| With the development of the new generation of information network technology,an extensive interconnection network between people,people with things,and things with things has gradually been formed.However,with the implementation of IoT technology,a large amount of data containing private information is silently disseminated through the Internet,and ensuring information security in the environment of IoT has become an important and difficult problem that needs to be solved urgently.Since the encryption algorithms of traditional information and communication systems do not apply to the resource-constrained environment in IoT,lightweight block ciphers have emerged to solve the limitations of pervasive devices in terms of speed,area,and power consumption,and have been widely used in various scenarios since their introduction.Studying the security of lightweight block ciphers concerns the information security of the whole IoT environment.This dissertation takes lightweight block ciphers as the research objects,focuses on the four perspectives of "Algebraic Side-channel Analysis,Algebraic Fault Analysis,Persistent Fault Analysis,and Fault Injection Technique",and gives the efficient side-channel analysis schemes from the attacker’s perspective.The contributions and innovations of this dissertation are as follows:(1)For two new lightweight block ciphers,GIFT64128 and SKINNY6464,algebraic side-channel analysis based on hammingweight leakage and algebraic fault analysis methods are proposed.The relationship between key-recovery time,key residual entropy,and other parameters under different leakage conditions is analyzed through experiments,and the results show that under the condition that the plain/ciphertext is known,six rounds of consecutive S-box hammingweight leakage can recover all the master keys of the GIFT64128 block cipher in a very short time.By introducing the technique of algebraic fault analysis,the use of a smaller number of faults realizes the recovery of all the master keys of both GIFT64128 and SKINNY6464,which employs a small number of faults and more efficient attacks compared to the differential fault analysis method.(2)Aiming at the way of building algebraic equations for S-box substitution operation in the algebraic fault analysis of lightweight block ciphers,algebraic fault analysis methods based on S-box power reduction and S-box decomposition are proposed,which realizes the speed of algebraic solver solution and improves the efficiency of the attack.In this dissertation,the algebraic fault analysis based on S-box power reduction is carried out for PRESENT6080 and SKINNY6464 firstly,by power reduction of the S-box algebraic equations,the relationship between S-box inputs and outputs can be expressed by using four quadratic equations,whereas the traditional algebraic fault analysis requires the introduction of cubic variables to realize the algebraization of S-boxes.The experimental results show that the solving speed is better than the traditional algebraic fault analysis scheme under the same fault attack background;the S-box decomposition technique is introduced to convert the common cubic Sboxes lightweight block ciphers into two quadratic S-boxes,optimize the cubic variables in the set of algebraic equations,and introduce the quadratic equations to realize the algebraization of S-boxes.In this dissertation,the method is applied to a variety of lightweight block ciphers,and the solving efficiency is improved accordingly,especially for the SKINNY6464 with the best effect.The traditional algebraic fault analysis method uses 4 faults to realize the success rate of all key recovery of SKINNY6464 in one hour is only 36%,while after S-box decomposition only 1 fault is needed to realize the solution of all keys in a short period of time,and the introduction of S-box decomposition reduces the number of faults for the algebraic fault analysis of SKINNY6464.(3)Two algebraic persistent fault analysis methods based on S-box decomposition are proposed for the SKINNY6464 block cipher,which requires a large number of fault samples under the persistent fault injection model and is slow in solving.When the plain-ciphertext is known,the encryption process is transformed into the form of a system of algebraic equations,and the complexity of the system of algebraic equations is reduced by combining with the S-box decomposition technique,and the key solving of the SKINNY6464 can be completed in a relatively short period of time by using at least 11 fault samples.Under the ciphertext-only condition,by combining the S-box decomposition technique with constraints,the recovery of the entire master key of the SKINNY6464 block cipher can be accomplished by using 10 fault samples,which reduces the number of faults by more than 100 times compared with the enhanced persistent fault analysis method of SKINNY6464.(4)Two low-cost fault injection schemes on microcontroller and FPGA platforms are designed for the GIFT64128 lightweight block cipher.Based on the voltage fault injection theory,an over-voltage glitch fault injection scheme on a microcontroller platform is designed to realize the injection of a fault in the critical path of a specific round of the GIFT64128.According to the characteristics of this fault,a fault exploitation method based on register skipping is proposed,and the recovery of all the master keys of the GIFT64128 block cipher can be accomplished in a shorter period of time by using 10 fault samples,with a 100%success rate of the solving,and this fault model based on the key path skipping requires less number of faults and faster solution speed compared to the single-bit faults and nibble fault models;A hardware Trojan fault injection scheme for FPGA platform is designed based on sequential state machine,which realizes multiple single-bit fault injection for GIFT64128,and finally realizes the recovery of all the keys by using the algebraic fault analysis technique,and this kind of fault injection scheme has the features of high accuracy and low cost compared with other schemes. |
PDF Full Text Request