密码算法的故障攻击与防御对策研究
文献类型:学位论文
| 作者 | 许囡囡 |
| 学位类别 | 硕士 |
| 答辩日期 | 2008-05-30 |
| 授予单位 | 中国科学院研究生院 |
| 授予地点 | 中国科学院软件研究所 |
| 导师 | 冯登国 |
| 关键词 | 密码算法 分组密码 RSA 故障攻击 防御措施 |
| 其他题名 | Fault Attack on Cryptographic Algorithms and the Algorithmic Countermeasures |
| 学位专业 | 计算机软件与理论 |
| 中文摘要 | 密码算法是信息安全领域的重要研究内容,算法的安全性由诸多因素决定,包括算法自身的数学特性以及实现安全性等。近年来,基于实现的算法攻击获得了广泛关注并已成为研究热点之一。故障攻击是一种基于实现的攻击方法,当算法执行过程中受到意外或恶意干扰而偏离其正常流程时,攻击者以及分析人员可以根据由此产生的故障信息来获取设备内部隐藏的秘密信息。因此,为了抵御故障攻击,就需要在密码算法的实现中采用一定策略或方法来保护有关的秘密信息。本论文主要研究分组密码算法和使用中国剩余定理实现的RSA算法的故障攻击以及算法级防御对策,并取得了以下几个方面的研究结果: (1) 给出了一种针对ARIA算法的故障攻击方法。ARIA算法是一种于2003年被提出的分组密码,2004年被选定为韩国国家标准。本文对ARIA算法的加密和解密过程分别进行故障诱导,并应用差分故障攻击方法来恢复出密钥。对于ARIA-128,平均约需8对正误密文和8对正误明文就可以恢复出完整的种子密钥;而对于ARIA-192/256,该分析方法分别约需32对正误密文和40对正误密文来恢复完整的种子密钥。 (2) 给出了一种针对Camellia算法的故障攻击方法。Camellia算法于2000年被提出,并于2005年被国际标准化组织IETF批准为在SSL/TLS安全协议中使用的国际标准算法。本文对Camellia算法的加密过程进行故障诱导,并应用差分故障攻击方法来恢复种子密钥。对于Camellia-128,需要64对正误密文来恢复出种子密钥;而对于Camellia-192/256,则需要96对正误密文来恢复出种子密钥。 (3) 系统总结了对于使用中国剩余定理方法实现的RSA算法的故障攻击方法以及相关的防御措施,并对各防御措施的安全性和有效性进行了分析。 |
| 英文摘要 | Cryptographic algorithms have played fundamental roles in information security. The security of a cryptographic algorithm depends on many aspects, including the mathematical properties of the algorithm itself, the implementation security, etc. Recently, cryptoanalysis techniques based on implementation has received wide-spread attention and are becoming one of the research focuses. Fault attack is one typical kind of implementation based attacks. The faulty information can be used to obtain the secret information hidden inside the cryptographic devices, when the execution procedure of the algorithm is casually or purposedly disturbed to deviate from the normal flow. As a result, some countermeasures should be employed in order to resist fault attack and protect the secret information from being leaked. The thesis focuses on fault attacks against both block ciphers and the RSA cipher implemented using the Chinese Remainder Theorem, as well as the countermeasures. Several research results obtained are as follows. (1) A differential fault attack on block cipher ARIA is proposed. ARIA was proposed in 2003, and was selected as the standard block cipher of Korea in 2004. Using the idea of differential analysis, we induce faults during the encryption and decryption of ARIA and analyze the faulty outputs. For ARIA-128, about 8 faulty ciphertexts and 8 faulty plaintexts on average are required to recover the seed key. For ARIA-192, the num of faulty ciphertexts is 32, and for ARIA-256, the num of faulty ciphertexts is 40. (2) A differential fault attack on block cipher Camellia is proposed. Camellia was proposed in 2003, and was accepted as the international standard cipher using in SSL/TSL security protocols by international organization for standardization IETF. We induce faults during encryption and analyze the faulty ciphertexts. For Camellia-128, 64 faulty ciphertexts are required to recover the seed key. For Camellia-192/256, 96 faulty ciphertext are required. (3) Summarization of fault attacks on CRT-RSA and the related countermeasures are given, together with the analysis of the security and efficiency of the countermeasures. |
| 公开日期 | 2011-03-17 |
| 源URL | [http://124.16.136.157/handle/311060/7066]  |
| 专题 | 软件研究所_信息安全国家重点实验室_学位论文 |
| 推荐引用方式 GB/T 7714 | 许囡囡. 密码算法的故障攻击与防御对策研究[D]. 中国科学院软件研究所. 中国科学院研究生院. 2008. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。