相关能量分析(correlation power analysis,CPA)是侧信道攻击中的经典有效方法之一,基于假设能量消耗与实际功耗的相关系数恢复密钥.在密码算法并行实现场景下,CPA“分而治之”的思想恢复密钥会导致低信噪比,有效信息无法被充分利用,大...相关能量分析(correlation power analysis,CPA)是侧信道攻击中的经典有效方法之一,基于假设能量消耗与实际功耗的相关系数恢复密钥.在密码算法并行实现场景下,CPA“分而治之”的思想恢复密钥会导致低信噪比,有效信息无法被充分利用,大大降低攻击效率.基于简单遗传算法的CPA借助遗传算法的启发式搜索特性,可以充分利用有效信息,提高攻击效率,但遗传算法存在固有缺点,容易早熟收敛,这种现象在S盒较大数量较多的场景下更严重.基于多种群遗传算法的CPA在单个种群恢复密钥失败时,保留最优个体,并继续新的单种群进化,得到的最优个体与前面保留的最优个体通过“组合”得到更优的个体,一定程度可以缓解早熟收敛的问题,本文中“原始方法”就是这种方法的代称.本文针对多个种群进化结束得到的优秀个体的结合方式进行探究,引入三种新的多种群优秀个体结合策略,分别是:小组赛、投票法和二次进化.小组赛将每两个优秀个体分成一组再“组合”.投票法以适应度为权重进行投票,使得适应度高的个体决策权更大.二次进化保留多个单种群进化结束得到的最优个体,构成初始种群,并以稳态遗传方式进行再次进化.以AES-128算法为例,通过不同噪声标准差下的仿真实验和真实实验将这三种方法与原始方法进行成功率和计算代价的比较,发现二次进化是其中效果最好的,在噪声标准差为3的实验中,二次进化方法在190条波形时密钥恢复成功率达到91%,计算代价0:63×10^(6),此时原始方法的成功率仅60%,计算代价1:60×10^(6).展开更多
The trend of researching group radio frequency identification devices(RFID) authentication protocol has become increasingly popular in recent years. One of the newest work in this area is from Batina and Lee, they p...The trend of researching group radio frequency identification devices(RFID) authentication protocol has become increasingly popular in recent years. One of the newest work in this area is from Batina and Lee, they presented a privacy-preserving multi-players grouping-proof protocol based on the elliptic curve cryptography(ECC), and claimed their protocol have the ability to resist five potential attacks, including compromised tag attack, man-in-the-middle attack, colluding tags attack, etc. In this paper, we first take a counterexample to demonstrate their protocol is vulnerable to compromised tag attack. Then we propose a novel secure RFID authentication protocol, and analyze its security by merging formal analysis, provable security, and mathematical inductive method, so as to solve the weakness of Batina and Lee's work. Furthermore, compared with another two classic protocols(secure ownership transfer protocol(SOTP) and secure multiple group ownership transfer protocol(SMGOTP)), the performance analysis show that our protocol provides not only a lower tags' communication cost at about 50.0% and 14.3%, but also a lower reader's computation cost(approximate 14.5% and 55.1% respectively), when transferring a large number of tags.展开更多
文摘相关能量分析(correlation power analysis,CPA)是侧信道攻击中的经典有效方法之一,基于假设能量消耗与实际功耗的相关系数恢复密钥.在密码算法并行实现场景下,CPA“分而治之”的思想恢复密钥会导致低信噪比,有效信息无法被充分利用,大大降低攻击效率.基于简单遗传算法的CPA借助遗传算法的启发式搜索特性,可以充分利用有效信息,提高攻击效率,但遗传算法存在固有缺点,容易早熟收敛,这种现象在S盒较大数量较多的场景下更严重.基于多种群遗传算法的CPA在单个种群恢复密钥失败时,保留最优个体,并继续新的单种群进化,得到的最优个体与前面保留的最优个体通过“组合”得到更优的个体,一定程度可以缓解早熟收敛的问题,本文中“原始方法”就是这种方法的代称.本文针对多个种群进化结束得到的优秀个体的结合方式进行探究,引入三种新的多种群优秀个体结合策略,分别是:小组赛、投票法和二次进化.小组赛将每两个优秀个体分成一组再“组合”.投票法以适应度为权重进行投票,使得适应度高的个体决策权更大.二次进化保留多个单种群进化结束得到的最优个体,构成初始种群,并以稳态遗传方式进行再次进化.以AES-128算法为例,通过不同噪声标准差下的仿真实验和真实实验将这三种方法与原始方法进行成功率和计算代价的比较,发现二次进化是其中效果最好的,在噪声标准差为3的实验中,二次进化方法在190条波形时密钥恢复成功率达到91%,计算代价0:63×10^(6),此时原始方法的成功率仅60%,计算代价1:60×10^(6).
基金supported by the National Natural Science Foundation of China(61272512)Beijing Municipal Natural Science Foundation(4121001)Basic Research Foundation of Beijing Institute of Technology(20120742010)
文摘The trend of researching group radio frequency identification devices(RFID) authentication protocol has become increasingly popular in recent years. One of the newest work in this area is from Batina and Lee, they presented a privacy-preserving multi-players grouping-proof protocol based on the elliptic curve cryptography(ECC), and claimed their protocol have the ability to resist five potential attacks, including compromised tag attack, man-in-the-middle attack, colluding tags attack, etc. In this paper, we first take a counterexample to demonstrate their protocol is vulnerable to compromised tag attack. Then we propose a novel secure RFID authentication protocol, and analyze its security by merging formal analysis, provable security, and mathematical inductive method, so as to solve the weakness of Batina and Lee's work. Furthermore, compared with another two classic protocols(secure ownership transfer protocol(SOTP) and secure multiple group ownership transfer protocol(SMGOTP)), the performance analysis show that our protocol provides not only a lower tags' communication cost at about 50.0% and 14.3%, but also a lower reader's computation cost(approximate 14.5% and 55.1% respectively), when transferring a large number of tags.