Power Analysis And Fault Analysis Of Block Cipher And Their Countermeasures

With the rapid spread of personal computers and quick development of e-commerce, etc., the demand for secure communication increases remarkably and the usage of cryptographic devices expands greatly in daily lives. Cryptographic products consist of several important components:cryptographic algorithm, protocol, terminal user, hardware circuit and software system. In traditional cryptographic analysis, researchers mainly concentrate on properties of mathematics used in cryptographic algorithm and protocol, and fraud the terminal users may conduct. Paul Kocher’s work provides a new branch to cryptanalysis, namely, side channel analysis. It focus on physical char-acteristics and faulty information of the working devices. Features of hardware circuits and software systems are taken into consideration there.Two most effective side channel analysis methods are power analysis and fault analysis. Power analysis makes use of the device’s power consumption. After recording the power consumption with an oscilloscope, differential attack, template attack or collision attack can by applied to recover the key byte. One branch of fault analysis tries to recover the used key byte through fault information emerged in the running process. Different input data consume different amounts of time to obtain the correct output data. Given a fixed clock period, one part of input data may output correctly while the other part goes wrong. The minimum clock periods needed corresponding to certain input data are called fault sensitive information, which forms the attack foundation of Fault Sensitive Analysis. The other branch studies multifarious methods to induce faults into the device. The most time-consuming steps of power analysis and fault sensitive analysis are the acquisition of power traces and of fault sensitive information respectively.Private key cryptography requires less computing resources and less memory space in comparison with public key cryptography. Public key algorithms are applied to dis-tribute the session key. Private key algorithms are employed to encrypt data. Cryp-tographic devices such as UKEY, SIM card. etc. meet confidentiality requirements needed in routine work by adopting private key algorithms. This paper latches attacks against a private key algorithm-AES and provides certain countermeasures. It achieves the following results:1. In correlation coefficient power analysis, people records large amounts of power consumption traces and correlates them to the intermediate value for each guessed key value. The value with the largest correlation coefficient is singled out as the correct one. As mentioned above, power trace recording is quite time-consuming. Thus, we propose2D-CPA to decrease the requirements of power traces by making full use of leakage information concealed in different positions of the trace. AES is implemented in8051MCU in assembly language. Attacks against it proves2D-CPA to be quite effective. What’s more, this paper analyzes different side-channel countermeasures, compares their validity in thwarting2D-CPA and provides potential countermeasures against this attack.2. To hardware implementations, we propose a timing simulation method to obtain fault sensitive information. This process runs on a computer without manual inter-vention and the time needed can be ignored when considering time complexity of an attack. Then, a clock glitch generation method is presented. Combining timing sim-ulation and clock glitch generation together, we latch an attack against masked AES implemented in hardware description language. Only10us is needed to detect whether or not the two consecutive input data to a same masked Sbox are equal. We propose four thwarting methods:random delays in combinational circuits, balanced circuits, non-reused masks and glitch clock detection.