姓名 郭遠翰(Yuan-Han Kuo)
畢業系所 資訊工程學系
論文名稱 AES資料加密標準之能量密碼分析研究
(The Research of Power Analysis against AES)
摘要(中) 在當今的日常生活中,網路與數位資訊的應用日漸普及。隨之而來的是,資訊安全日益受到重視。密碼系統可以保障秘密資訊在不可信任的通道中傳遞,防篡改之電子設備(諸如智慧卡)提供儲存個人私密資料及執行密碼系統演算法。然而,當密碼系統被應用於開放式的環境中時,即使是使用密碼系統保護資訊,人們皆無法完全保證系統的安全性。
摘要(英) Nowadays, digital information grows extremely in our daily life, and the requirement of tamper-resistant device that endowed with executing the procedures of cryptosystems or storing the ersonal
secret information increases correspondingly. The smart cards are becoming the representative of tamper-resistant device. However, when these cryptosystems are operated in the open environment, no one can ensure the security of information even information is protected by cryptosystems. Physical cryptanalysis is a modern and increasingly potent threat to the security of information held on smart cards. By measuring physical features such as power consumption, time spending or electromagnetic emission, the attackers can infer secret information from smart cards with naive implementations of cryptosystems.
The Advanced Encryption Standard (AES) is the next generation standard block cipher selected by NIST to replace DES in 2000. AES will become the most widespread block cipher standard. Power
analysis attack is the most useful cryptanalysis at present, and it is also practicable on the AES. In this thesis, the power analysis against AES will be discussed.
The simple power analysis (SPA) is easy to realize in real world. In order to defend the AES against SPA, the weakness of existence SPA-resistant countermeasures are analyzed, and an
improvement is proposed. Second, the DPA-resistant algorithms of AES suffer from high-order differential power analysis (HODPA). To
this end, possible countermeasure is also discussed.
The balanced Hamming weight scheme is one of the effective ways to prevent from power analysis attack. We found that even involving the balanced Hamming weight to protect AES, it may not secure enough under some careless implementations. The weaknesses of balanced Hamming weight scheme will be analyzed and the procedure of the proposed flipping DPA attack is described to derive the secret key of AES.
In this thesis, the experiments will be shown at the end of each proposed method to confirm our contentions. Some experiments, especially the SPA-based attack, the power trace will be pre-process before analyzing. At the end of this thesis, the
pre-process technique will be described.
關鍵字(中) ★ 進階資料加密標準
★ 簡單能量攻擊
★ 差分能量攻擊
★ 物理攻擊法
★ 智慧卡
關鍵字(英) ★ Physical cryptanalysis
★ Power analysis attack
★ Smart cards
論文目次 {1}Introduction{1}
{1.2}Power Analysis on AES{2}
{1.3}Overview of the Thesis{4}
{2}Review of Power Analysis Attack and AES{6}
{2.1}Review of Power Analysis Attack{6}
{2.1.1}Simple power analysis{6}
{2.1.2}Differential power analysis{7}
{2.1.3}High-order differential power analysis{9}
{2.2}Review of AES: the Rijndeal Cipher{10}
{2.2.1}Round transformation{11}
{2.2.2}Key expansion of Rijndael{12}
{2.3}Examinations of Power Analysis against AES{14}
{2.3.1}Experimental setup{14}
{2.3.2}DPA against AES{14}
{3}Improvements of AES against Power Analysis Attack{17}
{3.2}An Improvement of MixColumn against SPA{18}
{3.2.1}SPA attack on MixColumn operation{18}
{3.2.2}Possible countermeasures{19}
{3.2.3}Experimental results{21}
{3.3}An Improvement of Masking Method against High-Order DPA{22}
{3.3.1}Review of masking method on AES{24}
{3.3.2}Proposed algorithm against HODPA{28}
{4}Flipping DPA Attack against AES{35}
{4.2}Software Balanced Hamming Weight Schemes{36}
{4.3}Analyses of Flipping Model{37}
{4.3.1}Akkar's flipping model{38}
{4.3.2}Analysis of KeyAddition on flipping model{38}
{4.4}Flipping DPA Attack Procedures{39}
{4.5}Experimental Results{43}
{4.6.1}The disadvantage of balanced Hamming weight scheme{44}
{4.6.2}Hamming weight leakage from loading the secret key{44}
{5}Enhancement of Power Analysis Attack{48}
{5.2}Frequency Domain Analysis{49}
{5.3}Basic Idea of Digital Filter Design{52}
{5.3.1}Digital transfer functions{53}
{5.3.2}Digital filter implementations{55}
{5.4}Applications of DSP on Power Analysis Attack{56}
{5.4.1}Frequency domain analysis of power trace{57}
{5.4.2}Filtering technique on power analysis{57}
{5.4.3}Design an appropriate filter for DPA{59}
{6.1}Brief Review of Main Contributions{63}
{6.2}Further Research Topics and Directions{64}
指導教授 顏嵩銘(Sung-Ming Yen) 審核日期 2004-6-23
