PDF下载分享

[1]蔡承伯,杜之波,吴震,等.基于随机故障注入的GOST差分故障攻击方法[J].成都信息工程大学学报,2022,37(01):1-7.[doi:10.16836/j.cnki.jcuit.2022.01.001]
　CAI Chengbo,DU Zhibo,WU Zhen,et al.Differential Fault Attack Method on GOST based on Random Fault Injection[J].Journal of Chengdu University of Information Technology,2022,37(01):1-7.[doi:10.16836/j.cnki.jcuit.2022.01.001]

点击复制

基于随机故障注入的GOST差分故障攻击方法

成都信息工程大学学报[ISSN:1006-6977/CN:61-1281/TN] 卷: 37 期数: 2022年01期页码: 1-7 栏目: 电子信息科学与技术出版日期: 2022-02-21

Title:: Differential Fault Attack Method on GOST based on Random Fault Injection

文章编号:: 2096-1618(2022)01-0001-07

作者:: 蔡承伯¹; 杜之波¹; 吴震¹; 李圣泉²; 江楠²; (1.成都信息工程大学网络空间安全学院，四川成都 610225；2.国电南京自动化股份有限公司南京华盾电力信息安全测评有限公司，江苏南京 211106)

Author(s):: CAI Chengbo¹; DU Zhibo¹; WU Zhen¹; LI Shengquan²; JIANG Nan²; (1.College of Cybersecurity,Chengdu University of Information Technology,Chengdu 610225,China; 2.Nanjing Huadun Power Information Security Evaluation Co.,Ltd.,Guodian Nanjing Automation Co.,Ltd.,Nanjing 211106,China)

关键词:: GOST算法; 差分故障攻击; 随机故障注入; 错误密文筛选; 密钥筛选方法

Keywords:: GOST algorithm; differential fault attack; random fault injection; wrong ciphertext screening; key screening method

分类号:: TN918

DOI:: 10.16836/j.cnki.jcuit.2022.01.001

文献标志码:: A

摘要:: 目前针对GOST算法提出的差分故障攻击方法均对故障模型做了假设限定，其要求在特定的时机或位置引入故障。但在实际攻击中，攻击者难以精确控制故障的发生，攻击的普适性较差。此外，国内外已有的攻击实验均为仿真数据，回避了真实攻击中会遇到的错误密文筛选问题。基于此，提出一种基于随机故障注入的GOST差分故障攻击方法。该方法将随机故障注入区间扩大至GOST算法的最后八轮，在注入完成后只需简单筛选错误密文样本，即可利用密钥筛选方法依次恢复出最后八轮子密钥，最终达到恢复算法主密钥的目的。并对无防护GOST智能卡进行了电源故障注入攻击实验，实验结果表明，该方法不仅能在真实实验环境中成功恢复出算法的主密钥，而且扩大了故障诱导的范围，降低了攻击的难度，提高了攻击的灵活性和实用性。

Abstract:: The GOST algorithm is a standard symmetric encryption algorithm of the Russian Federation. At present, the differential fault attack methods proposed for the GOST algorithm all make assumptions on the fault model., which requires the introduction of faults at a specific time or position. However, in actual attacks, it is difficult for the attacker to precisely control the occurrence of the fault, and the universality generality of the attack is poor. In addition, the existing attack experiments at home and abroad are all simulation data, which evades the problem of wrong ciphertext screening in real attacks. In view of the above problems, this paper proposes a GOST differential fault attack method based on random fault injection. This method extendsexpands the random fault injection interval to the last eight rounds of GOST algorithm. After the injection is completed, only the wrong ciphertext samples are simply filtered, and the keys of the last eight rounds can be recovered in turn by using the key screening method, finally achieving the purpose of recovering the master key of the algorithm. At the end of this paper, the experiment of power supply fault injection attack on unprotected GOST smart card is carried out. The experimental results show that this method can not only successfully recover the master key of the algorithm in the real experimental environment, but also expand the scope of fault induction, reduce the difficulty of attack, and improve the flexibility and practicability of attack.

参考文献/References:

[1] GOST 28147-89,Cryptographic Protection for Data Processing Systems[S].
[2] GOST R 34.12-2015,Information technology.Cryptographic data security.Block ciphers[S].
[3] Shorin V V,Jelezniakov V V,Gabidulin E M.Linear and differential cryptanalysis of Russian GOST[J].Electronic Notes in Discrete Mathematics,2001,6:538-547.
[4] Courtois N T.An improved differential attack on full GOST[M].The new codebreakers.Springer Berlin Heidelberg,2016:282-303.
[5] Ishchukova E,Babenko L,Anikeev M.Fast implementation and cryptanalysis ofGOST R34.12-2015 block ciphers[C].Proceedings of the 9th International Conference on Security of Information and Networks.2016:104-111.
[6] Biham E,Shamir A.Differential fault analysis of secret key cryptosystems[C].Annual international cryptology conference.Springer Berlin Heidelberg,1997:513-525.
[7] Dusart P,Letourneux G,Vivolo O.Differential fault analysis on AES[C].International Conference on Applied Cryptography and Network Security.Springer Berlin Heidelberg,2003:293-306.
[8] 张蕾,吴文玲.SMS4密码算法的差分故障攻击[J].计算机学报,2006,29(9):1596-1602.
[9] Li Ruilin,Sun Bing,Li Chao,et al.Different Fault Analysis on SMS4 Using a Single Fault[J]. Information Processing Letters,2011,11(4):156-163.
[10] 荣雪芳,吴震,王敏,等.基于随机故障注入的SM4差分故障攻击方法[J].计算机工程,2016,42(7):129-133.
[11] 谢敏,李嘉琪,田峰.FeW的差分故障攻击[J].通信学报,2020,41(4):143-149.
[12] 陈伟建,赵思宇,邹瑞杰,等.PRESENT密码的差分故障攻击[J].电子科技大学学报,2019,48(6):865-869.
[13] Kim J.On the security of the block cipher GOST suitable for the protection in U-business services[J].Personal and ubiquitous computing,2013,17(7):1429-1435.
[14] 陶智.若干对称密码算法的安全性分析[D].上海:东华大学,2015.
[15] 李悦,李玮,曹艳琴,等.几种轻量级分组密码算法的性能分析[J].计算机应用与软件,2016(10):317-320.

备注/Memo

收稿日期:2021-06-16
基金项目:“十三五”国家密码发展基金资助项目(MMJJ20180224); 四川省重点研发资助项目(2019YFG0096)

更新日期/Last Update: 2022-02-21