谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Yicheng Chen,Xuecheng Zou,Zhenglin Liu,Yu Han

DOI: https://doi.org/10.3321/j.issn:1671-4512.2007.11.027

2007-01-01

Abstract:On the basis of discussing Hamming distance power model, proposed was a novel max differential power attack (MDPA) algorithm to attack advanced encryption standard (AES) hardware implementation, which can find the correct key by comparing energy difference which was produced by real key and equivalent plaintexts. The equivalent plaintexts were generated by changing partly plaintexts using the corresponding keys to appoint the value which was imported by the attacked S-box. The different technique was applied to remove most parts of noise. Attack simulations were illustrated by MDPA and correlation power analysis (CPA). The experimental result shows that MDPA scheme was an effective power attack method, and able to enhance the CPA effectually at a reasonable cost.

Yu Han,Xuecheng Zou,Zhenglin Liu,Yi-Cheng Chen

DOI: https://doi.org/10.4236/ijcns.2008.11010

2008-01-01

Abstract:This paper presents an effective way to enhance power analysis attacks on AES hardware implementations.The proposed attack adopts hamming difference of intermediate results as power mode.It arranges plaintext inputs to differentiate power traces to the maximal probability.A simulation-based AES ASIC implementation and experimental platform are built.Various power attacks are conducted on our AES hardware implementation.Unlike on software implementations, conventional power attacks on hardware implementations may not succeed or require more computations.However, the method we proposed effectively improves the success rate using acceptable number of power traces and fewer computations.Furthermore from experimental data, the correlation factor between the hamming distance of key guesses and the difference of DPA traces has the value 0.9233 to validate power model and attack results.

Yu Han,Xuecheng Zou,Zhenglin Liu,Yicheng Chen

DOI: https://doi.org/10.1109/wicom.2007.556

2007-01-01

Abstract:This paper presents an alternative way to enhance power analysis attacks on AES hardware implementations for wireless sensor network (WSN) nodes. The proposed attack method adopts hamming differences of intermediate results as the power model and arranges plaintext inputs to maximize the differences of power traces, A simulation-based experimental environment is built, and various power attacks are conducted on our AES hardware implementation. Unlike on software implementations, conventional power attacks on hardware implementations may not succeed or require more computations. However, our proposed method improves the success rate effectively using acceptable number of power traces and fewer computations. Furthermore, experimental results also demonstrate that the linear operations of AES hardware implementations extremely leak the data-dependent power information vulnerable to power attacks.

Xiaomin Cai,Renfa Li,Shijie Kuang,Jinhui Tan

DOI: https://doi.org/10.1109/access.2020.2993701

IF: 3.9

2020-01-01

IEEE Access

Abstract:Differential power analysis attacks are the most commonly used means to break cryptographic devices within the side-channel attack technology. Since there is a lot of noise in the energy trace of cryptographic devices, a large number of energy traces are needed to carry out the attack, resulting in a high computational cost. To solve this problem, this study starts with an analysis of the characteristics of power waveform formation from the inherent properties of the complementary metal oxide semiconductor circuit. Then, based on the Hamming distance classification method and the results of power waveform analysis, the useful information interval in the energy trace is located, that is, the interval with a strong correlation with the key. Thus, we achieve energy trace compression. Finally, a system on chip with a 128-bit AES algorithm is used to conduct various attack experiments in the effective interval. The results show that the calculation is cut off by 96%, which greatly reduces the computational cost for differential power analysis attacks.

SHA Pei-dong,ZHU Zhi-xiang

DOI: https://doi.org/10.3969/j.issn.1008-5564.2013.04.011

2013-01-01

Abstract:Based on the Advanced Encryption Standard(AES)cipher algorithm,this essay proposes an improved differential fault analysis attack.This algorithm induced the faults in encryption to derive the relationship between the original cipher text and the cipher text after the importation of the fault to recover the secret key and reduce the complexity of a brute force attack.Compared with the traditional differential fault analysis(DFA)attack algorithm against AES-128,this method has better scalability and can realize the attack against AES-192 and AES-256 after appropriate adjustments to the parameters of the specific derivation process.

Zemin Cai,Yi Wang,Renfa Li

DOI: https://doi.org/10.1007/978-3-319-03584-0_33

2013-01-01

Abstract:Differential Power Analysis against AES proved to be effective, with use mask techniques, we can truncate the relevance and defense DPA attacks successfully. In this paper, we introduce a new mean called DFA (Differential Fault Attack), DFA has been shown successfully to attack AES algorithm with masking. We inject a fault to the intermediate results and other general form to obtain the ciphertext with faults, using the ciphertext we can recover the keys. Firstly, we construct the Sbox/InvSbox distribution tables to make the results sets space is less than 28 with two correct/fault ciphertexts pairs, even, in most cases, the set space are strict in 22. Secondly, we also demonstrated that the model of DFA we constructed can ignore the masking techniques and propose some methods to recover the keys with less time consuming and reduced searching space. Lastly, we make the module into an application and prove the module is effective. © Springer International Publishing Switzerland 2013.

Han Gan,Hongxin Zhang,Muhammad Saad Khan,Xueli Wang

DOI: https://doi.org/10.1080/02533839.2018.1553631

2019-01-01

Abstract:In this paper, we propose an improved differential power analysis (DPA) attack method for use against the 128-bit Advanced Encryption Standard (AES-128) with random process interrupt (RPI) protection applied on a field-programmable gate array (FPGA). The misalignment caused by RPIs is undermined by the new signals processed by our proposed method. Our method uses compressed energy entropy and the sliding window technique to process the power consumption curves (PCCs). The results of our experiments show that by gathering the scattered information, our method has excellent performance on the DPA attacks. Compared with existing methods, our proposed method shows better performance in increasing the amplitude of the maximum spike of the correlation curve. While achieving the same success rates, the number of PCCs applied in our method has decreased by 35%.

WU Keshou,CHEN Yuming,LI Renfa,WANG Xiaodong

DOI: https://doi.org/10.3778/j.issn.1002-8331.2012.29.013

2012-01-01

Abstract:By analyzing the features of International Data Encryption Algorithm(IDEA),this paper presents a Differential Power Analysis(DPA)attacking method on IDEA code system,which is based on Hamming distance.The method is one particularly powerful type of Side Channel Attacks(SCA).All its theories are based upon the physical characters,power consumption models and data dependent power consumption of CMOS logic gates which form the Integrated Circuits(ICs).The paper introduces the design and realization of DPA attacks of IDEA.Correct secret key of encryption algorithm is cracked successfully with experiments.It comes gradually and closely into ultimate target of the attack.The result indicates that IDEA encrypted system without some extra protective measures can't resist the attacks of DPA,because of the leakages from the physical signals and the difference of power consumption while processing the different data of ICs.The results can provide the researchers a useful reference for the safety design.

WU Ke-shou,LI Ren-fa,WANG Xiao-dong,CHEN Yu-ming

DOI: https://doi.org/10.3969/j.issn.1002-137x.2012.02.014

2012-01-01

Computer Science

Abstract:By analyzing the features of data encryption algorithm DES,this paper presented a differential power analysis(DPA) attacking simulation platform on DES.The platform has some advances such as high precision and high simulation speed.All its theories are based upon the physical characters,power consumption models and data dependent power consumption of CMOS logic gates which form the integrated circuits(ICs).The paper introduced the design and realization of DPA attacking platform of DES,which is based on hamming distance.Correct secret key of encryption algorithm is cracked successfully with simulation experiment.The work in this article provides necessary base and reference for theoretic research on DES algorithm in the future.

LIU Zheng-lin,HAN Yu,ZOU Xue-cheng,CHEN Yi-cheng

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.03.006

2008-01-01

Abstract:The power consumption of a digital circuit implemented in the CMOS technology depends on the data that the circuit is processing. Power analysis attacks based on the fact pose a serious threat to cryptographic devices for extracting secret data. In this paper, we discuss the vulnerability of AES hardware implementations, and present the hypothetical circuit model. We also assess the susceptibility to differential power analysis (DPA) and correlation power analysis (CPA) attacks using different statistical methods in theoretical estimation. Furthermore, we give some possible hardware countermeasures against PA attacks.

Shize Guo,Xinjie Zhao,Fan Zhang,Tao Wang,Zhijie Jerry Shi,Francois-Xavier Standaert,Chujiao Ma

DOI: https://doi.org/10.1109/tifs.2014.2315534

IF: 7.231

2014-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

Zhaojun Lu,Hailong Liu,Jingshan Ma,Zhenglin Liu

DOI: https://doi.org/10.13245/j.hust.170801

2017-01-01

Abstract:Aiming at the problem of low efficiency,poor universality and high cost for the side-channel attack (SCA) platform in cryptography,a differential power attack (DPA) platform was designed after analyzing the principle of advanced encryption standard (AES).It employs XILINX Spartan-6 field programmable gate array (FPGA) as the master control chip for providing clock signal to encryption equipment,which solves the problem of waveform alignment.In the FPGA,MicroBlaze soft processor is instantiated to perform attack programs according to the characteristics of different encryption devices,which offers good universality.The platform greatly improves the efficiency of the attack by taking a variety of isolation measures to minimize the interference of noise.Experimental results shows that the AES encryption algorithm running on C52 and STM32 is successfully cracked in 5 min with the platform.Under the premise of ensuring the efficiency of the attack,the DPA platform costs less than 500 RMB and reserves the attack interface for the SIM card and the FPGA encryption equipment as the hardware platform of the next experiment.

丁国良,李志祥,尹文龙,赵强

DOI: https://doi.org/10.3724/sp.j.1087.2009.02200

2009-01-01

Abstract:To study the vulnerability of Advanced Encryption Standard (AES) against electromagnetic side channel attacks, the article analyzed the electromagnetic information leakage model of microcomputer and the choice of D function. Then, concerning the AES-128 bits cryptographic system realized by the 89C51 microchip, Differential Electromagnetic Analysis (DEMA) algorithm, which was used into an attack experiment and succeeded in obtaining 128 bits secret key of AES-128, was described. After analyzing the experimental results, the leakage of secret information produced by ByteSub transformation was detected. This method can be regarded as a new protective measure in cryptographic systems.

Shuaiwei Zhang,Xiaoyuan Yang,Weidong Zhong,Yujuan Sun

DOI: https://doi.org/10.3970/cmc.2018.??

2018-01-01

Abstract:As one of the typical method for side channel attack, DPA has become a serious trouble for the security of encryption algorithm implementation. The potential capability of DPA attack induces researchers making a lot of efforts in this area, which significantly improved the attack efficiency of DPA. However, most of these efforts were made based on the hypothesis that the gathered power consumption data from the target device were stable and low noise. If large deviation happens in part of the power consumption data sample, the efficiency of DPA attack will be reduced rapidly. In this work, a highly efficient method for DPA attack is proposed with the inspiration of genetic algorithm. Based on the designed fitness function, power consumption data that is stable and less noisy will be selected and the noisy ones will be eliminated. In this way, not only improves the robustness and efficiency of DPA attack, but also reduces the number of samples needed. With experiments on block cipher algorithms of DES and SM4, 10% and 12.5% of the number of power consumption curves have been reduced in average with the proposed DPAG algorithm compared to original DPA attack respectively. The high efficiency and correctness of the proposed algorithm and novel model are proved by experiments.

Ying Zhou,Guoyu Qian,Yueying Xing,Hongying Liu,Satoshi Goto,Yukiyasu Tsunoo

DOI: https://doi.org/10.1109/ISECS.2010.56

2010-01-01

Abstract:Advanced Encryption Standard (AES) is a widely used symmetric cryptographic algorithm. Differential power analysis attack (DPA) is a powerful side-channel attack method which has been successfully used to attack AES. As a lot of people focus on revealing the key, more and more people become interested in how to defend DPA attack. In this paper, we propose a method by adding a set of register and a random generator to defend DPA attack. The proposed method has been implemented on SASEBO board. It can process data with 2.56 Gbps at 200 MHz frequency. And we use the DPA attack to prove it can effectively defend the normal DPA attack.

Ming Tang,ZhenLong Qiu,Si Gao,Mu Yi,ShuBo Liu,HuanGuo Zhang,YingZhen Jin

DOI: https://doi.org/10.1007/s11432-012-4588-5

2012-01-01

Science China Information Sciences

Abstract:Side channel attacks (SCAs) on security software and hardware have become major concerns on computer and system security. The existing SCAs generally require the knowledge of the corresponding cryptographic algorithm and implementation adopted in the target; therefore, they are not fully suitable for practical applications. In this paper, we propose a novel SCA—polar differential power attack (polar DPA). We found that DPA peaks have different biases for different cryptographic algorithms and implementations. Based on these biases, we can successfully attack a block cipher, assuming that the cipher algorithm uses a secret key in its first round, without the knowledge of the cipher algorithm or implementation. Other rounds can be treated as a black box. We present a detailed theoretical analysis and experiment to demonstrate the correctness and efficiency of our scheme. Furthermore, our scheme has demonstrated an improvement over the leakage evaluation scheme due to Ichikawa et al. (CHES 2005). Our evaluation method can be used in electronic design automatic (EDA) flows and can help security circuit designers to understand the data leakage due to SCAs.

Guoqiang Bai,Hailiang Fu,Wei Li,Xingjun Wu

DOI: https://doi.org/10.1109/trustcom/bigdatase.2018.00210

2018-01-01

Abstract:This paper presents a practicable method of differential power attack on SM4 block cipher. We build the power acquisition platform based on SASEBO-G board. Through the platform, the encryption of SM4 algorithm is implemented in hardware and the power curves are obtained by the Agilent oscilloscope at the same time. The hamming weight of 8-bit output of S-box is selected as the power model to realize the DPA attack on MATLAB. Only 2000 power traces are needed to crack the sub-key byte in the first round of standard SM4 algorithm. The cost of DPA attack has been reduced more than 60% compared with the references which need at least 5000 power traces.

guoyu qian,ying zhou,yueying xing,yibo fan,yukiyasu tsunoo,satoshi goto

DOI: https://doi.org/10.1109/ASICON.2009.5351546

2009-01-01

Abstract:Research on Differential Power Analysis (DPA) is becoming more and more popular nowadays. Against different hardware, DPA attack will lead to different results, e.g. attack on FPGA is easy but on ASIC is relatively difficult. However, how could we draw the conclusion that we finish a successful attack? How to build the connection between result data and successful rate is a meaningful topic. Same data with different statistical processing method will lead to different results. In this paper, we focus on DPA attack against an ASIC implementation. We analyzed two current statistical methods, pointed out the limitations. Then, we proposed a weighted statistical analysis method. According to number of traces and repetitions, we adjust the weight value. Finally, we improved the accuracy and efficiency of DPA attack on ASIC by reducing the number of traces used in attack.