本文關(guān)鍵詞：基于機器學習的密碼芯片電磁攻擊技術(shù)研究　出處：《北京郵電大學》2014年博士論文　論文類型：學位論文

  更多相關(guān)文章： 模板攻擊 電磁分析 支撐向量機 線性回歸 標準化類間方差

【摘要】：機器學習已經(jīng)成為整個計算機領(lǐng)域中最活躍、應(yīng)用潛力最明顯的技術(shù)之一,它在人臉檢測、語音識別等方面均獲得了成功應(yīng)用。近年來,國內(nèi)外部分學者將機器學習的方法引入密碼設(shè)計與分析學的研究領(lǐng)域,在為該領(lǐng)域注入新的活力的同時,也為密碼學與機器學習的綜合交叉發(fā)展,開辟了新的方向——基于機器學習的側(cè)信道攻擊。 信息系統(tǒng)是否安全取決于系統(tǒng)中最弱的組成部件,這使得密碼算法即使在數(shù)學理論上安全,也可能由于其不恰當?shù)奈锢韺崿F(xiàn)導(dǎo)致風險。側(cè)信道攻擊正是根據(jù)這一原理而實施的有效攻擊技術(shù),利用密碼算法的執(zhí)行載體——密碼芯片運算過程中泄露的各種物理信息(如功耗、電磁輻射、聲音、可見光等)來破解密鑰。相比于傳統(tǒng)的密碼分析方法,側(cè)信道攻擊技術(shù)的優(yōu)點在于具有較小的密鑰搜索空間和較好的分析效率。而機器學習能像人一樣通過經(jīng)驗不斷改善和提高自身性能。所以基于機器學習的側(cè)信道攻擊對于提高攻擊的可靠性和自動化水平有重要意義。目前該領(lǐng)域的研究工作仍然處于探索階段,許多有意義的問題有待深入探討。 相比于其它側(cè)信道攻擊方法,電磁攻擊在攻擊過程中無需與密碼系統(tǒng)直接進行電氣連接,具有隱蔽性強和難以被察覺等優(yōu)點。本文以常用的密碼算法為攻擊對象,以電磁輻射探測為主要測試手段,將機器學習的方法應(yīng)用到側(cè)信道攻擊中來,取得以下主要研究結(jié)果： (1)針對傳統(tǒng)模板攻擊方法必須已知明文或密文的缺點,提出了一種直接以密鑰為目標的單比特模板攻擊方法,該方法不僅可以減少需要構(gòu)建的模板數(shù)量,降低了計算復(fù)雜度,而且能夠利用更多的訓(xùn)練數(shù)據(jù),但是由于沒有考慮明文的影響,導(dǎo)致分類準確率偏低,為此進一步提出將攻擊區(qū)域定位在密鑰擴展階段。通過對單片機上實現(xiàn)的DES密碼算法的電磁模板攻擊實驗表明,該方法在未知明文(密文)的情況下,只需要1條測試曲線,就可以完全正確的推斷出密鑰。 (2)為了避免模板攻擊運算中出現(xiàn)協(xié)方差矩陣“病態(tài)”和數(shù)值超出浮點數(shù)表示范圍等問題,本文在保證模板匹配概率前后順序不變的前提下,通過多項式簡化和變換實現(xiàn)了一種快速的模板攻擊方法,該方法使用公共協(xié)方差矩陣代替協(xié)方差矩陣,不僅可以放松協(xié)方差矩陣可逆的限制條件,而且由于更接近真實協(xié)方差矩陣,在降低計算復(fù)雜度的同時,提高了攻擊成功率。通過協(xié)方差矩陣、公共協(xié)方差矩陣、單位矩陣的對比實驗,證明了該方法的有效性。 (3)針對有監(jiān)督學習中常見的高維數(shù)、小樣本問題,首先結(jié)合選擇和特征提取算法的優(yōu)點,提出了一種新的降維方法SPP,然后利用漢明重量模型天然具有次序性的特點,提出了一種新的SVM多分類器,將需要訓(xùn)練的二分類器數(shù)量從K(K-1)/2減少到K個。通過攻擊執(zhí)行DES軟件實現(xiàn)的8位單片機,實驗結(jié)果表明SPP方法優(yōu)于PCA方法,多分類SVM攻擊優(yōu)于模板攻擊。 (4)有監(jiān)督學習需要大量具有標記的訓(xùn)練數(shù)據(jù),而在實際情況下要得到這樣的完備數(shù)據(jù)集非常困難。為此本文提出了一種無監(jiān)督的攻擊方法。該方法首先建立密碼設(shè)備線性回歸模型,然后利用最小二乘法求出模型參數(shù),為了量化估計誤差,需要在每個抽樣點計算多重可決系數(shù)來評價模型的擬合優(yōu)度。最后為了消除“奇異尖峰”的干擾,提出了一種利用標準化類間方差進行修正的方法。實驗結(jié)果證明了該方法的有效性。
[Abstract]:Machine learning has become one of the most active fields in the computer, one of the most obvious application potential of the technology, it in face detection, speech recognition and other aspects for the successful application. In recent years, some scholars at home and abroad research field of machine learning method is introduced into the design and analysis of cryptography, in the field of inject new vitality at the same time, a comprehensive cross development for cryptography and machine learning, open up a new direction: Based on side channel attacks of machine learning.
Part of the information system security depends on whether the system is in the weakest, which makes the encryption algorithm security even in mathematical theory, it may be due to the inappropriate physical risk. Side channel attack is based on the principle and the implementation of effective attack techniques, using the execution of various physical information leakage in the operation process of cryptographic chip the carrier of cryptographic algorithms (such as power consumption, electromagnetic radiation, visible light sound, etc.) to crack the key. Compared to the traditional password analysis method, the advantages of side channel attack technology is the key search space is smaller and better efficiency. Analysis and machine learning to like people through experience and constantly improve and enhance their performance so based on side channel attack attack machine learning to improve the reliability and automation level has important significance. The current research work in this field is still in At the exploratory stage, many meaningful questions need to be discussed.
Compared to the other side channel attack, electromagnetic attack in the attack process without direct electrical connection with the password system, with strong concealment and are difficult to detect. In this paper, the advantages of cryptographic algorithms commonly used for the object of attack, with electromagnetic radiation detection as the main means of testing, the machine learning method is applied to the side channel attack in the past, the main results are as following:
(1) the traditional template attack method must be known plaintext or ciphertext shortcomings, proposes a method for directly to key target monobit template attack, this method can not only reduce the number of template construction to reduce the computational complexity, but also can use the training data more, but due to not considering the plaintext in effect, the classification accuracy is low, therefore further proposed to attack regional positioning in the key expansion stage. Through the experiment of electromagnetic template attack of DES algorithm to achieve the show that the method in the case of Zhi Mingwen (ciphertext), only 1 test curve, can be completely correct to infer the key.
(2) in order to avoid the template attack operation covariance matrix is "sick" and the value is out of range of issues such as floating point representation, based on the template matching to ensure the order before and after the premise probability at the same time, through the polynomial simplification and transformation to achieve a fast template attack method, this method uses a common covariance matrix instead of the covariance matrix, not only can relax the restrictions of covariance matrix invertible, and the closer to the true covariance matrix, the computation complexity while reducing, improve the success rate of attacks. The public covariance matrix, covariance matrix, experimental unit matrix, proves the validity of the method.
(3) for supervised learning in high dimension, small sample problem, combined with the advantages of first selection and feature extraction algorithm, proposes a dimensionality reduction method of the new SPP, and then the natural order has the characteristics of Hamming weight model, this paper proposes a new SVM multi classifier, number two the classifier will need training from K (K-1) /2 reduced to K. Through the execution of the attack 8 bit microcontroller DES software, the experimental results show that SPP method is better than the PCA method, multi classification of SVM attacks is better than the template attack.
(4) supervised learning needs a large amount of training data is labeled, and in actual situation to get a complete set of such data is very difficult. This paper proposes an unsupervised method of attack. The method firstly builds a cryptographic device linear regression model, and then use the minimum two multiplication to calculate the parameters of the model, in order to quantitatively estimate error, need to calculate the fitting multiple coefficient of determination to evaluate the goodness of the model at each sampling point. Finally, in order to eliminate interference of singular peak ", put forward a correction method using standard variance. The experimental results demonstrate the effectiveness of the method.

【學位授予單位】：北京郵電大學
【學位級別】：博士
【學位授予年份】：2014
【分類號】：TN918.1

【參考文獻】

相關(guān)期刊論文 前10條

1 柳琰;;直面新型網(wǎng)絡(luò)武器威脅 果斷采取保密防護措施[J];保密科學技術(shù);2012年08期

2 張鵬;鄧高明;陳開顏;趙強;;針對AES密碼芯片的遠場相關(guān)性電磁分析攻擊[J];華中科技大學學報(自然科學版);2009年08期

3 張文濤 ,卿斯?jié)h ,吳文玲;對低輪SAFER++的差分-非線性密碼分析[J];計算機研究與發(fā)展;2003年06期

4 韓軍;曾曉洋;湯庭鰲;;基于時間隨機化的密碼芯片防攻擊方法[J];計算機工程;2007年02期

5 鄧高明;趙強;張鵬;陳開顏;劉曉芹;;針對密碼芯片的電磁頻域模板分析攻擊[J];計算機學報;2009年04期

6 丁國良;李志祥;尹文龍;趙強;;高級數(shù)據(jù)加密標準的差分電磁分析[J];計算機應(yīng)用;2009年08期

7 鄧高明;張鵬;趙強;陳開顏;;基于PCA和SVM的電磁模板分析攻擊[J];計算機測量與控制;2009年09期

8 周建欽;何凌云;;DES加密算法的密鑰擴展[J];科技通報;2011年02期

9 武傳坤;;棱鏡折射出了什么?[J];科學世界;2013年08期

10 賀也平,吳文玲,卿斯?jié)h;截斷差分-線性密碼分析[J];軟件學報;2000年10期

相關(guān)博士學位論文 前3條

1 樂大珩;抗功耗攻擊的密碼芯片電路級防護關(guān)鍵技術(shù)研究[D];國防科學技術(shù)大學;2011年

2 張濤;面向密碼芯片的旁路攻擊關(guān)鍵技術(shù)研究[D];電子科技大學;2008年

3 孫春輝;邊信道攻擊及防御的研究與實現(xiàn)[D];西安電子科技大學;2012年

，

本文編號：1400478