Fault attack detection method based on power consumption analysis

Abstract

The invention relates to the technical field of information security, in particular to a fault attack detection method based on power consumption analysis. The method comprises the following steps: S1, injecting a fault into an intermediate state matrix by adopting a fault induction technology after a ninth round of row shift in an encryption algorithm execution process and before column confusion according to the characteristics of an AES advanced encryption standard algorithm; S2, acquiring power consumption information leaked in the encryption process of the encryption algorithm in the whole encryption algorithm execution process by using power consumption acquisition equipment, and storing power consumption curve data; S3, counting correct ciphertext output of multiple groups of plaintexts under normal conditions and error ciphertext data pairs after the fault induction technology is injected; and S4, analyzing the acquired power consumption curve data by adopting a side channel analysis technology, and screening error ciphertext pairs conforming to a hypothetical fault type, so that the fault injection position and the number of infected fault bytes can be obviously positioned, and the overall number of key candidate sets and the calculation complexity are further reduced.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a fault attack detection method based on power consumption analysis. Background technique [0002] The concept of fault attack was first proposed by Boneh et al. in 1996. This attack method can not only be applied to DES encryption algorithm cryptosystem, but also can be applied to RSA and other asymmetric encryption algorithm cryptosystems. Once this method was proposed, it immediately attracted widespread attention and showed its great destructiveness to encryption algorithms. The fault attack method mainly utilizes the errors generated in the computer hardware encryption process. Boneh et al. believe that the instantaneous error generated when the authentication system sends the certificate, and the potential software and hardware vulnerabilities of the encryption device will allow the attacker to obtain the corresponding information. In addition, the...

AI Technical Summary

Problems solved by technology

More importantly, for a system that frequently sends certificates or requires multiple rounds of encryption, a tiny bit of failure will accumulate and propagate, affecting the current and subsequent bit values, and thus affecting the entire cryptographic system

[0003] In the process of differential fault attack, the input plaintext is derived by using the difference of the output ciphertext, so as to obtain the correct encryption key, and the position where the fault is introduced has a very important impact on the output difference. Only the correct output obtained by importing the fault at a valid position The correct encrypted plaintext and encryption key can only be deduced from the differential ciphertext. The existing differential fault attack analysis method (DFA), when using non-invasive fault induction technology, the location of the introduced fault and the number of faults are unknown However, the overall computational complexity and the number of required key candidate spaces are large

Images