基于SM3的动态令牌的能量分析攻击方法

doi:10.11959/j.issn.1000-436x.2017066

通信学报 ›› 2017, Vol. 38 ›› Issue (3): 65-72.doi: 10.11959/j.issn.1000-436x.2017066

基于SM3的动态令牌的能量分析攻击方法

杜之波,吴震,王敏,饶金涛

成都信息工程大学信息安全工程学院，四川成都 610225

修回日期:2017-01-16 出版日期:2017-03-01 发布日期:2017-04-13
作者简介:杜之波（1982-），男，山东冠县人，成都信息工程大学讲师，主要研究方向为信息安全、侧信道攻击与防御、天线应用和物联网安全。|吴震（1975-），男，江苏苏州人，成都信息工程大学副教授，主要研究方向为信息安全、密码学、侧信道攻击与防御、信息安全设备设计与检测。|王敏（1977-），女，四川资阳人，成都信息工程大学讲师，主要研究方向为网络攻防、侧信道攻击与防御。|饶金涛（1985-），男，湖北黄冈人，成都信息工程大学助教，主要研究方向为信息安全、嵌入式系统安全、侧信道攻击与防御。
基金资助:
国家重大科技专项基金资助项目(2014ZX01032401-001);国家高技术研究发展计划（“863”计划）基金资助项目(2012AA01A403);“十二五”国家密码发展基金资助项目(MMJJ201101022);四川省科技计划基金资助项目(2017GZ0313);四川省教育厅科研基金资助项目(17ZB0082);成都信息工程大学科研人才基金资助项目(XAKYXM008);成都信息工程大学科研人才基金资助项目(XAKYXM009);成都信息工程大学科研人才基金资助项目(XAKYXM010);成都信息工程大学科研人才基金资助项目(XAKYXM011)

Power analysis attack of dynamic password token based on SM3

Zhi-bo DU,Zhen WU,Min WANG,Jin-tao RAO

College of Information Security Engineering,Chengdu University of Information Technology,Chengdu 610225,China

Revised:2017-01-16 Online:2017-03-01 Published:2017-04-13
Supported by:
The National Science and Technology Major Project(2014ZX01032401-001);The National High Technology Research and Development Program (863 Program)(2012AA01A403);“The 12th Five-Years” National Cryptogram Development Fund(MMJJ201101022);Sichuan Province Science and Technology Program(2017GZ0313);Sichuan Provincial Education Department Scientific Research Projects(17ZB0082);The Scientific Research Talent Fund of CUIT(XAKYXM008);The Scientific Research Talent Fund of CUIT(XAKYXM009);The Scientific Research Talent Fund of CUIT(XAKYXM010);The Scientific Research Talent Fund of CUIT(XAKYXM011)

摘要/Abstract

摘要：

提出一种针对基于 SM3 的动态令牌实施的能量分析攻击新方法，首次提出选择置换函数的输出作为能量分析攻击的目标，并将攻击结果联立得到方程组。根据给出的逆置换函数求解方程组，即可破解最终的密钥。通过实测攻击实验，验证了该攻击方法的有效性，这就很好地解决了直接选择密钥作为能量分析攻击目标所产生的问题，同时，引入中间变量作为能量分析攻击目标破解密钥方法，还可以应用于针对其他密码算法的能量分析攻击中。

关键词: 动态令牌, SM3算法, 能量分析攻击, 置换函数的输出, 逆置换函数

Abstract:

A novel method of the power analysis attack of dynamic password token based on SM3 was first proposed to choose the permutation function output as the power analysis attack target，and the simultaneous equations about the key were composed of the attack results.According to the given inverse permutation function,the key was derived by solving the simultaneous equations based on the inverse permutation function.Measured results are presented to validate the proposed method was effective.The proposed method solved the problems of permutation function keys for direct selection of target as an energy analysis attack target.And the proposed method can also be applied to the power analysis attack of the other cryptographic algorithms.

Key words: dynamic password token, SM3 algorithm, power analysis attack, permutation function output

中图分类号:

TP309.1

杜之波,吴震,王敏,饶金涛. 基于SM3的动态令牌的能量分析攻击方法[J]. 通信学报, 2017, 38(3): 65-72.

Zhi-bo DU,Zhen WU,Min WANG,Jin-tao RAO. Power analysis attack of dynamic password token based on SM3[J]. Journal on Communications, 2017, 38(3): 65-72.

图/表 9

图1

图2

图3

图4

图5

图6

图7

图8

表1

参考文献 14

[1]	KOCHER P C , . Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]// The 16th Annual International Cryptology Conference. Santa Barbara,United States, 1996: 104-113.
[2]	KOCHER P , JAFFE J , JUN B . Differential power analysis[C]// The 19th Annual International Cryptology Conference Santa Barbara. 1999: 388-397.
[3]	JEAN-JACQUES Q . A new tool for non-intrusive analysis of smart cards based on electromagnetic emissions,the SEMA and DEMA methods.Presented at the rump session of EUROCRYPT 2000[C]// Rump Session. 2000.
[4]	DAN B , RICHARD A D , RICHARD J L . On the importance of checking cryptographic protocols for faults[C]// Springer. 1997: 37-51.
[5]	杜之波, 吴震, 王敏 ,等. 针对基于 SM3 的 HMAC 的能量分析攻击方法[J]. 通信学报, 2016,37(5): 38-43.
	DU Z B , WU Z , WANG M ,et al. Power analysis attack of HMAC based on SM3[J]. Journal on Communications, 2016,37(5): 38-43.
[6]	XIE J , SUN W , GU D ,et al. Research on differential power analysis of HMAC-SM3[C]// 2015 International Conference on Computer Science and Intelligent Communication. 2015: 103-106.
[7]	GUO L , WANG L , LIU D ,et al. A chosen-plaintext differential power analysis attack on HMAC-SM3[C]// The 11th International Conference on Computational Intelligence and Security. 2015: 350-353.
[8]	GUO L , WANG L , LI Q ,et al. A first-order differential power analysis attack on HMAC-SM3[C]// The First International Conference on Information Science and Electronic Technology. 2015: 94-97.
[9]	GUO L , WANG L , LI Q ,et al. Differential power analysis on dynamic password token based on SM3 algorithm,and countermeasures[C]// The 11th International Conference on Computational Intelligence and Security. 2015: 354-357.
[10]	STEFAN M , ELISABETH O , THOMAS P . Power analysis attacks:revealing the secrets of smart cards[M]. Springer Science & Business Media, 2008.
[11]	杜之波, 吴震, 王敏 ,等. 针对 SM4 轮输出的改进型选择明文功耗分析攻击[J]. 通信学报, 2015,36(10): 85-91.
	DU Z B , WU Z , WANG M ,et al. Improved chosen-plaintext power analysis attack against SM4 at the round-output[J]. Journal on Communications, 2015,36(10): 85-91.
[12]	王敏, 杜之波, 吴震 ,等. 针对 SMS4 轮输出的选择明文能量分析攻击[J]. 通信学报, 2015,36(1):2015016.
	WANG M , DU Z B , WU Z ,et al. Chosen-plaintext power analysis attack against SMS4 with the round-output as the intermediate data[J].2015016. Journal on Communications, 2015,36(1):
[13]	HYUNJIN A , NEIL H , MAIRE O ,et al. An improved second-order power analysis attack based on a new refined expecter[C]// Springer. 2015: 174-186.
[14]	WANG S , GU D W , LIU J R ,et al. A power analysis on SMS4 using the chosen plaintext method[C]// International Conference on Computational Intelligence & Security. 2013: 748-752.

攻击方法	攻击对象	密钥搜索空间	时间复杂度	攻击时间	是否成功
	W ₀和W₃	2 ⁶⁴	O(1 000× 2 ⁶⁴)	2 ³² ×620天	未完成攻击
直接攻击	W ₁	2 ³²	O(1 000× 2 ³²)	620天	未完成攻击
	W ₂	2 ³²	O(1 000× 2 ³²)	620天	未完成攻击
间接攻击	W ₀、W ₁、W ₂和W ₃	2⁸	O(1 000× 2 ³²)	11 s	是

基于SM3的动态令牌的能量分析攻击方法

Power analysis attack of dynamic password token based on SM3

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 14

相关文章 8

Metrics

推荐阅读 0

[1]	徐明,史量. 基于伪四维投射坐标的多基链标量乘法[J]. 通信学报, 2018, 39(5): 74-84.
[2]	吴震,王敏,饶金涛,杜之波,王胜,张凌浩. 针对基于SM3的HMAC的互信息能量分析攻击[J]. 通信学报, 2016, 37(Z1): 57-62.
[3]	杜之波,孙元华,王燚. 针对AES密码算法的多点联合能量分析攻击[J]. 通信学报, 2016, 37(Z1): 78-84.
[4]	杜之波,吴震,王敏,饶金涛. 针对基于SM3的HMAC的能量分析攻击方法[J]. 通信学报, 2016, 37(5): 38-43.
[5]	杜之波,吴震,王敏,饶金涛. 针对SM4轮输出的改进型选择明文功耗分析攻击[J]. 通信学报, 2015, 36(10): 85-91.
[6]	王敏,杜之波,吴震,饶金涛. 针对SMS4轮输出的选择明文能量分析攻击[J]. 通信学报, 2015, 36(1): 142-148.
[7]	甘刚,王敏,杜之波,吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 156-161.
[8]	甘刚，王敏，杜之波，吴震. 基于Montgomery算法安全漏洞的SPA攻击算法[J]. 通信学报, 2013, 34(Z1): 20-161.