| With mass application in banking and e-passport, smart card becomes very important information security product. Cryptographic technology is the core of smart card. To ensure the security of cryptographic applications, strong algorithms proven by the strict mathematical demonstration are widely used in smart card, such as 3DES, AES, RSA and ECC. These algorithms can hardly be compromised by the traditional cryptanalysis in the real world. Side channel attack is the attack technology which exploits the vulnerabilities of implementation of cryptographic algorithms and now becomes the biggest threat to smart card security. Power analysis attack which belongs to the side channel attack is especially powerful because of low cost, easy-to-mount and significant attack effect. Among the different branches of power analysis attack, simple power analysis(SPA) and differential power analysis(DPA) are deeply researched by academy for many years and effective countermeasures are already widely adopted in the industry field. However, for template attack, which is an important branch of the power analysis attack, far less research is made by academy and even no enough attention is paid in the industry field. Systematically researching the methodology, application scenarios and important experimental techniques of the template attack will help the industry to fully understand and counteract such attack.This thesis researches the general methodology and various application scenarios for the template attack. Also the advantages of the template attack compared to the traditional DPA are analyzed. When the preconditions are met, the template attack is applicable to more attack scenarios than DPA. The template attack can not only target the intermediate value of a cryptographic algorithm just like DPA does, but also target the attack scenarios where DPA is not applicable. For example, the template attack can attack the key loading process before the algorithm execution and attack the random number used in the masking countermeasure to bypass the defense, etc. Furthermore, one can combine the template attack with the traditional DPA attack to establish the so-called template-based DPA attack. This combined attack method has great efficiency and the required power traces for a successful attack are at least one order of magnitude less than the traditional DPA.In the experimental practice, with the template attack a good result on the AES-256 RSM presented by DPA contest V4 is achieved. This AES-256 RSM is a software implementation on the Atmel ATMega-163 smart card and is protected by the random sbox masking(RSM) countermeasure. The experiment verifies the main advantages of the template attack. The outcomes of the experiment include:(1) using template attack to accurately predict the random number required by the RSM countermeasure to bypass the defense, which can not be achieved by the traditional DPA,(2) successfully retrieving the key with the template-based DPA method and proving the high efficiency of this method,(3) applying several experimental skills to achieve the good result, e.g. building templates with both Sbox input operation and Sbox output operation and choosing the feature points with global correlation coefficient ranking strategy in order to characterize the leakage points for the different positions of a power trace,(4) comparing the different effects when different numbers of feature points and power traces are used during the template building. The method, procedure and result of the experiment in this paper can offer useful practical references for the template attack research.According to the result of this thesis, template attack is a very powerful attack technique which is practical to the smart card. It’s urgent for the industry developers to fully understand template attack and research the suitable countermeasures. |
PDF Full Text Request