi.org/10.1109/EDSSC.2013.6628153

2013-01-01

Abstract:Differential Power Analysis (DPA) reveals the secret key from the cryptographic device by side channel power leakage. Masking and Random Delay Insertion (RDI) are two effective countermeasures against DPA attack. This paper propose a novel countermeasure which associating masking with RDI, further, Multi-Masking instead of Transformed Masking is proposed in order to defend DPA attack based on hamming distance model. The combined countermeasure is implemented on Data Encryption Standard (DES). The results show that combined countermeasure defends DPA attack with 105 power traces, and increases 40% ability against DPA.