Vol.3 No.1 2010

96/110

Research paper : Secure implementation of cryptographic modules (A. Satoh et al.)−93−Synthesiology - English edition Vol.3 No.1 (2010) figure shows the 16 partial key bytes represented as 16 boxes each with 256 vertical lines displayed in the box. The height of each line indicates the strength of the correlation between each model based on the partial key hypothesis ranging from 0 to 255 and the actual power consumption of the AES circuit. The tool determines the partial key hypothesis that indicates the highest correlation among the 256 candidates as the right partial key in each box. For a circuit without a countermeasure, it can extract the entire correct key in only a few minutes even with a cheap oscilloscope of around 200,000 yen to capture up to several thousands of power traces and with a low-end personal computer of as cheap as a few tens of thousands of yen.As well as CPA, many other attack methods against AES have been emerging. In addition, more and more countermeasures have been proposed, too. We are pursuing verification of the effectiveness of those and have begun implementing them on our evaluation tool. 4.5 Development of more sophisticated attack methods and formulation of new evaluation guidelinesAlong with the advancement of LSI analysis technology, research on security evaluation schemes for active attacks such as fault-injection attacks and invasive attacks is becoming more and more important. Examples of fault-injection attacks include, for an AES circuit with the loop architecture, the technique that induces a false operation in the circuit to pull out an intermediate value processed before the last round, and the technique that investigates how the error caused at a specified round propagates to the output. However, there is no guarantee of successful fault injection convenient for analysis. Even with a high success rate of triggering, the types of errors to be induced greatly depend on the circuit implementation. Furthermore, to publish experimental results, it is important that the cryptographic module can be attacked freely. Consequently, to conduct research on fault-injection attacks, use of a common experimental platform with a real cryptographic hardware module such as the SASEBO is necessary.Invasive attacks are capable of observing not only the information buried in the total power consumption of an LSI, but also a local signal in the cryptographic circuit with such an LSI measuring system as shown in Fig. 10. However, such an existing system is not designed for an attacking purpose. Therefore, it is necessary to develop a system suitable to observe leaking information and sophisticated measurement technologies. We have seen that the quality of power traces and electromagnetic waveforms significantly influences the analysis results also in side-channel attack cases. Thus, we are also working on the development of new measurement technologies and the standardization of measurement environment.Further, it is important not only to publish experimental results of successes or failures for each attack, but also to provide such security guidelines as criteria for designing tamper-resistant cryptographic modules against side-channel attacks through such experiments. This will require analysis of the mechanism of information leakage and in turn construct models that explain it qualitatively and quantitatively.In developing cryptographic modules, perfect security is not necessarily required; rather, the implementer must consider the balance between the cost to implement countermeasures and the value of the protection. Conversely, from the attackers’ point of view, the attacking costs should be worth the benefits. Even for standard cryptographic algorithms such as AES and RSA, brute force attacks would compromise them. Practical limitations of time and cost, however, do not allow successful searching in the entire key space. Thus, we will also be considering how to perform the security evaluation for cryptographic module implementations in the attacking cost aspect.5 ConclusionIn this paper, we have discussed security evaluation for cryptographic module implementations, focusing on the side-channel attacks, and AIST’s efforts toward the formulation of international standards and their significance. With the Fig. 9 AES circuit evaluation tool.Fig. 10 Invasive attack on the cryptographic LSI on SASEBO-R.

※このページを正しく表示するにはFlashPlayer9以上が必要です