Hardware Trojan(HT) refers to a special module intentionally implanted into a chip or an electronic system. The module can be exploited by the attacker to achieve destructive functions. Unfortunately the HT is difficu...Hardware Trojan(HT) refers to a special module intentionally implanted into a chip or an electronic system. The module can be exploited by the attacker to achieve destructive functions. Unfortunately the HT is difficult to detecte due to its minimal resource occupation. In order to achieve an accurate detection with high efficiency, a HT detection method based on the electromagnetic leakage of the chip is proposed in this paper. At first, the dimensionality reduction and the feature extraction of the electromagnetic leakage signals in each group(template chip, Trojan-free chip and target chip) were realized by principal component analysis(PCA). Then, the Mahalanobis distances between the template group and the other groups were calculated. Finally, the differences between the Mahalanobis distances and the threshold were compared to determine whether the HT had been implanted into the target chip. In addition, the concept of the HT Detection Quality(HTDQ) was proposed to analyze and compare the performance of different detection methods. Our experiment results indicate that the accuracy of this detection method is 91.93%, and the time consumption is 0.042s in average, which shows a high HTDQ compared with three other methods.展开更多
Chosen-message pair Simple Power Analysis (SPA) attacks were proposed by Boer, Yen and Homma, and are attack methods based on searches for collisions of modular multiplication. However, searching for collisions is dif...Chosen-message pair Simple Power Analysis (SPA) attacks were proposed by Boer, Yen and Homma, and are attack methods based on searches for collisions of modular multiplication. However, searching for collisions is difficult in real environments. To circumvent this problem, we propose the Simple Power Clustering Attack (SPCA), which can automatically identify the modular multiplication collision. The insignificant effects of collision attacks were validated in an Application Specific Integrated Circuit (ASIC) environment. After treatment with SPCA, the automatic secret key recognition rate increased to 99%.展开更多
Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel sec...Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.展开更多
基金supported by the Special Funds for Basic Scientific Research Business Expenses of Central Universities No. 2014GCYY0the Beijing Natural Science Foundation No. 4163076the Fundamental Research Funds for the Central Universities No. 328201801
文摘Hardware Trojan(HT) refers to a special module intentionally implanted into a chip or an electronic system. The module can be exploited by the attacker to achieve destructive functions. Unfortunately the HT is difficult to detecte due to its minimal resource occupation. In order to achieve an accurate detection with high efficiency, a HT detection method based on the electromagnetic leakage of the chip is proposed in this paper. At first, the dimensionality reduction and the feature extraction of the electromagnetic leakage signals in each group(template chip, Trojan-free chip and target chip) were realized by principal component analysis(PCA). Then, the Mahalanobis distances between the template group and the other groups were calculated. Finally, the differences between the Mahalanobis distances and the threshold were compared to determine whether the HT had been implanted into the target chip. In addition, the concept of the HT Detection Quality(HTDQ) was proposed to analyze and compare the performance of different detection methods. Our experiment results indicate that the accuracy of this detection method is 91.93%, and the time consumption is 0.042s in average, which shows a high HTDQ compared with three other methods.
基金supported in part by the National Natural Science Foundation of China under Grant No. 60873216Scientific and Technological Research Priority Projects of Sichuan Province under Grant No. 2012GZ0017Basic Research of Application Fund Project of Sichuan Province under Grant No. 2011JY0100
文摘Chosen-message pair Simple Power Analysis (SPA) attacks were proposed by Boer, Yen and Homma, and are attack methods based on searches for collisions of modular multiplication. However, searching for collisions is difficult in real environments. To circumvent this problem, we propose the Simple Power Clustering Attack (SPCA), which can automatically identify the modular multiplication collision. The insignificant effects of collision attacks were validated in an Application Specific Integrated Circuit (ASIC) environment. After treatment with SPCA, the automatic secret key recognition rate increased to 99%.
基金Project supported by the Major Program of the Ministry of Industry and Information Technology of China(No.2017ZX01030301)the Beijing Natural Science Foundation of China(No.4162053)
文摘Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.
