摘要
侧信道攻击利用密码实现的物理泄露而不是理论弱点来恢复密钥,对密码系统的安全实现有严重的现实威胁.密码设备运行时所产生的能量、电磁、缓存和故障输出等侧信息均可能导致密钥信息泄漏,攻击者通过分析侧信息中与密钥相关的特征点来获取密钥信息.为了应对侧信道攻击,侧信道防御技术和抗泄漏密码学也成为研究的热点问题.前者的总体思路在于消除侧信息泄漏或者消除秘密信息与所泄漏侧信息之间的相关性,而后者旨在准确量化密码系统执行过程中的侧信息泄漏,进而构造具有抗泄漏安全性的密码方案.本文系统地介绍了侧信道攻击与防御技术发展:首先,剖析了时序攻击、能量分析攻击、缓存攻击和故障攻击的基本原理、攻击方法、应用场景和发展现状,并提炼出每一类攻击的通用模型;其次,概括出侧信道防御技术的本质特征,并分析了侧信道防御技术的基本原理、安全模型和应用场景;之后总结了抗泄漏密码学的基本原理与发展现状,梳理了典型的抗泄漏密码方案;最后分析了现有研究工作中存在的问题,并对未来的研究方向进行了展望.
Side-channel attacks recover keys from the physical implementation leakage of the cryptosystem rather than the theoretical weaknesses.Side-channel attacks seriously affect the security implementation of the cryptosystem.The power,electromagnetic,cache,and fault output generated by the cryptographic devices can lead to the leakage of the key.The adversary can recover the key by analyzing the key-related points in the side-channel information.To counter side-channel attacks,side-channel countermeasures,and leakage-resilient cryptography have also become hot research issues.The general idea of the former is to eliminate side-channel information leakage or to remove the correlation between secret information and the side-channel information,while the latter aims at accurately quantify the side message leakage during the execution of a cryptosystem and thus construct a cryptographic scheme with leakage-resilient security.This paper systematically introduces the development of side-channel attacks and countermeasures.Firstly,it analyses the basic principles,attack methods,application scenarios,and development status of timing attacks,energy analysis attacks,cache attacks,and fault attacks,and distills a general model for each type of attack;secondly,it outlines the essential features of side-channel countermeasures,and analyses the basic principles,security models,and application scenarios of side-channel countermeasures;after that,it summarizes the basic principles and development status of leakage-resilient cryptography;finally,this paper points out the problems in the current research and look forward to the future research directions.
作者
王永娟
樊昊鹏
代政一
袁庆军
王相宾
WANG Yong-Juan;FAN Hao-Peng;DAI Zheng-Yi;YUAN Qing-Jun;WANG Xiang-Bin(PLA Strategic Support Force Information Engineering University,Zhengzhou 450001;State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049)
出处
《计算机学报》
EI
CAS
CSCD
北大核心
2023年第1期202-228,共27页
Chinese Journal of Computers
基金
国家自然基金(61602512)资助.
关键词
侧信道攻击
侧信道防御
抗泄漏密码学
能量分析攻击
缓存攻击
故障攻击
side-channel attack
side-channel countermeasures
leakage-resilient cryptography
power analysis attack
cache attack
fault attack
