谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

Chi Zhang,Jun-Rong Liu,Da-Wu Gu,Wei-Jia Wang,Xiang-Jun Lu,Zheng Guo,Hai-Ning Lu

DOI: https://doi.org/10.1007/s11390-019-1961-5

2019-01-01

Abstract:Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.

YU Zehan,WANG Qin,GU Dawu,GUO Zheng,LIU Junrong,ZHANG Chi,LU Xiangjun,YUAN Yidong

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2021.08.001

2021-01-01

Abstract:Compared with 4G, the security of 5G protocol has been greatly improved, and the authentication algorithms has also made many improvements. However, the encryption algorithms in 5G USIM card are still threatened by the side channel attack. The process and architecture of 5G AKA authentication protocol are studied, and the vulnerability of the protocol in the key generation phase is analyzed. The correlation power analysis is carried out for commercial 5G USIM cards, and the secret parameters are recovered. Based on this, the replication, network entry and authentication tests of 5G USIM cards are implemented, and the vulnerability of the anti-side channel analysis technology is verified.

Chengbin Jin,Yongbin Zhou,Xinkuan Qiu,Qi Feng,Qian Zhang

DOI: https://doi.org/10.1016/j.cose.2021.102531

2022-02-01

Abstract:In this paper, we examine the question of how to perform an efficient side-channel analysis (SCA) of real-world crypto products with proprietary side-channel countermeasures. Concretely, answering this question requires a suitable selection of side-channel analysis methods and various steps to instantiate it to break various side-channel countermeasures. We take the analysis of a protected prototype system as an example, to discuss how to efficiently use traditional SCA methods and Deep-Learning based SCA methods in the context of analyzing current side-channel countermeasures. Then, we extend the analysis research on a real-world commercial off-the-shelf (COTS) 4G Universal Subscriber Identity Module (USIM) card, showing how to reverse-engineer the embedded side-channel countermeasures by using side-channel information only. The experiment results show that the secret key and other operator-related parameters can be fully recovered without prior knowledge of side-channel countermeasures. This research allows us to provide a living case study of the physical security analysis of real-world crypto products, which might be worthy of more in-depth investigations.

computer science, information systems

Yuanyuan Zhou,Yu Yu,François-Xavier Standaert,Jean-Jacques Quisquater

DOI: https://doi.org/10.1007/978-3-642-39884-1_20

2013-01-01

Abstract:Ensuring the physical security of small embedded devices is challenging. Such devices have to be produced under strong cost constraints, and generally operate with limited power and energy budget. However, they may also be deployed in applications where physical access is indeed possible for adversaries. In this paper, we consider the case of SIM cards to discuss these issues, and report on successful side-channel attacks against several (old but still deployed) implementations of the COMP128-1 algorithm. Such attacks are able to recover cryptographic keys with limited time and data, by measuring the power consumption of the devices manipulating them, hence allowing cards cloning and communications eavesdropping. This study allows us to put forward the long term issues raised by the deployment of cryptographic implementations. It provides a motivation for improving the physical security of small embedded devices early in their development. We also use it to argue that public standards for cryptographic algorithms and transparent physical security evaluation methodologies are important tools for this purpose. © 2013 Springer-Verlag.

Lu Zhang,Luis Vega,Michael Taylor

DOI: https://doi.org/10.48550/arXiv.1605.00681

2016-05-03

Abstract:Power side-channel attacks are a very effective cryptanalysis technique that can infer secret keys of security ICs by monitoring the power consumption. Since the emergence of practical attacks in the late 90s, they have been a major threat to many cryptographic-equipped devices including smart cards, encrypted FPGA designs, and mobile phones. Designers and manufacturers of cryptographic devices have in response developed various countermeasures for protection. Attacking methods have also evolved to counteract resistant implementations. This paper reviews foundational power analysis attack techniques and examines a variety of hardware design mitigations. The aim is to highlight exposed vulnerabilities in hardware-based countermeasures for future more secure implementations.

Cryptography and Security

Xuefei Bai,Yanhua Xu,Li Guo

DOI: https://doi.org/10.1109/ICCS.2008.4737165

2008-01-01

Abstract:Differential power analysis is of great concern because it can be used to break implementations of almost any symmetric or asymmetric algorithm, and several countermeasures have been proposed to protect implementations of cryptographic algorithms except SMS4 cipher. In the present paper, we focus on the differential power analysis attack on SMS4 cipher, and suggest a secure masking scheme for SMS4 cipher, which is particularly suited for implementation in dedicated hardware. The masking scheme for the inversion presented in this article is based on composite field arithmetic, in which the inversion is shifted from GF(28) down to GF(22). In addition, several methods such as module reuse and changing computing order are employed to reduce circuit area and maintain its speed. Using SMIC 0.18 ¿m CMOS technology, the area of this improved SMS4 cipher is only about 25 k-gates and the frequency could be up to 50 MHz.

Jinghao Zhao,Boxiao Ding,Yunqi Guo,Zhaowei Tan,Songwu Lu

DOI: https://doi.org/10.1145/3447993.3483254

2021-01-01

Abstract:The SIM/eSIM card stores critical information for a mobile user to access the 4G/5G network. In this work, we uncover three vulnerabilities of the current SIM practice. We show that the PIN-based access control may expose the in-SIM data to an adversary through both hardware and software. Once exposed, such in-SIM information can be used to reconstruct various keys used for device authentication, data encryption, etc. They thus enable a number of attacks, including traffic eavesdropping, man-in-the-middle attack, impersonation, etc. The fundamental problem is that, the current SIM design does not offer proper authentication and fine-grained access control to hundreds of in-SIM files for various in-card applets and off-card units. We next propose a new solution that offers both authentication and fine-grained access control. Our implementation and evaluation have confirmed the viability of our proposal.

Shutong Wang,Dawu Gu,Junrong Liu,Zheng Guo,Weijia Wang,Sigang Bao

DOI: https://doi.org/10.1109/CIS.2013.163

2013-01-01

Abstract:SMS4 is the first official released commercial cryptographic algorithm. It provides unified standards for designing and using local area wireless network product. The general DPA attack is not suitable for SMS4 owing to the ample random diffusion of the round output. This article proposed a new power analysis method for SMS4 to reduce the diffusion by chosen plaintext. Two means - Hamming distance model and bit model - are used to build the power model. Simulation results show that this method is effective and can be used in actual cryptographic circuit such as smart cards.

BAI Xue-fei,GUO Li,XU Yan-hua,LI Zhi-yuan

2009-01-01

Abstract:SMS4 algorithm is a block cipher used in WLAN products. In this paper, the differential power analysis attack on SMS4 algorithm is discussed. Based on analyses of the algorithm structure and principles of differential power analysis technologies, an attack method on every byte of round keys is presented. Through this attack, the round keys of the last four rounds of SMS4 can be obtained, and then the 128bit encryption key can be found out. The results of simulation experiments indicate that this attack method is effective and practical on SMS4 round operation. SMS4 algorithm is vulnerable to differential power analysis attacks, and cryptographic devices should be protected to prevent this kind of attacks.

DAI Peng,YE Zhao-hua,ZHANG Zhe,WANG Xin-an,ZHANG Xing

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.01.041

2011-01-01

Abstract:A encrypt system with 128 bit AES and 1024 bit RSA is introduced either for the encrypt speed or security for communication.The system is implemented by SMIC 0.18μm mix signal process.The result shows AES and RSA in USIM card achieve considerable performance with optimized area compared with other products,which is propitious to security application for USIM card.

Qian Lei,Liji Wu,Shaohui Zhang,Xiangmin Zhang,Xiangyu Li,Liyang Pan,Zhimeng Dong

DOI: https://doi.org/10.1109/cis.2015.102

2015-01-01

Abstract:Side-channel analysis is becoming a major threat to the security chips of smart cards, including power analysis, electromagnetic analysis and fault injection. Based on software hardware co-design, we implemented a side-channel analysis platform covering CPA/DPA/TA/CA methods, which could effectively reveal the secret keys on security chips. Our work integrates power analysis, electromagnetic analysis and fault injection into single platform, which contains regular international cryptographic algorithm of AES/3DES/ RSA/ECC and China standard cryptographic algorithm of SM2/SM3/SM4. And a novel UML model for software implementation is proposed. Six smart card products with countermeasures have been analyzed on our platform, and all keys have been revealed successfully. Particularly, the key of a contactless smart card product was revealed by 350,000 power traces, and compared to the foreign report out of 1,000,000 power traces, we have about 65% increase on efficiency of revealing keys.

Xiaowei Han,Beibei Wang,An Wang,Liji Wu,Woogeun Rhee

DOI: https://doi.org/10.1109/CIS.2014.116

2014-01-01

Abstract:SM2 is a public-key cryptography algorithm which is based on elliptic curves. Since the side channel leakage of devices can be used to deduce the information of secret keys, algorithms to implement SM2 need to be improved. In this paper, we propose an initialized masking scalar multiplication algorithm (IMSM), a modified atomic point doubling and point addition algorithm (MADA), and a transformed formula countermeasure (TFCS). Analysis shows they can resist Simple Power Analysis (SPA), Differential Power Analysis and Template Attacks. IMSM and MADA have been verified to resist SPA on FPGA board successfully. Compared to Binary Expansion with RIP algorithm, 28.6% calculations can be saved when the scalar is divided into four parts, which is rather fast.

LIU Peng,WEI Lian-feng

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.10.006

2008-01-01

Abstract:To be more secure,crypto-chips should be protected against simple power analysis attack and differential power analysis attack.Three technologies of differential power analysis are described and the performance of them is compared.To counter power analysis software and hardware level solutions are developed,but none of them achieved a total prevention of such attacks.The combi-nation of software and hardware is higher-efficiency in countermeasures to power analysis.Finally research directions are discussed.

Limin Guo,Qing Li,Lihui Wang,Zhimin Zhang,Dan Liu,Weijun Shan

DOI: https://doi.org/10.2991/iset-15.2015.28

2015-01-01

Abstract:Dynamic password technology is one of the most widely utilized methods for identity authentication. The security of dynamic password system depends on the cryptographic strength of the underlying hash function. And SM3 is the only standard hash algorithm of China. However, most cryptographic algorithm implementations are vulnerable against side channel attacks. But specific side channel attacks on dynamic password token based on SM3 hash function have not been given so far. This paper presents a differential power analysis attack on dynamic password token based on SM3 algorithm. SM3 hash algorithm is based on the mixing of different algebraic operations, such as XOR and addition modulo 2(32), thus the proposed DPA attack is mainly against these basic group operations. Experimental results are given by attacking an implementation of generating dynamic password using SM3 algorithm in a smart card, which demonstrate the feasibility of such attacks described in this paper.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Limin Guo,Lihui Wang,Qing Li,Jun Yu,Peng Luo

DOI: https://doi.org/10.1109/cis.2015.92

2015-01-01

Abstract:Dynamic password technology is widely utilized for identity authentication, which depends on using hash functions, such as SM3. And SM3 hash algorithm is based on the mixing of different group operations, such as XOR and addition modulo 232. In this paper, we present two original first-order differential power analysis attacks on dynamic password token based on SM3 algorithm. The two proposed DPA attacks are against XOR and addition modulo 232 operation respectively. Experimental results show that dynamic password token based on SM3 algorithm is vulnerable to side channel attacks, no matter implemented in software or hardware. We also provide a masked implementation of the algorithm, which is designed to avoid those proposed attacks.

Chenguang Wang,Qiang Zhou,Yici Cai,Haoyi Wang

DOI: https://doi.org/10.1145/3240765.3240804

2018-11-05

Abstract:Electromagnetic (EM) analysis is to reveal the secret information by analyzing the EM emission from a cryptographic device. EM analysis (EMA) attack is emerging as a serious threat to hardware security. It has been noted that the on-chip power grid (PG) has a security implication on EMA attack by affecting the fluctuations of supply current. However, there is little study on exploiting this intrinsic property as an active countermeasure against EMA. In this paper, we investigate the effect of PG on EM emission and propose an active countermeasure against EMA, i.e. EM Equalizer (EME). By adjusting the PG impedance, the current waveform can be flattened, equalizing the EM profile. Therefore, the correlation between secret data and EM emission is significantly reduced. As a first attempt to the co-optimization for power and EM security, we extend the EME method by fixing the vulnerability of power analysis. To verify the EME method, several cryptographic designs are implemented. The measurement to disclose (MTD) is improved by 1138x with area and power overheads of 0.62% and 1.36%, respectively.

Engineering,Computer Science

Fan Zhang,Bolin Yang,Xiaofei Dong,Sylvain Guilley,Zhe Liu,Wei He,Fangguo Zhang,Kui Ren

DOI: https://doi.org/10.1109/tc.2020.3020407

IF: 3.183

2020-11-01

IEEE Transactions on Computers

Abstract:The implementations of post-quantum cryptographic algorithms have been newly explored, whereas, the protection against side-channel attacks shall be considered upfront, since it can have a non-negligible impact on security and performance. In this article, the security of supersingular isogeny key encapsulation (SIKE), a second-round candidate of NIST's on-going post-quantum standardization process, is thoroughly evaluated under side-channel analysis. First, the vulnerabilities of reference and optimized implementations of SIKE are thoroughly analyzed in terms of both horizontal and vertical side-channel leakage. After the optimized SIKE, which is based on Three-point Montgomery Differential Ladder algorithm, is proved to be constant-time and there is no horizontal leakage, a vertical vulnerability is analyzed based on the source code at the algorithmic level, and a theoretical differential power analysis (DPA) attack is proposed. In order to exploit this vulnerability, the differential electromagnetic attack (DEMA) is put into practice to extract the private key of SIKE based on a 32-bit ARM platform. To the best of our knowledge, this is the first practical side-channel attack at SIKE implemented on real ARM-based devices. Our experiments show that the DEMA needs only hundreds of electromagnetic traces to carry out the attack. More importantly, an efficient window-based countermeasure is proposed to eliminate the vertical leakage and prevent side-channel attacks with only a little overhead. The security of our countermeasure is carefully evaluated against most of well-known power analysis attacks. Through careful evaluation and comparison with other countermeasures, this method can lead to higher security at a very small cost in terms of time and memory.

engineering, electrical & electronic,computer science, hardware & architecture

Haoran Gong,Tailiang Ju

DOI: https://doi.org/10.1038/s41598-023-50220-2

IF: 4.6

2024-01-11

Scientific Reports

Abstract:Encryption chips are specialized integrated circuits that incorporate encryption algorithms for data encryption and decryption, ensuring data confidentiality and security. In China, the domestic SM4 algorithm is commonly utilized, as opposed to the international AES encryption algorithm. These widely implemented encryption standards have been proven to be difficult to crack through crypt analysis methods Currently, power consumption side-channel attacks are the most prevalent method. They involve capturing power consumption data during the encryption process and subsequently recovering the encryption key from this data. The two leading methods are Differential Power Analysis (DPA) and machine learning techniques. DPA does not necessitate prior knowledge but relies heavily on the number of power consumption curves. With only 50 power consumption data points, the accuracy is a mere 80%. Machine learning methods require prior knowledge, achieving an accuracy rate above 95% with only 30 power traces, albeit with training times typically exceeding 15 min. In this paper, a distributed energy analysis attack approach was presented based on Correlation Power Analysis (CPA). The power consumption data was divided into 16 subsets, with each subset corresponding to 8 bytes of the key. By training each subset separately, the 8-byte key's corresponding power consumption data is reduced to only 100 dimensions, resulting in a 76% decrease in cracking time and a 3% improvement in cracking accuracy rate.This article also trains a more complex 256 classification model to directly crack the final key, achieving a success rate of 28% in cracking 128-bit passwords with only 1 power trace

multidisciplinary sciences