Shanghai Viewsource Information Science and Technology Co.

Shanghai, China

Shanghai Viewsource Information Science and Technology Co.

Shanghai, China
SEARCH FILTERS
Time filter
Source Type

Liu J.,Shanghai JiaoTong University | Guo Z.,Shanghai JiaoTong University | Guo Z.,Shanghai Viewsource Information Science and Technology Co. | Gu D.,Shanghai JiaoTong University | And 5 more authors.
China Communications | Year: 2015

In this paper, we propose a hybrid power model that includes the power consumption of not only the registers but also part of the combinational logic. By doing knownkey analysis with this hybrid model, power side-channel leakage caused by correct keys can be detected. In experiment, PRINTcipher and DES algorithms were chosen as analysis targets and combinational logic s-box unit was selected to build power template. The analysis results showed the signal-to-noise ratio (SNR) power consumption increase of more than 20% after considering s-box's power consumption so that the information of keys can be obtained with just half number of power traces. In addition, the side channel-leakage detection capability of our method also shows better effectiveness that can identify the correct keys. © 2013 IEEE.


Chen J.,Shanghai JiaoTong University | Wang Q.,Shanghai JiaoTong University | Guo Z.,Shanghai JiaoTong University | Liu J.,Shanghai Viewsource Information Science and Technology Company | Gu H.,Huahong Integrated Circuit Company
Proceedings - 2015 11th International Conference on Computational Intelligence and Security, CIS 2015 | Year: 2015

As the first official published commercial block cipher standard of China, SMS4 has been widely used in local area wireless product. Although the algorithm is proved to be secure enough mathematically, when implemented in hardware, it is vulnerable to differential power analysis (DPA), especially using chosen plaintext method. In order to discuss countermeasures against DPA, we present a secure circuit design of SMS4 combining hiding and masking techniques in this paper. For the trade-off between area and speed, we use additive masking and fix masking for the linear operations and S-box respectively. Hiding technique is applied to make power traces harder to align to increase the difficulty of attacking. We implement our scheme in a side channel evaluation board and analyze the collected power traces. Our experimental results show that the designed circuit has a good performance in DPA-resistance. © 2015 IEEE.


Guo Z.,Shanghai JiaoTong University | Guo Z.,Shanghai Viewsource Information Science and Technology Co. | Gu D.,Shanghai JiaoTong University | Lu H.,Shanghai JiaoTong University | And 5 more authors.
China Communications | Year: 2015

Power analysis is a non-invasive attack against cryptographic hardware, which effectively exploits runtime power consumption characteristics of circuits. This paper proposes a new power model which combines Hamming Distance model and the model based on the template value of power consumption in combinational logic circuit. The new model can describe the power consumption characteristics of sequential logic circuits and those of combinational logic as well. The new model can be used to improve the existing power analysis methods and detect the information leakage of power consumption. Experimental results show that, compared to CPA(Correlation Power Analysis) method, our proposed attack which adopt the combinational model is more efficient in terms of the number of required power traces. © 2013 IEEE.


Wang W.,Shanghai JiaoTong University | Yu Y.,Shanghai JiaoTong University | Liu J.,Shanghai JiaoTong University | Liu J.,Shanghai Viewsource Information Science and Technology Co. | And 6 more authors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2015

At CT-RSA 2014, Whitnall, Oswald and Standaert gave the impossibility result that no generic DPA strategies (i. e., without any a priori knowledge about the leakage characteristics) can recover secret information from a physical device by considering an injective target function (e. g., AES and PRESENT S-boxes), and as a remedy, they proposed a slightly relaxed strategy “generic-emulating DPAs” free from the non-injectivity constraint. However, as we show in this paper, the only generic-emulating DPA proposed in their work, namely the SLR-based DPA, suffers from two drawbacks: unstable outcomes in the high-noise regime (i. e., for a small number of traces) and poor performance especially on real smart cards (compared with traditional DPAs with a specific power model). In order to solve these problems, we introduce two new generic-emulating distinguishers, based on lasso and ridge regression strategies respectively, with more stable and better performances than the SLR-based one. Further, we introduce the cross-validation technique that improves the generic-emulating DPAs in general and might be of independent interest. Finally, we compare the performances of all aforementioned generic-emulating distinguishers (both with and without cross-validation) in simulated leakages functions of different degrees, and on an AES ASIC implementation. Our experimental results show that our generic-emulating distinguishers are stable and some of them behave even better than (resp., almost the same as) the best Difference-of-Means distinguishers in simulated leakages (resp., on a real implementation), and thus make themselves good alternatives to traditional DPAs. © International Association for Cryptologic Research 2015.


Liu J.,Shanghai JiaoTong University | Yu Y.,Shanghai JiaoTong University | Yu Y.,Chinese Academy of Sciences | Yu Y.,State Key Laboratory of Cryptology | And 7 more authors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | Year: 2015

Side-channel attacks are an increasingly important concern for the security of cryptographic embedded devices, such as the SIM cards used in mobile phones. Previous works have exhibited such attacks against implementations of the 2G GSM algorithms (COMP-128, A5). In this paper, we show that they remain an important issue for USIM cards implementing the AES-based MILENAGE algorithm used in 3G/4G communications. In particular, we analyze instances of cards from a variety of operators and manufacturers, and describe successful Differential Power Analysis attacks that recover encryption keys and other secrets (needed to clone the USIM cards) within a few minutes. Further, we discuss the impact of the operator-defined secret parameters in MILENAGE on the difficulty to perform Differential Power Analysis, and show that they do not improve implementation security. Our results back up the observation that physical security issues raise long-term challenges that should be solved early in the development of cryptographic implementations, with adequate countermeasures. © Springer International Publishing Switzerland 2015.

Loading Shanghai Viewsource Information Science and Technology Co. collaborators
Loading Shanghai Viewsource Information Science and Technology Co. collaborators