1 Introduction

As a safe and reliable high-tech product, smart card is gradually replacing magnetic cards in China and is widely used in the financial industry and other related industries. However, some users have some misunderstandings about the smart card products. One-sidedly, all smart cards with microprocessors have high security and high reliability, which neglects this requirement. In fact, the attack method for smart cards has been developed along with the development of smart cards, which has always threatened the security of smart cards.

Currently popular is the attack method called energy analysis, which is divided into two categories: Simple Energy Analysis (SPA) and Differential Energy Analysis (DPA). SPA is a technique that directly interprets energy consumption measurements. The amount of energy consumed by the system varies with the instructions that the microprocessor executes. When the microprocessor performs operations on different parts of the encryption algorithm, the energy consumption changes can be significant. With this feature, the attacker can distinguish a single instruction and achieve the purpose of the algorithm. DPA's attack power is much stronger than SPA, and it is more difficult to guard against. It does not intuitively judge the energy consumption of the system from the SPA, but uses statistical methods to extract key-related information. Although the implementation process is more complex, it reduces the level of expertise required for the attacker's smart card.

2 differential energy analysis

During the operation of the password, the energy consumed by the smart card to execute an instruction is related to the operand of the instruction. If PI is used to represent the average energy consumed during the execution of instruction I, op1, op2, ..., opn represent the operand of I. When op1 takes different values, there is

PI is said to be related to op1, that is, PI ( 0) ≠ PI ( 1) . The differential energy analysis starts from this correlation and finally realizes the cracking of the encryption key. Let PI ( 0 ) and PI ( 1) have a difference of DI. The larger the DI, the better the DPA analysis. First-order differential energy analysis often uses the following steps:

(1) Establish an operand or intermediate variable similar to op1, with a value of α. It is required to derive its value based on known smart card information (plaintext, ciphertext) D and unknown key information, ie α = f( K, D) .

(2) Encrypt multiple sets of different plaintext separately, sample the corresponding energy signals and record the waveform.

(3) Guess the value of K and calculate the corresponding α. Divide the sampling results in ( 2) into two groups according to α = 0 and α = 1, and find the mean difference between the two groups (that is, construct a statistical function). K is guessed correctly when the mean difference between the moments of α is maximum. From the above steps, we can see that the attacker needs to have the following conditions to launch a DPA attack: Familiar with the principle structure of the encryption algorithm used in the smart card; Know the plaintext processed by the smart card or the processed ciphertext; Have the corresponding hardware conditions, use For measuring the energy consumption trajectory. Figure 1 shows the basic circuit for implementing a DPA attack.

DPA attack schematic

3 DPA attacks on smart cards commonly used encryption algorithms

According to different encryption mechanisms, encryption algorithms can be divided into two categories: symmetric encryption algorithms and asymmetric encryption algorithms. Encryption algorithms commonly used in smart cards, such as DES, 3DES, RSA, and ECC, can be attributed to these two types of algorithms. DPA was first discovered in the study of the cracking method for symmetric encryption algorithms for smart cards, but it was later found to be equally effective for cracking asymmetric encryption algorithms. Below we analyze the DPA attacks on the most representative algorithms of these two types of algorithms: DES and ECC.

3. 1 DES DPA attack

DES is the most typical example of a symmetric cryptosystem. It is an encryption algorithm published by IBM Corporation. It was completely publicized in 1977 by the US National Bureau of Standards as a federal data encryption standard. It is the most mature encryption algorithm in the world. . When DES is encrypted, the plaintext is divided into 64-bit strings of 0 and 1, and the used key length is 64 bits. DES uses a Feistel network structure with 16 iteration cycles, each cycle iterating according to equation (1):

Where f( R i - 1 , K i ) = P( S( E ( R i - 1 ) Ä« KI ) ) , K i represents the key of the ith iteration period. The iterative process is shown in Figure 2.

In the DPA analysis of DES, the intermediate operand we selected is one of the L15 values ​​of the 16th iteration process input, set to d. d The relationship between the known information and the key to be requested is as follows:

Where b is the binary bit of R 16 that is encrypted by d. C* is the bit of the input S* in R15. In each iteration, the key is divided into eight binary key blocks, one for each S box, and S* is the S box for d. K*16 is a six-bit binary key block for input S*, part of K16. K*16 is the object of cracking. As a six-digit binary key block, its value is nothing but 64, which of course includes the correct key. The following work is to find out the key in combination with actual observations.

Assume that the energy signal observed by the DES algorithm when encrypting different plaintexts is Sij (i is the plaintext number and j is the time). When the number of plaintexts is N, there will be N observations for each of the K*16 guesses. The d value is calculated by equation (2), and the observations are classified according to the value of d, as follows:

Assuming that the mean difference between S0 and S1 is T[j], considering that S0 and S1 are two subsets of the random energy signal set, the only difference is that the value of d is different when encryption proceeds to d, so S0 and S1 The mean is different. For T[ j] , if the guess key is correct, a peak will appear at the time d is processed at T[ j], T[ j] tends to zero at the moment unrelated to d; if the key is wrong, it is obtained by function D The value of d may not match the true value, which causes part of Sij to not be correctly classified into S0 and S1, which weakens the energy difference that should be present at time d. T[ j] cannot be correct with the key even if there is a peak at this moment. ratio. But the same is true at points other than d, T[ j] still tends to zero. Therefore, find the T[j] track with the largest peak among the 64, and the corresponding key block is K*16. By repeating the above process, the remaining seven S-boxes are analyzed to obtain the 48-bit key used in the 16th round. To crack the entire DES key, just do the same analysis for the previous rounds.

3. 2 ECC DPA attacks

Public key algorithms are usually based on a mathematical problem, and elliptic curve encryption algorithms are no exception. Considering the equation K = kG( K, G is the point on the elliptic curve, k is the integer less than the order of G), it is not difficult to find that given k and G, according to the elliptic curve addition rule, it is easy to calculate K; It is relatively difficult to find k and K.

We refer to point G as the base point, k as the private key, and K as the public key. ECC mainly involves a kG-like point multiplication operation. When the operation is implemented by an instruction in a smart card chip, k is often written in a binary extension form, that is, k = kn - 1 kn - 2...k0 , and kG is added. Instead of the form, as shown in the following code:

Among them, "+" is the addition on the elliptic curve, and the algorithm is different from the ordinary addition. It can be seen from the code that when the loop operation proceeds to i, the value of X[ 0] is only related to ( kn - 1 , ..., ki ) in the binary extended representation of k. If the intermediate result of X[ 0] is expressed in pM (p is an integer coefficient, incremented with the For loop, and the possible value depends on ki ), the energy consumption during the operation will be related to the bit in the pM binary representation. For example, to obtain the binary bit kn - 2 of k, we can examine the correlation of the bit in the 4M with the energy signal. Execute the above command operations for N different Ms, and observe their energy signal trajectories, denoted as S i . One bit in the 4M binary representation (such as the second bit b2) is selected as the basis for grouping S i :

S0 = < Si | b2 = 0 >

S1 = < Si |b2 = 1 >

Let the mean difference between S0 and S1 be C(t), and the value of kn-2 can be judged from its trajectory. The reason is: when d n- 2 = 0, 4M is the intermediate result, Si is related to b2, and the peak of C(t) appears at b2 corresponding time; when dn - 2 = 1, 4M is not the intermediate result, and the mean of S0 and S1 is not There is a clear difference, C(t) does not peak. And so on, we can get the values ​​of the remaining bits in the k binary representation.

4 AES candidate algorithm and DPA attack

The key used by DES is too short to meet security requirements and is gradually coming to an end. AES is an advanced data encryption standard that was initiated by the National Institute of Standards and Technology (NIST) to replace DES. Its basic requirements are: Must be a private key packet encryption algorithm with a key length of at least 128 bits. The AES candidate algorithm mentioned in this paper refers to the five algorithms selected in the second round (Twofish, Rijndael, Serpent, MARS, RC6), which all have their own unique design ideas and styles, which are quite similar to many popular attack methods. Resistance, but this does not include DPA attacks.

(1) The Twofish encryption algorithm uses a 16-round Feistel network structure to apply whitening techniques to the input and output of the network. This technical principle is relatively simple, that is, the data to be hidden and the specific key are "added" or "exclusive or", but the resulting encryption effect is very strong, and the attacker can not get the input and output of the core part. When using DPA to analyze Twofish, the key is to get the key used in the whitening process. The statistical analysis is based on the following: When the whitening key bit is 0, the plaintext binary bit of the corresponding input remains unchanged; when the whitening key bit is 1, the plaintext binary bit corresponding to the input is inverted. We can encrypt multiple sets of plaintext, collect energy signals, and find the covariance function of the plaintext binary bits and energy signals corresponding to the 128-bit whitening key. Since the two mainly read data before XOR, XOR and XOR The result of the post-write result is related, so there are few peaks in the covariance function waveform. The main observation is the peak corresponding to the time before the XOR read data and the XOR write result. The same two peak directions indicate that the key is 0, otherwise the key is 1. After obtaining the key used in the whitening process, the next step is to derive the core process key through the Twofish key generation algorithm, but this cannot be directly realized. It can only be combined with the key generation algorithm and the whitening process key to make the core process dense. The key value range is reduced and verified one by one.

(2) Rijndael uses a replacement/replacement network. When the encrypted packet and key length are both 128 bits, the number of encryption rounds is 10. At the beginning of encryption, the bytes of the input packet are loaded into a matrix State in a specific way, followed by an XOR operation with the key, not only before the round of encryption, but also during each round of encryption. After encryption, there are similar operations, except that the keys used are different, but they are all generated by the Rijndael key generation algorithm. The first XOR operation key is fully available through the DPA attack, and then the remaining rounds of keys are directly derived from the Rijndael key generation algorithm, which is much simpler than Twofish.

(3) Serpent is an algorithm that arranges 32 rounds of encryption between the initial and final permutations. It does not use whitening techniques. Each round contains key mixing operations, S-boxes, and linear transformations. The DES-like DPA analysis described above can be used for Serpent. Considering the use of Serpent's key generation algorithm to roll out the remaining rounds of keys, it is necessary to predict more than two rounds of subkeys, which means that the attacker must at least crack the encryption process of at least two of the previous 32 rounds.

It can be seen that Twofish, Rijndael, and Serpent can be used to crack the master key and other subkeys by using a simple round of DPA analysis subkeys combined with a unified relatively independent key generation algorithm. However, the same method does not apply to MARS and RC6. The main reason is that their key generation algorithms are uniquely designed, making recursive between keys difficult to implement, forcing an attacker to develop the core encryption process of the two algorithms. analysis. Encryption algorithms are always composed of basic operations. These operations have different ability to resist energy attacks. Compared with Twofish, Rijndael, Serpent, MARS and RC6 contain more fragile operations, such as XOR, table look, round Shift, arithmetic operations (addition, subtraction, multiplication), etc., some are more suitable for analysis with SPA. The original intention of the MARS and RC6 algorithm designers to use whitening technology is to enhance the protection of the core process. Once the attacker uses DPA technology to remove this protection, it can combine the SPA, DPA directly analyzes the core part and cracks the key.

(Text/1. Department of Electronic Engineering, Beijing Institute of Technology, Beijing 100081, China; 2. Department of Computer Science, Huazhong University of Science and Technology, Wuhan 430074, China; 3. China Information Security Evaluation and Certification Center, Hu Yong1, Shen Tingzhi1, Guo Tao2, Li Shoupeng 3)

Commercial Furniture

Commercial Furniture,Commercial Office Furniture,Commercial Desk,Commercial Lounge Furniture

NINGBO CHEN WEI SUPPLY CHAIN MANAGEMENT CO.,LTD , https://www.chenweifurniture.com