自從差分能量分析(DPA)的攻擊被宣布後,就有許多演算法提出許多的防禦對策,而對於安全的AES演算法來說,一種masking(遮罩)方法是被建議的,然而這masking方法又被發現有second order DPA的弱點,因此,本文研究目的就是在於提出有效的AES軟體對策,以防禦second order DPA攻擊,而本文提出了一種把明文masking兩次另外再以置換掉S-Box的方法作為對策,使這演算法對於修改的S-Box因而不須使用masking的方法,如此的加密不會增加程式的複雜性,而我們稱這種置換最初的S-Box叫等效的S-Box,而這等效的S-Box的產生方法,其實跟原來的那組S-Box產生方法一樣,而我們也於最後以8051單晶片實作展示了防禦結果,以證明其是可防禦DPA攻擊,因此本論文所提防禦方法也適合低成本的smart card的使用。 Many defensive countermeasures have been proposed by many algorithms since Differential Powder Analysis (DPA) attack was announced. For secure AES algorithm, there was weakness of second-order DPA in the proposed Masking method. In this paper, the effective AES software, which masks plain-text twice, the other to replace primitive S-Box to makes a defense against second-order DPA, is proposed. The algorithm needn’t use the Masking method to modify S-Box. Therefore, program’s complexity with encryption isn’t increased; to replace the primitive S-Box is called “random S-Box”. In fact, this random S-Box produces the same method as this primitive S-Box does. Finally, in order to prove that it can resist DPA attack, the defensive effect of 8051 micro-controller is shown. Hence, the proposed resistant method also suits the low-cost smart card.
