嵌入式密码芯片实现抗旁路攻击安全性评估技术研究

项目名称： 嵌入式密码芯片实现抗旁路攻击安全性评估技术研究

项目编号： No.61472357

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 张帆

作者单位： 浙江大学

项目金额： 80万元

中文摘要： 密码算法在嵌入式芯片运行过程中会产生时间、功耗、电磁、Cache访问、故障输出等旁路泄露，利用这些泄露进行的密码分析称之为旁路攻击。当前，各种嵌入式密码芯片均遭受旁路攻击的安全威胁，但由于旁路攻击受密码运行客观环境、攻击者主观能力影响较大，如何对不同旁路攻击方法及密码实现安全性进行定性和定量评估已成为国内外公开难题。本课题主要研究嵌入式密码芯片实现抗旁路攻击安全性评估技术，具体包括：（1）研究密码实现及安全性形式化描述方法，刻画攻击对象、攻击者能力及安全性准则；（2）研究密码旁路攻击及评估建模方法，抽取出不同旁路攻击和安全性评估的共性过程；（3）研究不同旁路分析方法评估技术，认知不同旁路分析方法优缺点及使用时机；（4）研究不同密码实现抗旁路分析安全性评估技术，分析典型实现方法、防护措施安全性；（5）研究旁路攻击评估实证、应用及扩展，指导实际芯片安全性评估、安全标准制定、密码算法设计与实现。

中文关键词： 嵌入式芯片；密码实现；旁路攻击；攻击建模；安全性评估

英文摘要： The cryptographic algorithms are normally implemented in the embedded chips. During the runtime, the chips will genenrate some side-channel information, such as timing, power, eletromanetic emmision, Cache access, or faults. The side-channel leakages can be used for cryptographic ananlyses, that is, side-channel attacks. In the recent years, many embedded chips are vulnerable to side-channel attacks. Due to the fact that the success of side-channel attacks relies on not only the environmental settings but also the capability of the adversary himself, how to conduct the security evaluation for the different implementations and differenct ciphers againtst side-channel attacks becomes an open question. This research focuses on the implmentation security evaluation for embedded cryptographic chips againtst side-channel attacks. The coverage of this reseach includes: (1) an abstractive formalization of cipher implementations and security descriptions including the attacking object, the capability of the attackers, and the security criterion; (2) a systematic modeling method and a general framework of side-channel analysis and evaluaiton, which can depict the genenral procedure of the online attacks and the offline analyses; (3) a case study of different side-channel attakcs and security evalations, which could help to understand what is the advantage of each attack and when or where to use it; (4) a case study of different cipher implemenations, which could be use to evualate the security of the implementation and the corresponding countermeasures; (5) an illustration of the systemetic framework, which can provide the guidance on how to evaluate the security of embedded chips, how to standarize the criterions, and how to design and implement cryptographic algorithms.

英文关键词： embedded chips;cryptographic implementation;side-channel attacks;attack modeling;security evaluation