计时攻击漏洞识别与防护能力量化评估技术

Quantitative security evaluation against timing attacks in cryptographic algorithm

计时攻击是最具威胁的旁路攻击之一,为了设计安全高效的抗计时攻击的密码运算部件,需要在设计实现过程中及时发现密码算法的安全漏洞,并量化分析密码运算部件的抗计时攻击防护能力。因此,提出了一种可发现在密码算法具体实现中可能存在的计时攻击漏洞的分析方法。将密码算法采用增强数据相关图表示,通过在数据相关图中查找可被计时攻击的过程变量来分析安全漏洞,给出了相应的识别算法。并以成功实施计时攻击所需的样本数来量化密码运算部件抗计时攻击能力,提出了一种估算所需样本数的计算方法。

Timing attack is one of the most threatening side-channel attacks. In order to design efficient cryptosystems against timing attack, it is necessary to find the vulnerability at design time and quantitative analyze the resistibility to timing attack of the cryptographic algorithms. The paper proposes a unified method for identifying the feasible timing attack in various implementations of cryptograph- ic algorithms, which are described by the Enhanced Data Dependence Graph （EDDG）, and analyzes the timing attack vulnerabilities by finding some intermediary variable in the EDDG. The number of time samples required for a successful timing attack is used to characterize the resistibility, which is computed based on the signal-to-noise ratio of the corresponding timing attack.