作　　者： ; ; ; ; ;

机构地区： 中国人民解放军军械工程学院计算机工程系

出　　处： 《计算机学报》 2009年第4期602-610,共9页

摘　　要： 在密码运行过程中随机地插入时延是常用的防御时域旁路攻击的方法,该方法可导致密码算法的关键运算步骤在多次运行过程中出现在不同的时刻,以此抵抗时域分析攻击.在深入研究密码芯片电磁辐射产生机理及其数据相关性的基础上,根据能量守恒定律分析并通过实验验证了电磁信号的数据相关性从时域经Fourier变换到频域时依然存在,且不受时域信号中随机时间延迟的影响.根据这一特性,提出一种在密码芯片电磁辐射频域信号上进行模板分析的方法.对运行RC4密码算法的微控制器的攻击实验表明,在密码程序中插入随机时延使得时域模板分析失效的情况下,对频域信号的分析依然可以恢复RC4的原始密钥,且不增加攻击的时间复杂度. A general countermeasures against time domain side channel attacks is to insert random delays into the executing sequence of cipher algorithm, in which the interesting operations will occur at different time in multi runs of the cipher. To break this countermeasures, this paper analyzes the generation of the electromagnetic（EM） emissions of cipher chips and its dependence with the data operated in chips, with the law of energy conservation, this paper finds out the fact that the data dependence of the EM signals emissed from the cipher chips can remain when it is transformed from time domain to frequency domain, and that the data dependence in frequency domain signals will not be affected by inserting random delays into time domain signals. With this property of the frequency domain signals, this paper presents a new EM frequency domain template analysis. Experiments of EM frequency domain template analysis on a micro-controller （AT89C52） implemented RC4 show that the genuine key of RC4 can still be recovered after inserting random delays in source code, while template analysis in time domain is invalidation. Furthermore, the time complexity of this new template analysis is no more than the analysis in time domain.

关 键 词： 旁路攻击 电磁 频域模板分析 密码芯片

领　　域： [电子电信]