本文選題：RSA　切入點(diǎn)：ECC　出處：《上海交通大學(xué)》2014年博士論文

【摘要】：隨著信息技術(shù)的發(fā)展，信息安全也越來越受到社會的廣泛關(guān)注與重視，使得可以實(shí)現(xiàn)多種密碼技術(shù)的公鑰密碼學(xué)也得到廣泛應(yīng)用。為了更加安全和高效，通常在嵌入式設(shè)備中硬件實(shí)現(xiàn)公鑰密碼算法。然而這又很容易引起邊信道攻擊。邊信道攻擊指的是攻擊者通過分析安全芯片進(jìn)行密碼運(yùn)算時泄露出來的邊信道信息而獲取密鑰。一般來說，邊信道信息主要包括密碼運(yùn)算的運(yùn)行時間、功耗、電磁輻射、錯誤結(jié)果等。與之對應(yīng)的攻擊分別是時間分析攻擊、功耗分析攻擊、電磁輻射分析攻擊、故障注入分析攻擊。其中功耗分析又分為簡單功耗分析和差分功耗分析。電磁輻射分析與功耗分析在分析方法上是一樣的，只是采集的信號不同而已。 本文主要研究了邊信道攻擊（包括功耗分析攻擊、電磁輻射分析攻擊、故障注入分析攻擊）的理論基礎(chǔ)。并介紹了針對于公鑰密碼算法RSA和ECC的邊信道攻擊及其防御措施。在這些攻擊與防御措施的基礎(chǔ)上結(jié)合RSA和ECC算法的特性研究了一些安全性高且性能快的方法抵抗邊信道攻擊。為了進(jìn)一步提高性能，研究RSA和ECC算法的硬件實(shí)現(xiàn)，，尤其是基本單元模乘器的硬件實(shí)現(xiàn)，以軟硬件結(jié)合的方式實(shí)現(xiàn)抗邊信道攻擊方法。最后搭建邊信道攻擊平臺來驗證具體的防御措施。在研究過程中，我們?nèi)〉玫某晒缦拢?1、研究了基于隨機(jī)化加法鏈的MIST模冪算法，針對該算法容易受到簡單功耗分析攻擊的問題，提出一種既安全又高效的抗簡單功耗分析攻擊的MIST模冪算法，該算法通過添加一些無效的操作使其可以抵抗簡單功耗分析攻擊，修改除數(shù)的選擇以提高效率。利用同樣的思想應(yīng)用于標(biāo)量乘算法中，則這樣的標(biāo)量乘算法也可以抵抗簡單功耗分析攻擊。 2、分析了針對于模數(shù)n的故障注入分析攻擊，根據(jù)該攻擊的特點(diǎn)提出一種抵抗故障注入分析攻擊的MIST模冪算法,該算法是在原有MIST算法的基礎(chǔ)上增加了模數(shù)n的完整性驗證以及計算兩次最后一步運(yùn)算并比較兩次的運(yùn)算結(jié)果，如果正確則返回，反之返回0。 3、研究了各種ECC的功耗分析攻擊的防御方法，發(fā)現(xiàn)大多數(shù)方法都是以犧牲性能為代價。本文在非鄰接表示編碼基礎(chǔ)上，結(jié)合窗口技術(shù)(選用兩位長的窗口)，提出了一種高效的抵抗簡單功耗分析的多標(biāo)量乘算法，并利用隨機(jī)分割標(biāo)量的方法，將一個標(biāo)量乘算法變成多標(biāo)量乘算法，使得提出的標(biāo)量乘算法既可以抵抗簡單功耗分析也可以抵抗差分功耗分析，同時又不犧牲性能。 4、研究了抗邊信道攻擊技術(shù)實(shí)現(xiàn)相關(guān)問題，基于優(yōu)化的蒙哥馬利算法，利用兩個32位乘法器設(shè)計了一種高效的模乘架構(gòu)，進(jìn)而硬件實(shí)現(xiàn)RSA和ECC算法，并以軟硬件結(jié)合的方式實(shí)現(xiàn)抗邊信道攻擊方法，最后搭建攻擊平臺驗證了所提出的抗攻擊方法非常有效。
[Abstract]:With the development of information technology, more and more attention has been paid to information security, which makes public key cryptography, which can realize many kinds of cryptography, widely used. Public key cryptography algorithm is usually implemented in embedded devices. However, it is easy to cause side channel attack. Edge channel attack refers to the side channel information that is leaked by an attacker by analyzing the security chip to perform cryptographic operation. To obtain the key. Generally speaking, The side channel information mainly includes the operation time, power consumption, electromagnetic radiation, error result, etc. The corresponding attacks are time analysis attack, power analysis attack, electromagnetic radiation analysis attack, etc. Power analysis is divided into simple power analysis and differential power analysis. Electromagnetic radiation analysis and power analysis are the same in the analysis method, but the collected signals are different. In this paper, edge channel attacks (including power analysis attacks, electromagnetic radiation analysis attacks) are studied. The theory foundation of fault injection analysis attack is introduced, and the side channel attack and its defense measures against public key cryptographic algorithms RSA and ECC are introduced. On the basis of these attacks and defense measures, the characteristics of RSA and ECC algorithms are studied. Some high security and fast performance methods are proposed to resist edge channel attacks. The hardware implementation of RSA and ECC algorithm, especially the hardware implementation of basic modular multiplier, is studied. The method of anti-side channel attack is implemented by combining software and hardware. Finally, a side channel attack platform is built to verify the specific defense measures. In the process of research, we have achieved the following results:. 1. The MIST modular power algorithm based on random addition chain is studied. Aiming at the problem that the algorithm is vulnerable to simple power analysis attack, a safe and efficient MIST modular power algorithm against simple power analysis attack is proposed. By adding some invalid operations, the algorithm can resist simple power analysis attacks and modify the selection of divisor to improve its efficiency. The algorithm is applied to scalar multiplication algorithm with the same idea. This scalar multiplication algorithm can also resist simple power analysis attacks. 2. The fault injection analysis attack aimed at modulus n is analyzed. According to the characteristics of the attack, a MIST modular power algorithm is proposed to resist the fault injection analysis attack. Based on the original MIST algorithm, the algorithm adds the integrity verification of modulus n, calculates two last step operations and compares the results of two operations. If correct, the algorithm returns 0. 3. The defense methods of various ECC power analysis attacks are studied, and it is found that most of them are at the expense of performance. Combined with window technique (selecting two bits long window), this paper presents an efficient multi-scalar multiplication algorithm to resist simple power analysis, and transforms a scalar multiplication algorithm into a multi-scalar multiplication algorithm by using the method of random partitioning scalar. The proposed scalar multiplication algorithm can resist both simple power analysis and differential power analysis without sacrificing performance. 4. Based on the optimized Montgomery algorithm, an efficient modular multiplication architecture is designed by using two 32-bit multipliers, and then the RSA and ECC algorithms are implemented by hardware. The anti-side channel attack method is implemented by combining software and hardware. Finally, the attack platform is built to verify that the proposed anti-attack method is very effective.
【學(xué)位授予單位】：上海交通大學(xué)
【學(xué)位級別】：博士
【學(xué)位授予年份】：2014
【分類號】：TN918.4

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 吳文玲,蒙楊,馮登國,卿斯?jié)h;SERPENT和SAFER密碼算法的能量攻擊[J];電子學(xué)報;2001年01期

2 張蕾;吳文玲;;SMS4密碼算法的差分故障攻擊[J];計算機(jī)學(xué)報;2006年09期

3 鄧高明;趙強(qiáng);張鵬;陳開顏;劉曉芹;;針對密碼芯片的電磁頻域模板分析攻擊[J];計算機(jī)學(xué)報;2009年04期

相關(guān)博士學(xué)位論文 前4條

1 樂大珩;抗功耗攻擊的密碼芯片電路級防護(hù)關(guān)鍵技術(shù)研究[D];國防科學(xué)技術(shù)大學(xué);2011年

2 張寧;能量分析攻擊下安全的橢圓曲線標(biāo)量乘法[D];西安電子科技大學(xué);2007年

3 陳華鋒;橢圓曲線密碼算法及芯片實(shí)現(xiàn)方法研究[D];浙江大學(xué);2008年

4 孫春輝;邊信道攻擊及防御的研究與實(shí)現(xiàn)[D];西安電子科技大學(xué);2012年

本文編號：1683366