分布式系统中抵御错误注入攻击的优化设计

doi:10.11772/j.issn.1001-9081.2016.02.0495

计算机应用 ›› 2016, Vol. 36 ›› Issue (2): 495-498.DOI: 10.11772/j.issn.1001-9081.2016.02.0495

分布式系统中抵御错误注入攻击的优化设计

文亮, 江维, 潘雄, 周可染, 董琪, 王峻龙

电子科技大学信息与软件工程学院, 成都 610054

收稿日期:2015-07-02 修回日期:2015-09-09 出版日期:2016-02-10 发布日期:2016-02-03
通讯作者: 文亮(1990-),男,四川绵阳人,硕士研究生,主要研究方向:分布式系统。
作者简介:江维(1981-),男,四川乐山人,副教授,博士,主要研究方向:可信计算、分布式实时系统、无线网络;潘雄(1990-),男,湖北孝感人,硕士研究生,主要研究方向:可信嵌入式系统能耗优化;周可染(1991-),男,辽宁沈阳人,硕士研究生,主要研究方向:软件工程、信息管理系统、嵌入式系统;董琪(1992-),男,山东临沂人,硕士研究生,主要研究方向:混合关键系统、嵌入式系统;王峻龙(1993-),男,四川乐山人,硕士研究生,主要研究方向:可信计算、分布式计算、嵌入式系统。
基金资助:
核高基重大专项(2012ZX01033001-001);国家自然科学基金资助项目(61300092,61003032);中央高校基本科研业务费专项资金资助项目(ZYGX2013J068)。

Optimization design of preventing fault injection attack on distributed embedded systems

WEN Liang, JIANG Wei, PAN Xiong, ZHOU Keran, DONG Qi, WANG Junlong

School of Information and Software Engineering, University of Electronic Science and Technology of China, Chengdu Sichuan 610054, China

Received:2015-07-02 Revised:2015-09-09 Online:2016-02-10 Published:2016-02-03

摘要/Abstract

摘要： 安全关键分布式系统面临恶意窃听和错误注入攻击的挑战。以往研究主要针对防止恶意窃听,即考虑提供保密性服务,而忽略了错误注入的安全威胁。针对上述问题,考虑为消息的加解密过程进行错误检测,并最大化系统的错误覆盖率,最小化系统的异构度。首先选取AES对消息进行加解密;然后基于错误检测码确定了五种不同的错误检测方案,并求出了对应的错误覆盖率及时间开销;最后在保证实时性的约束下,提出了一种基于模拟退火(SA)的启发式算法,该算法能最大化系统的错误覆盖率和最小化系统的异构度。实验结果表明,所提算法与贪心算法相比,目标函数值提高了18%以上,该算法具有一定有效性和健壮性。

关键词: 恶意窃听, 错误注入攻击, 保密性服务, 错误覆盖率, 模拟退火

Abstract: Security-critical distributed systems have faced with malicious snooping and fault injection attack challenges. Traditional researches mainly focus on preventing malicious snooping which disregard fault injection attack threat. Concerning the above problem, the fault detection for message' encryption/decryption was considered, to maximize the fault coverage and minimize the heterogeneous degree of the messages' fault coverage. Firstly, Advanced Encryption Standard (AES) was used to protect confidentiality. Secondly, five fault detection schemes were proposed, and their fault coverage rates and time overheads were derived and measured, respectively. Finally, an efficient heuristic algorithm based on Simulated Annealing (SA) under the real-time constraint was proposed, which can maximize the fault coverage and minimize the heterogeneity. The experimental results show that the objective function value achieved by the proposed algorithm is 18% higher than that of the greedy algorithm at least, verifying the efficiency and robustness of the proposed algorithm.

Key words: malicious snooping, fault injection attack, confidentiality service, fault coverage, Simulated Annealing(SA)

中图分类号:

文亮, 江维, 潘雄, 周可染, 董琪, 王峻龙. 分布式系统中抵御错误注入攻击的优化设计[J]. 计算机应用, 2016, 36(2): 495-498.

WEN Liang, JIANG Wei, PAN Xiong, ZHOU Keran, DONG Qi, WANG Junlong. Optimization design of preventing fault injection attack on distributed embedded systems[J]. Journal of Computer Applications, 2016, 36(2): 495-498.

参考文献

[1] SAGSTETTER F, LUKASIEWYCZ M, STEINHORST S, et al. Security challenges in automotive hardware/software architecture design[C]//DATA 2013: Proceedings of the 2013 Conference on Design, Automation and Test in Europe. San Jose, CA: EDA Consortium, 2013: 458-463.
[2] MUNDHENK P, STEINHORST S, LUKASIEWYCZ M, et al. Lightweight authentication for secure automotive networks[C]//DATA 2015: Proceedings of the 2015 Conference on Design, Automation and Test in Europe. San Jose, CA: EDA Consortium, 2015: 285-288
[3] LIN C-W, ZHU Q, PHUNG C, et al. Security-aware mapping for CAN-based real-time distributed automotive systems[C]//ICCAD '13: Proceedings of the International Conference on Computer-Aided Design. Piscataway: IEEE. 2013: 115-121.
[4] BIHAM E, SHAMIR A. Differential cryptanalysis of the data encryption standard[M]. Berlin: Springer-Verlag, 1993: 183-192
[5] BONEH D, DEMILLO R A, LIPTON R J. On the importance of eliminating errors in cryptographic computations[J]. Journal of Cryptology, 2001, 14(2): 101-119.
[6] BERTONI G, BREVEGLIERI L, KOREN I, et al. A parity code based on concurrent fault detection for implementations of the advanced encryption standard[C]//DFT '02: Proceedings of the 17th IEEE International Symposium on Defect and Fault-Tolerance in VLSI Systems. Washington, DC: IEEE Computer Society, 2002: 51-59.
[7] BERTONI G, BREVEGLIERI L, KOREN I, et al. Error analysis and detection procedures for a hardware implementation of the advanced encryption standard[J]. IEEE Transactions on Computers, 2003, 52(4): 492-505.
[8] BLÖEMER J, SEIFERT J-P. Fault based cryptanalysis of the Advanced Encryption Standard (AES)[C]//FC 2003: Proceedings of the 7th International Conference on Financial Cryptography, LNCS 2742. New York: ACM, 2001: 162-181.
[9] KARRI R, KUZNETSOV G, GOESSEL M. Parity based concurrent error detection of substitution permutation network block ciphers[C]//CHES 2003: Proceedings of the 5th International Workshop on Cryptographic Hardware and Embedded Systems, LNCS 2779. Berlin: Springer-Verlag, 2003: 113-124.
[10] MA K, WU K. LOEDAR: a low cost error detection and recovery scheme for ECC[C]//DATA 2011: Proceedings of the 2011 Conference on Design, Automation and Test in Europe. San Jose, CA: EDA Consortium, 2011: 1-6.
[11] KOCHER P, LEE R, MCGRAW G, et al. Security as a new dimension in embedded system design[C]//DAC 2004: Proceedings of the 41th Design Automation Conference. Piscataway, NJ: IEEE, 2004: 753-760.
[12] HWANG D D, SCHAUMONT P, TIRI K, et al. Securing embedded systems[J]. IEEE Security and Privacy, 2006, 4(2): 40-49.
[13] JIANG K, ELES P, PENG Z. Optimization of message encryption for distributed embedded systems with real-time constraints[C]//Proceedings of the 2011 14th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems. Piscataway, NJ: IEEE, 2011: 243-248
[14] JIANG K, ELES P, PENG Z. Co-design technique for distributed real-time embedded systems with communication security constraints[C]//DATE '12: Proceedings of the 2012 Conference on Design, Automation and Test in Europe. San Jose, CA: EDA Consortium, 2012: 947-952.
[15] AUMüLLER C, BIER P, FISCHER W, et al. Fault attacks on RSA with CRT: concrete results and practical countermeasures[C]//CHES 2002: Proceedings of the 4th International Workshop Redwood Shores on Cryptographic Hardware and Embedded Systems, LNCS 2523. Berlin: Springer-Verlag, 2002: 260-275.
[16] ELES P, PENG Z, POP P, et al. Scheduling with bus access optimization for distributed embedded systems[J]. IEEE Transactions on Very Large Scale Integration (VLSI) Systems——Special Issue on the 11th International Symposium on System-Level Synthesis And Design (ISSS '98), 2000, 8(5): 472-491.
[17] KIRKPATRICK S, GELATT C D, VECCHI M P. Optimization by simulated annealing[J]. Science, 1983, 220(4598): 671-680.
[18] ZHANG Z, SCHWARTZ S, WAGNER L, et al. A greedy algorithm for aligning DNA sequences[J]. Journal of Computational Biology, 2000, 7(1/2): 203-214.

分布式系统中抵御错误注入攻击的优化设计

Optimization design of preventing fault injection attack on distributed embedded systems

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	樊小毛, 熊红林, 赵淦森. 带约束的清洁排班问题模型及其求解[J]. 计算机应用, 2021, 41(2): 577-582.
[2]	时永鹏, 张俊杰, 夏玉杰, 高雅, 张尚伟. 基于NOMA的5G超密网计算迁移与资源分配策略[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3319-3324.
[3]	杨玮, 李然, 张堃. 基于变邻域模拟退火算法的多自动导引车任务分配优化[J]. 计算机应用, 2021, 41(10): 3056-3062.
[4]	祁玄玄, 黄家骏, 曹建安. 基于改进A^*算法的无人车路径规划[J]. 计算机应用, 2020, 40(7): 2021-2027.
[5]	曾明华, 全轲. 双层规划的改进混合布谷鸟搜索量子行为粒子群优化算法[J]. 计算机应用, 2020, 40(7): 1908-1912.
[6]	刘昂, 蒋近, 徐克锋. 改进蚁群和鸽群算法的机器人路径规划[J]. 计算机应用, 2020, 40(11): 3366-3372.
[7]	朱杰, 张文怡, 薛菲. 基于遗传模拟退火算法的立体仓库储位优化[J]. 计算机应用, 2020, 40(1): 284-291.
[8]	宋婷, 陈矛, 吴超, 张龚钊. 基于多类迭代局部搜索的自动化排课算法[J]. 计算机应用, 2019, 39(6): 1760-1765.
[9]	林立, 孟学雷, 宋仲仲. 考虑区域协调性的城际列车开行方案优化[J]. 计算机应用, 2019, 39(2): 598-603.
[10]	李飞龙, 赵春艳, 范如梦. 基于禁忌搜索算法求解随机约束满足问题[J]. 计算机应用, 2019, 39(12): 3584-3589.
[11]	张传浩, 周桥. 节点效用最大化的服务功能链构建方法[J]. 计算机应用, 2018, 38(2): 503-508.
[12]	唐海波, 林煜明, 李优, 蔡国永. 基于模拟退火与贪心策略的平衡聚类算法[J]. 计算机应用, 2018, 38(11): 3132-3138.
[13]	李方伟, 李骐, 朱江. 改进的基于隐马尔可夫模型的态势评估方法[J]. 计算机应用, 2017, 37(5): 1331-1334.
[14]	匡鹏, 吴尽昭. 维修时点预测的动态车间调度问题[J]. 计算机应用, 2016, 36(8): 2340-2345.
[15]	吴璟莉, 李先成. 求解两物种小系统发育问题的模拟退火算法[J]. 计算机应用, 2016, 36(4): 1027-1032.