| In a real-world environment,the security of cryptographic algorithms relies on the implementation of physical devices.However,even if the cryptographic algorithm is secure enough,the physical devices used for encryption may generate side-channel information that depends on sensitive variables during performing encryption operations.As a result,side-channel analysis can bypass the designed security of cryptographic algorithms by exploiting additional information leakage.Therefore,side-channel attacks pose a serious threat to the security of cryptographic systems.Recently,a new type of side-channel analysis technique,known as persistent fault analysis,has gained widespread attention from scholars both domestically and abroad.Persistent fault analysis has been proven to be a powerful attack technique,but it still has some limitations.For instance,it is challenging to control fault injection precisely and obtain related information such as fault values,locations,and number for attackers.Furthermore,current research requires a significant amount of ciphertexts for key recovery,and the number of candidate keys is still too high.Finally,the existing persistent fault analysis is ineffective against target devices that use key update strategies,making it crucial to find ways to break this defense mechanism.To solve these issues,this thesis focuses on the following research topics:Firstly,we exploit the characteristic of persistent faults,which only require injection once to affect all encryption processes.We conduct a detailed investigation into the impact of multiple persistent faults on the target device and introduce a new fault recovery algorithm.The algorithm leverages the fact that different bytes of ciphertext correspond to the same persistent fault value to filter the fault value set.This feature enables attackers to conduct effective key recovery without relying on relevant fault values or locations.The new algorithm significantly enhances two critical performance metrics of persistent fault analysis,namely the number of ciphertexts and the remaining number of candidate keys.Finally,we deduce the success rate of the enhanced multiple persistent fault analysis proposed in this thesis both theoretically and experimentally.The experimental results demonstrate that even with an extremely limited number of available ciphertexts,the number of remaining key candidates can be significantly reduced to 2n for an n × n S-box,which greatly enhances the attack performance of persistent fault analysis.Secondly,we extend the multiple persistent fault attack technique effectively to cases where the number of faults is unsknown.We introduce three general and effective strategies to speculate and confirm the number of successful injected persistent faults.We also briefly analyze the theoretical reasons behind the accuracy of the speculation strategy in determining the number of faults.Furthermore,we present a persistent fault analysis scheme to overcome the key update strategy,which allows us to use ciphertexts with different keys and break through the bottleneck of previous persistent fault analysis.Even when the key changes after several encryptions,key recovery can still be effectively performed.The experimental results demonstrate that the proposed scheme can effectively speculate the number of faults and successfully overcome target devices that use the key update strategy as a defense mechanism.This not only relaxes the attack conditions of persistent fault analysis but also significantly improves the attack performance. |
PDF Full Text Request