Research On Key Technologies Of Cryptographic System On A Chip

With the development of cryptographic technology and integrated circuit, the per-formance, security, and application of cryptographic SoC (System on a Chip) which is the core component have become one of the most important marks of information security’s development level. Although some specifications and standards for security requirements of cryptographic module have been published, there are few standards or constraint for the concrete cryptography engineering implementation. No scientific evaluation standards can be used for cryptographic device, that’s why some interfaces and buses encounter all kinds of security problem and side channel attack technology develops rapidly.Regrettably, because of the lag in technology and lack of supervision, some cryp-tographic devices are marketed without a rigorous security evaluation. As a result, their client suffers heavy losses. Even some devices which have passed international canonical certification also face a serious security problem. In 2009, Garcia et al. were awarded the best paper of IEEE Symposium on Security and Privacy because of their work of breaking the Mifare Classic Card whose circulation is up to several billion in the world. In 2010 cryptographic annual meeting of China, a cryptographer from South China University of Technology announced his group had broken the subway card used in Guangzhou. In 2010, Murdoch et al. were awarded the best paper of IEEE Sym-posium on Security and Privacy. They broke two well used PIN Entry Devices named INGENICO 13300 and Dione Xtreme in UK, though the two terminals have passed the certification of VISA. Because of their flaw of tamper resistant, an adversary can modify the device and monitor the non-encrypted data between the terminal and IC card.With the exception of smart cards, secure USB flash disks face serious security threats. In 2004, FrceOTFE group designed mobile device management software to encrypt the USB disk, but there were too many threats such as virus and reverse en-gineering in Windows user mode. In 2009, Sophos Company employed password for authentication, but the adversary can still assemble the flash disk and read the data with the help of specific device. In 2009, CE-Infosys designed a personal mobile storage security solution CompuSec Mobile which implemented storage encryption and signa-ture, but this product was only for personal users and short of universality. In 2010, Aigo and Kingston respectively issued secure flash disk named L8267 secure version and DataTraveler 5000.Both of them adopted password authentication and flash en-cryption, which had been popularized widely. However, their design schemes were not made public, so there might be some security problems. In the same year, Kingston recalled three DataTraveler disk because their driver had some flaws which was broken by SySS Company. At present, secure USB disks encounter some problems:USB bus monitor, application for big group, and corruption attack.Since Kocher proposed timing attack in Crypto’96, the side channel attacks against cryptographic device have developed rapidly. Power analysis attack is the most practical method in this field. In 1999, Simple Power Analysis, Differential Power Analysis, and High-order Differential Power Analysis were presented by Kocher. In the same year, Goubin and Chari respectively proposed the earliest masking schemes which could resist the power analysis attack. Soon after, the Collision Attack pro-posed by Schramm in FSE’03 and the Correlation Power Analysis proposed by Brier in CHES’04 became research hotspots in this direction. The counterwork between masking and power analysis attack has become very intense in recent years. In the present, high-order DPA is regarded as the best way against masking. In 2005, Joye et al. designed a optimal second-order DPA which can efficiently break the masked AES. In the direction of collision attack, Bogdanov presented Multiple-Differential Collision Attacks, but the masking is still against the collision attack effectively.In the past few years, the security model of cryptographic SoC, cryptography engi-neering implementation standard, secure interface technology, and side channel attack have become important directions in cryptography engineering. The Research on these key technologies of cryptographic SoC has great significance. In this paper, we study security model of cryptographic device, attacks and countermeasures of secure USB flash disk, key management in software layer, collision attack and detection, and barrel shifter in cryptographic algorithm’s reconfigurability in detail. The main innovations are as follows:1. The bottom-up idea in cryptography engineering is combined with the univer-sally composable security model. A security proof idea which can prove the security of cryptographic module consisting of software, hardware, and proto-cols is presented. According to the security model, some design principles of cryptographic devices are given.2. A USB bus monitor attack is designed and implemented, which can attack the overwhelming majority of USB flash disk effectively. Some problems such as monitored bus, application in big group, corruption attack, and so on are gen-eralized. Accordingly, a set of cryptographic security strategy for group secure flash disk and a concrete authenticated key exchange protocol are designed. As a result, the aforementioned three problems are solved effectively, and security evaluation and efficiency analysis are given.3. A key management scheme based on function driver and its implementation tech-nology is proposed. After analysis, our scheme has a outstanding superiority for resisting virus, corruption, and reverse engineering, so the software implementa-tion of cryptography engineering has regulations to abide by.4. In the situation that collision attack is hard to break the masking, a new distin-guisher for collision attack is presented. Taking the masked AES implementation for example, some concrete attack steps are designed. After the experiments and efficiency analysis, we can conclude that our scheme can attack the masked AES implementation scheme proposed by Herbst in 2006 effectively. 5. A method named key point voting test is proposed, which can overcome the problem of glitch and lack of key point in collision detection of power analysis. Accordingly, this method can be combined with Bogdanov’s binary voting test in order to overcome the inaccuracy from glitch and voltage instability, which we called "second-order binary voting test". Then, we improve the trinary voting test of Bogdanov, which can increase the efficiency of collision detection.6. After analyzing all kinds of block ciphers roundly, a "3-in-1" barrel shifter and its four implementation schemes are proposed. According to the synthesis and optimization in FPGA, we know that the time and area is reduced by 19.7% and 31.9% than the ones of classical "4-in-1" scheme respectively and the new schemes are of great practical use.