计算机应用 ›› 2015, Vol. 35 ›› Issue (9): 2546-2552.DOI: 10.11772/j.issn.1001-9081.2015.09.2546

• 信息安全 • 上一篇    下一篇

基于智能卡实现的分组加密算法的功耗分析

付荣   

  1. 清华大学 交叉信息研究院, 北京 100084
  • 收稿日期:2015-02-11 修回日期:2015-04-11 出版日期:2015-09-10 发布日期:2015-09-17
  • 通讯作者: 付荣(1989-),男,贵州六盘人,硕士研究生,主要研究方向:智能卡差分功耗分析、侧信道分析,fu.rong1618@163.com
  • 基金资助:
    国家自然科学基金资助项目(61033001,61361136003);国家973计划项目(2011CBA00300,2011CBA00301)。

Practical power analysis of smart card implementation of block cipher

FU Rong   

  1. Institute for Interdisciplinary Information Sciences, Tsinghua University, Beijing 100084, China
  • Received:2015-02-11 Revised:2015-04-11 Online:2015-09-10 Published:2015-09-17

摘要: 针对基于智能卡硬件实现的SM4分组加密算法的物理泄露安全问题,提出了一种快速、高效的相关功耗分析方法,通过理论分析和实验研究,暴露了即使是理论上非常安全的SM4加密算法,在物理实现过程中也会泄露重要的敏感信息。首先,通过分析SM4算法的实现流程和加密特性,建立功耗分析的数学模型,并推导出解密流程和优化算法;其次,结合理论物理泄露点,搭建完整的智能卡硬件功耗分析实验系统,通过智能卡的功耗数据采集、分析、优化,研究真实智能卡的侧信道安全漏洞;最后,结合实验结果,进一步优化功耗分析,探讨嵌入式系统环境下的SM4算法安全性能。与Mifare DESFire MF3ICD40智能卡三重数据加密标准(3DES)算法侧信道分析相比,所提方法将功耗数据量从25万条降低到不足一千条,分析时间从7个多小时,减小到几分钟,并且完整地恢复了SM4的原始密钥,能有效提高硬件环境下的功耗分析效率,降低计算复杂度。

关键词: 相关功耗分析, 侧信道攻击, SM4算法, 密钥恢复成功率, 汉明重量模型

Abstract: Focusing on the security issues for SM4 encryption algorithm based on hardware implementation of smart card, a fast and efficient method of correlation power analysis was proposed. The theoretical analysis and experimental research revealed that even theoretically secure encryption algorithm might disclose important sensitive information during the physical implementation process. First, the mathematical model of the power analysis was put forward, and the decryption process and optimization algorithm of it were deduced by analyzing the theoretical implementation process and encryption features of SM4. Second, combined with the theoretical physics leak points, a complete experimental system for smart card hardware power analysis was set up, and the power consumption of smart card data including collection, analysis and optimization was analyzed through real smart card side-channel security. Finally, the experimental results were used to further optimize the power analysis, and the safety performance of SM4 algorithm in embedded system environment was explored. Compared with the Mifare DESFire MF3ICD40 3DES (Triple Data Encryption Standard) algorithm, this research reduced the amount of data consumption from 250000 to less than 1000, reduced the time consumption from more than seven hours to a few minutes, and recovered the complete restoration of the SM4 original key. The proposed method can effectively improve the power analysis efficiency under the hardware environment, and reduce the computational complexity.

Key words: correlation power analysis, side-channel attack, SM4 algorithm, key-recovery rate, Hamming weight model

中图分类号: