The Institute of North Electronic Equipment

Beijing, China

The Institute of North Electronic Equipment

Beijing, China

Time filter

Source Type

Liu H.-Y.,Ordnance Engineering College | Zhao X.-J.,Ordnance Engineering College | Zhao X.-J.,The Institute of North Electronic Equipment | Wang T.,Ordnance Engineering College | And 4 more authors.
Jisuanji Xuebao/Chinese Journal of Computers | Year: 2013

We evaluate the resistance of SMS4 against algebraic side-channel attack (ASCA) based on the Hamming weight (HW) model. Firstly, SMS4 is described as a set of equations involving the public and key variables and the power leakages of the encryption are measured. Secondly, the HWs of immediate bytes are deduced through the template analysis and additional equations are generated. Thirdly, the sat-solver is adopted to recover the key. Experiment results show that SMS4 is vulnerable to ASCA. In the known-plaintext scenario, four rounds consecutive HW leakages or twenty-six rounds randomly distributed HW leakages in two traces are enough to recover the 128 bits master key. In the unknown-plaintext scenario, the HW leakages of the first five rounds in two traces are enough to recover the full key. We also show that SMS4 implemented with masking countermeasures is also vulnerable to ASCA. In known-plaintext scenario, the HW leakages of 14 rounds in two traces are enough to recover the full key. To improve the feasibility of the attack, an error tolerant ASCA is proposed. The mater key of SMS4 can be recovered with the leakages of the first 10 rounds in two traces, even when the error rate of HW deductions is 60%. Our work can also be used to attack other block-ciphers.


Wang X.-J.,Beijing University of Posts and Telecommunications | Song M.,Beijing University of Posts and Telecommunications | Guo S.-Z.,The Institute of North Electronic Equipment | Yang Z.-L.,The Institute of North Electronic Equipment
Wuli Xuebao/Acta Physica Sinica | Year: 2015

Due to the properties of rapidity, explosive, timeliness and complicated behavior for user, the research on information spreading progress and influence factors for microblog becomes a hot area of network public opinion. In this paper, firstly we use the contracting mapping principle to discuss the convergence conditions of the iterative algorithm. The numerical solution of the percolation threshold and the size of the largest out-component are proposed. Then the influence of assortativity is analyzed based on the generation model with varying parameter. The feasibility of the proposed algorithm is verified by collecting microblog reposting data. Experimental results demonstrate that four correlation characteristics are shown to have assortativity and disassortativity, but the results of message spreading are closer to that of the assortative network which is related to in-in and in-out degree correlation. It can be verified that the four types of correlation characteristics of a large part of nodes show their consistency for assortativity, through deleting a few nodes as well as extracting link scale for four degree correlations. ©, 2015, Institute of Physics, Chinese Academy of Sciences. All right reserved.


Chen C.-S.,Academy of Armored force Engineering | Chen C.-S.,Ordnance Engineering College | Wang T.,Ordnance Engineering College | Guo S.-Z.,The Institute of North Electronic Equipment | Zhou P.,Ordnance Engineering College
Jisuanji Xuebao/Chinese Journal of Computers | Year: 2014

Cache timing attack is one of research fields of side channel attack. Against the RSA algorithm which uses the sliding window algorithm for modular exponentiation, this paper analyzes the difficulty of access driven Cache timing attack, and builds a trace-driven Data Cache timing attack model. Based on the trace driven attack model and the previous trace driven timing attack algorithm, we propose a new analysis algorithm of the power exponent, by analyzing the correlativity between the power exponent bits and the operation sequence, using the characteristic of the window size and the correspondence relationship between the of the precomputed table indexes and the window values. We further advance a lattice reduction method which can get the whole private key d using partial discrete known bits of dp and dq. Finally, we implement the spy process and cipher process run in parallel using a simultaneous multithreading processor, and realize the Cache timing attack against the RSA algorithm of OpenSSL v0.9.8b under the practical environment. The experiment results show that: the proposed analysis algorithm can obtain approximately 340 bits out of each 512-bit exponent, further reduce the search space of the bits of the private key than the former. We also analyze the key techniques and the potential difficulty during the practical attack, and provide the corresponding solutions, to further improve the feasibility of Cache timing attack.


Chen C.-S.,Ordnance Engineering College | Chen C.-S.,Academy of Armored force Engineering | Wang T.,Ordnance Engineering College | Guo S.-Z.,The Institute of North Electronic Equipment | Zhou P.,Ordnance Engineering College
Ruan Jian Xue Bao/Journal of Software | Year: 2013

The I-cache timing attack which exploits the instruction path of a cipher is one type of side channel attack. First, by analyzing the complications in the previous I-cache timing attacks on RSA algorithm because of how hard it has been to put them into practice, and how the number of the inferred bits is insufficient, this paper builds a new trace driven I-cache timing attack model via spying on the whole I-cache, instead targeting the instruction cache to which the special function mapped. Next, an improved analysis algorithm of the exponent based on the characteristic of the side of window in sliding window exponentiation (SWE) algorithm is proposed. Finally, an I-cache timing attack is implemented on RSA of OpenSSL v.0.9.8f in a practical environment, using a simultaneous multithreading processor to insure that the spy process and the cipher process can run in parallel. Experimental results show that the proposed attack model has strong applicability in real environments; the improved analysis algorithm of the exponent can further reduce the search space of the bits of the key, and improve the effectively of the trace driven I-cache timing attack. For a 512-bit exponent, it can recover about 50 bits of exponent more than the previous. © 2013 ISCAS.


Tian J.,Electronic Engineering Institute | Guo H.,The Institute of North Electronic Equipment | Wang Y.,The Institute of North Electronic Equipment
Applied Mechanics and Materials | Year: 2014

According to the problem of extracting the community structure of large networks, we propose a simple heuristic method based on community coding optimization. It is shown to outperform the InfoMap community detection method in terms of computation time. Experiments show that our method can find out various communities in microblog, which reveal the core structure of the network. © (2014) Trans Tech Publications, Switzerland.


Wu K.-H.,Ordnance Engineering College | Zhao X.-J.,Ordnance Engineering College | Wang T.,Ordnance Engineering College | Guo S.-Z.,The Institute of North Electronic Equipment | Liu H.-Y.,Ordnance Engineering College
Tongxin Xuebao/Journal on Communications | Year: 2012

A new fault analysis method on PRESENT-algebraic fault attack was proposed. This attack combined conventional algebraic cryptanalysis with fault attack, firstly built equivalent Boolean algebraic equations of cipher encryption by algebraic cryptanalysis method; secondly got information of fault cryptograph by fault attack technique, and transformed differential of fault and cryptograph into additional algebraic equations; finally utilized Crypto Mini SAT solver to solve the equations and recover key. Experiments demonstrate that after injecting 4-bit fault to the 29 th round of PRESENT-80, the fault location and fault value are unknown, only 2 injectings can recover 64-bit last whitening key in 50 seconds that reduce master key of PRESENT-80 searching space to 2 16, then recover the master key after 1 minute brute-force-search on average; compared with previous fault attack on PRESENT, the amount of this attack sample is the smallest; meanwhile, the analysis method proposed can be applied into the algebraic fault attack of other block ciphers.


Ji K.-K.,Ordnance Engineering College | Wang T.,Ordnance Engineering College | Guo S.-Z.,The Institute of North Electronic Equipment | Zhao X.-J.,Ordnance Engineering College | Liu H.-Y.,Ordnance Engineering College
Tongxin Xuebao/Journal on Communications | Year: 2013

The security of LED against the algebraic side-channel attack (ASCA) was evaluated, which is a lightweight block cipher proposed in CHES 2011. Firstly, the attack model of ASCA was analyzed, and then the design and algebraic representations of LED were described. Secondly, the power leakages of LED on ATMEGA324P microcontroller were measured by a digital oscilloscope; some leakage points with obvious power patterns were chosen as the targeted points and used to deduce the Hamming weight via computing the Pearson correlation factor; satisfiability-based, Pseudo-Boolean optimization-based, linear programming-based methods were used to representing Hamming weights with algebraic equations. Finally, the CryptoMinisat and the SCIP solver were applied to solve for the key and many attacks are conducted under different scenarios. Experiment results demonstrate that LED is vulnerable to ASCA, full 64 bit master key can be derived via analyzing the HW leakages of the first round in LED.


Li H.,PLA University of Science and Technology | Hu G.,PLA University of Science and Technology | Yang Y.,The Institute of North Electronic Equipment | Lai H.,PLA University of Science and Technology
Jiefangjun Ligong Daxue Xuebao/Journal of PLA University of Science and Technology (Natural Science Edition) | Year: 2013

Botnets pose a steady and growing threat to network security and have become one of the most significant threats to the Internet. Using highly efficient and flexible one-to-many control mechanisms, botnets provide a infrastructure of reserves, management and use of cyber attack capabilities. To meet the instant detection requirements of P2P botnets on high-speed networks, a bot priority sampling based online detection technique was presented. In order to efficiently use as many as possible the limited computing resources and sample packets of suspicious P2P bots, a bot priority classification algorithm and a priority-based sampling algorithm were proposed. Flow information recovering and flow cluster analyzing approaches were used to identify the suspicious P2P bots based on the sampled packets. The experimental evaluation results show that the proposed technique can increase the sampling rates packets from P2P botnets traffic subpopulations and has a good sampling efficiency and P2P bots detection hit rate.


Zhao X.-J.,Ordnance Engineering College | Wang T.,Ordnance Engineering College | Guo S.-Z.,The Institute of North Electronic Equipment
Jisuanji Xuebao/Chinese Journal of Computers | Year: 2011

The S-box lookup is an important operation in block cipher design, and is also an effective part to prevent traditional linear and differential attacks, however, when the physical implementation of the algorithm is considered, it becomes the weakest part of cryptosystems. This paper studies fault attacks on block ciphers with S-box, and presents an improved differential fault analysis method on Camellia. Firstly, it summarizes the differential fault analysis on block cipher with S-box into computing the S-box input and output differential problem, and presents a basic differential fault analysis model and then evolves it into two models for SPN and Feistel structure block ciphers. Secondly, it proposes an improved differential fault analysis method on Camellia, makes the attack complexity analysis, and then verifies it through software simulation. Experiments demonstrate: due to its reversible permutation function and Feistel structure, Camellia is vulnerable to deep differential fault analysis, 16 and 24 faulty ciphertexts are enough to retrieve Camellia-128 and Camellia-192/256 key effectively. Finally, the contradictions between traditional cryptography and implementation attacks are analyzed, the state of the art and future directions of the fault attacks on Block ciphers are discussed.


Zhao X.-J.,Ordnance Engineering College | Guo S.-Z.,The Institute of North Electronic Equipment | Wang T.,Ordnance Engineering College | Liu H.-Y.,Ordnance Engineering College
Tongxin Xuebao/Journal on Communications | Year: 2011

An improved Cache trace attack on AES and CLEFIA was proposed by considering Cache miss trace information and S-box misalignment. Current trace driven attacks all assume that the S-box is perfectly aligned in Cache, and it's impossible to recover the whole first round key of AES and CLEFIA under limited key searching space. However, the research demonstrates that the S-box is misaligned in Cache at most cases, by utilizing the Cache miss trace information of the cipher encryption, 200 samples first round analysis and 50 samples last round analysis can reduce 128 bit AES master key searching space to 216 and 1 respectively, 80 samples first round analysis can reduce 128 bit CLEFIA first round key searching space to 216, 220 samples first three rounds analysis can reduce 128 bit CLEFIA master key searching space to 216, all of the attacks above can be finished within 1 second.

Loading The Institute of North Electronic Equipment collaborators
Loading The Institute of North Electronic Equipment collaborators