Research On Power Analysis Attacks And Defense Issues Of Block Ciphers Chip

With the advancement of cipher algorithms, it is almost impossible to obtain the encryption and decryption keys by brute force attacks. However, for a real cryptosystem (such as smartcard cryptosystem), its security depends not only on the cipher algorithms, but also the hardware implementation. With the emergence of Side Channel Attacks (SCA), the safety of cipher algorithm implementation has to reinvestigated. SCA is a new way of cryptanalysis. It breaks the cryptosystem using physical information (power consumption, electromagnetic radiation, etc.) leaked from cryptographic chips during the execution of cipher algorithms. Compared with traditional brute force attacks, SCA has smaller key search space and thus better analytical performance. Power analysis attacks, one of the most efficient and menacing SCA, has been used extensively. Therefore it is necessary to investigate power analysis attack techniques in depth and propose new cipher algorithms together with its hardware implementation to defend against power analysis attacks.In this dissertation, we study the theory, methodology, and defenses of power analysis attacks for block cipher algorithms. Our research mainly focuses on four parts: efficient power analysis attack models and experiment methodologies; quantitative evaluation of the resilience of cipher chip to power analysis attacks; power analysis attacks and defenses; and the hardware implementation of SMS4with power analysis attack resistance. The major contributions of this dissertation are:Efficient power analysis attacks model and its experiments:First, an efficient power analysis attacks model was proposed. Based on the model, we developed a simulator for power analysis attacks. Furthermore, we designed and implemented an FPGA based prototype of a power analysis attack experimental platform for encryption chips and a power analysis attacks verification system based on the microcontroller AT89C51.Quantitative evaluation of the resilience of cipher chip to power analysis attack: The cipher algorithm’s ability to resist power analysis attacks is quantitative analyzed. The signal to noise ratio of the cipher chip and the number of power samples required to perform power analysis attacks successfully are used to characterize the resilience of cipher chips to power analysis attack. With these two parameters, we established a theoretical analysis model for power analysis attacks. The quantitative evaluation results can provide guidelines for designing high-resilient cipher algorithms. Attack method:In this part, we first proposed a differential power analysis attack on the SMS4cipher algorithm and studied the optimal attack point of SMS4. We also designed and implemented a differential power analysis attack system targeting the SMS4cipher algorithm. Experimental results show that the unprotected SMS4cipher algorithm is vulnerable to differential power analysis attacks. The power analysis attacks are studied systematically and a five-level leakage power analysis attack model is proposed.Defense methods:Two methods are proposed to defend against differential analysis attacks. The first one is a modified fixed-value masking method (MFVM). The fixed-value masking method is first studied for resource-constrained cryptographic chips. To overcome the disadvantages of fixed-value masking method, MFVM was proposed. We conducted experiments of modified fixed-value masking method on AES. Experimental results showed that the MFVM algorithm can be used to resist second-order differential power analysis attacks. The second method, pseudo-random fixed-value masking algorithm (PFM), was proposed in order to defend against power analysis attacks. We conducted experiments of PFM on SMS4. The experimental results show that the SMS4algorithm with PFM has the ability to effectively resist second high-order differential power analysis attacks without increasing much power and hardware resources.Prototype system:Cipher algorithms are typically implemented in hardware. There are several reasons for this:hardware implementation is faster, consumes less computing resources, and reduces CPU and memory overhead. Thus, in this dissertation, an IP core of SMS4with fixed-value masking is designed and its prototype system is implemented in FPGA.