隨著資訊科技與網際網路的蓬勃發展,資訊安全的問題與需求,與人們的生活息息相關,因此,密碼學之相關研究已然成為現今重要的議題。除了探討密碼演算法本身的特性與結構,密碼系統的實作過程也必須納入安全分析。物理攻擊法便是藉由密碼系統運算過程中所洩漏的物理現象進行攻擊,因此即使是保證安全的密碼演算法,也會因實作過程洩漏些許資訊而可破解密碼系統。 論文中將說明物理攻擊法的基本概念,並特別針對能量消攻擊法加以說明。以現階段技術而言,差分能量攻擊法是目前最有效且易於實施的物理攻擊法。為了有效防禦差分能量攻擊法,對應的防禦方式也被廣泛的討論,其中一類利用導入亂數,致使攻擊法統計分析失效的遮罩保護機制,將於第三章介紹其概念及演進。文中用以介紹防禦技術的新一代加密器AES,將於第二章先行簡介。 在西元2001年,Akkar與Giraud發表新類型的遮罩保護機制,以提昇軟體實作的效能。由於此方法應用到AES,仍無法防止差分能量攻擊,於是,在西元2002年,Trichina等人發表提昇效能與增加安全的改進發法。然而,論文中將針對Trichina發表的方法進行弱點分析,並提出一種應用於此的差分能量攻擊法。 為了兼顧執行效率與系統安全,基於遮罩保護機制的原理,於第四章提出改進的防禦方法。並進行安全分析,證明此防禦法能夠有效防止能量攻擊。接著,針對三種遮罩保護機制比較執行效能,提出的防禦法法提昇效能至少十倍以上。最後,第五章呈現攻擊後的實驗成果,顯示未受保護的密碼系統易於破解,相對地,加上提出的防禦法確實能抵抗差分能量攻擊。 Since the explosive growth in the use of computer and Internet, the requirements for information security generate higher influence in our daily life. Therefore, cryptography becomes an important issue, which not only considers the cryptographic algorithm but also takes their implementations into account. Physical attacks on the security of a cryptosystem are characterized by viewing the information leaking from the cryptosystem being processed. The preliminary knowledge and requirements of physical cryptanalysis will be discussed. The discussion of physical security is extended to include an important standard, the Advanced Encryption Standard (AES). Further, an approach to the protection of cryptosystem in software-based implementation from power analysis is also addressed. For opposing differential power analysis, an improved technique to perform the security transformation will be developed. A masking countermeasure resisted power analysis and integrated transformations into original cryptographic architecture is presented. The principles of improved technique are discussed and the analysis of performance and security are provided completely. Finally, the techniques used to construct improved masking method are examined. The practical masking countermeasure has been implemented and provides the information security against the DPA attack. The experimental results demonstrated the practicality of the DPA attacks on straightforward AES and the security of AES could be achieved by using improved method.