The Studies Of Improved Methods On Power Analysis And Practice

In cryptography,side-channel attacks refer to the cryptanalysis using the leakage information(e.g.,execution time,power consumption,electromagnetic radiation)from cryptographic implementations,in contrast with the tedious mathematical analyses.Most of the side-channel attacks are based on statistics and have very practical performances.Thanks to that,side-channel attack has gradually become one of the major threats to hardware security from the late 1990 s.Power analysis uses power consumption,electromagnetic radiation and other information to mount the attack,which has the advantage of passive side-channel information collection process and very good effectiveness in key recovery.It is currently becoming one of the most widely used side-channel attack methods.The countermeasures against the power analyses refer to power protections.At the same time,side-channel attacks and their protections have also drawn the great attentions of researchers in cryptography and microelectronic.And they have become one of the most rapidly developing directions in cryptanalysis and cryptographic engineering.With the development of chip technology and the regeneration of side-channel information acquisition equipment,the current power analyses and their protection technologies face the following issues: 1)As the environment of cryptographic implementations becoming more and more complicated,some power analysis methods are no longer applicable;2)With the growing demand of the security requirement,the improvement of side-channel information acquisition accuracy,and the variety of analysis methods,it is necessary to propose some more secure sidechannel protections.In this thesis,on one hand,new profiled and non-profiled DPA methods are proposed for the leakage of nano-scale chips.On the other hand,a new masking scheme named Boolean matrix product masking is proposed to provide a more secure power protection for cryptographic implementations.The template attack(a.k.a.,profiled analysis),as one of the mostly used power analysis methods,firstly establishes a power model based on a profiled(cryptographic)chip with a known key(using the profiling methods).Then,this power model is used to attack the target(cryptographic)chip.The complicated leakage functions of the nano-scale chips(under the scale of65nm)greatly reduces the profiling efficiency of the commonly used profiling methods.Based on the ridge regression from statistical learning,a new profiling method is proposed in this thesis.It can effectively model the non-linear leakage from nano-scale chips.Moreover,it also works well in the situation where the leakage of profiled chip has a certain difference from that of the target chips,which makes the modeling process more robust.At the same time,in terms of the time complexity of the profiling,this thesis presents a fast implementation of ridge-based profiling using pre-computed look-up table.Theoretical analysis for ridge-based profiling shows that it performs better than the commonly used methods under non-linear leakage.In the experimental analysis,both simulation-based and FPGA-based experiments verify that the ridge-based profiling performs better and more robust than the other profiling methods.An attacker(evaluator)usually does not have a known-key profiled chip.In this nonprofiled case,power analysis methods often rely on some device-specific assumptions,for example,Hamming weight,Hamming distance and so on.However,the leakage functions from nano-scale chips become more complicated,leading to the issue that the common power model usually cannot reflect the real leakage well.In this thesis,the ridge-based DPA is proposed as an extension of the ridge-based profiling to the non-profiled case.The new DPA method does not rely on any assumptions for the leakage function of specific cryptographic device,and thus it is theoretically applicable to any leak scenario.In theoretical analysis,the advantages of the ridge-based DPA are justified.Both simulation experiments and FPGA-based experiments show that the performance of the new method is reduced little with the increase of the complexity of leakage function.Masking is one of the most suitable techniques to resist the side-channel attacks.The commonly used Boolean masking is usually insecure in the condition of low noise and highorder leakage.The existing high-secure maskings currently can only be applied to a small set of cryptographic algorithms.This thesis presents a new high-secure masking for the effective protection of more block ciphers,especially the very promising one based on the bitslice S-box.The secure proof of the Boolean matrix product masking in probing model is given.Besides,the analysis based on mutual information shows that,with low noise and high-order leakage,the new masking is much secure than the Boolean masking.At the same time,in terms of the implementation efficiency,this thesis compares the cost of Boolean masking,the existing highsecure masking and the Boolean matrix product masking.The result shows that the trade-off between applicability,efficiency and security of the new proposed masking is better than that of the others.This thesis also presents the side-channel attack on real-world customized cryptographic chips,namely,the power analysis against the YubiKey.The last chapter gives the designs of triggering YubiKey and collecting power consumption through the USB power cable.And a key recovery attack procedure according to YubiKey's authentication protocol is presented.