Search

CN-116208960-B - Side channel attack detection method, device, equipment and storage medium

CN116208960BCN 116208960 BCN116208960 BCN 116208960BCN-116208960-B

Abstract

The embodiment of the disclosure provides a side channel attack detection method, a side channel attack detection device, side channel attack detection equipment and a storage medium, which are applied to the technical field of network security. The method comprises the steps of obtaining waveform information, including energy waveform information, electromagnetic waveform information and time waveform information, of a component to be detected, extracting characteristics corresponding to the waveform information, calling a preset correlation analysis mathematical model, calculating the correlation between the characteristics corresponding to the energy waveform information and key secret information of the component to be detected and the correlation between the characteristics corresponding to the electromagnetic waveform information and the key secret information of the component to be detected, calling a preset IO analysis mathematical model, calculating the correlation between the characteristics corresponding to the time waveform information and the key secret information of the component to be detected, and obtaining a detection result of the component to be detected according to a calculation result. In this way, whether the component to be detected has side channel attack or not can be detected, and the effects of reducing time consumption, improving success rate and improving side channel attack detection efficiency are achieved.

Inventors

  • SUN JUN
  • ZHANG GE
  • ZHANG ZHEYU
  • LI YANG
  • WANG RUI
  • Ning Yupeng

Assignees

  • 国家工业信息安全发展研究中心
  • 北京中宇万通科技股份有限公司

Dates

Publication Date
20260505
Application Date
20230228

Claims (8)

  1. 1. A method for detecting a side channel attack, comprising: acquiring waveform information of a component to be tested, wherein the waveform information comprises energy waveform information, electromagnetic waveform information and time waveform information; Extracting the characteristics corresponding to the waveform information, wherein the extracting the characteristics corresponding to the waveform information comprises performing autocorrelation processing on the waveform information; The method comprises the steps of calling a preset correlation analysis mathematical model, calling a preset IO analysis mathematical model, and calculating the correlation between the characteristic corresponding to the time waveform information and the key secret information of the component to be tested, wherein the preset correlation analysis mathematical model is a first-order CPA analysis mathematical model and a clear-ciphertext correlation analysis mathematical model; and obtaining a detection result of the component to be detected according to the calculation result, wherein the detection result comprises the presence side channel attack or the absence side channel attack.
  2. 2. The method of claim 1, wherein after the acquiring the waveform information of the component under test, the method further comprises: Storing the waveform information.
  3. 3. The method of claim 1, wherein prior to said autocorrelation of said waveform information, said method further comprises: And carrying out elastic alignment, resampling, sliding average, grouping average or waveform operation pretreatment on the waveform information.
  4. 4. The method of claim 1, wherein the first-order CPA analysis mathematical model and the plaintext correlation analysis mathematical model comprise: Wherein r represents the correlation coefficient, i.e. the study variable An amount of linear correlation therebetween; represents the covariance of X and Y; the variance of X: The method comprises the steps of representing variance of Y, representing characteristics corresponding to waveform information, and representing key secret information of a component to be tested.
  5. 5. A side channel attack detection device, comprising: The device comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring waveform information of a component to be tested, and the waveform information comprises energy waveform information, electromagnetic waveform information and time waveform information; The device comprises a waveform information acquisition module, an extraction module, a characteristic extraction module and a characteristic extraction module, wherein the waveform information acquisition module is used for acquiring waveform information; The computing module is used for calling a preset correlation analysis mathematical model to compute the correlation between the characteristic corresponding to the energy waveform information and the key secret information of the component to be tested and the correlation between the characteristic corresponding to the electromagnetic waveform information and the key secret information of the component to be tested; the generating module is used for obtaining a detection result of the component to be detected according to the calculation result, wherein the detection result comprises a side channel attack or a side channel attack which does not exist.
  6. 6. The side channel attack detection system is characterized by comprising a safe storage device, an acquisition device, an oscilloscope and a detection device; the safety storage device is used for safety authentication login; the acquisition equipment is used for acquiring waveform data of the component to be detected, wherein the waveform data comprises energy waveform data, electromagnetic waveform data and time waveform data; The oscillograph is used for receiving the waveform data sent by the acquisition equipment and converting the waveform data into waveform information, wherein the waveform information comprises energy waveform information, electromagnetic waveform information and time waveform information; The detection device is used for receiving the waveform information sent by the oscilloscope and extracting the characteristics corresponding to the waveform information, and is also used for calling a preset correlation analysis mathematical model to calculate the correlation between the characteristics corresponding to the energy waveform information and the key secret information of the component to be detected and the correlation between the characteristics corresponding to the electromagnetic waveform information and the key secret information of the component to be detected, calling a preset IO analysis mathematical model to calculate the correlation between the characteristics corresponding to the time waveform information and the key secret information of the component to be detected, obtaining the detection result of the component to be detected according to the calculation result, wherein the detection result comprises side channel attack or side channel attack does not exist, extracting the characteristics corresponding to the waveform information comprises carrying out autocorrelation processing on the waveform information, extracting the characteristics corresponding to the waveform information according to the waveform information after the autocorrelation processing, and the preset correlation analysis mathematical model is a first-order ciphertext A analysis mathematical model and a clear correlation analysis mathematical model.
  7. 7. An electronic device, comprising: at least one processor, and A memory communicatively coupled to the at least one processor; The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-4.
  8. 8. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-4.

Description

Side channel attack detection method, device, equipment and storage medium Technical Field The disclosure relates to the technical field of computers, in particular to the technical field of network security, and specifically relates to a method, a device, equipment and a storage medium for detecting side channel attack. Background The core idea of a side channel attack (SIDE CHANNEL ATTACK, SCA) is to obtain ciphertext information from various leakage information generated when encryption software or hardware is running. In a narrow sense, the side channel attack refers to a non-invasive attack specific to the cryptographic algorithm, and the cryptographic algorithm is cracked through side channel information leakage of the encryption electronic equipment in the running process. The narrow-definition side channel attack mainly comprises timing attack, energy analysis attack, electromagnetic analysis attack and the like aiming at a cryptographic algorithm, and the effectiveness of the novel attack is far higher than that of a mathematical method of the cryptographic analysis, so that serious threat is brought to the cryptographic equipment. The currently adopted method for detecting the side channel attack mainly comprises the steps of energy comparison, longer time consumption, lower success rate and poor reaction of the side channel vulnerability, so that the side channel attack detection efficiency is lower. Disclosure of Invention The disclosure provides a side channel attack detection method, a side channel attack detection device, side channel attack detection equipment and a storage medium. According to a first aspect of the present disclosure, a side channel attack detection method is provided. The method comprises the following steps: acquiring waveform information of a component to be tested, wherein the waveform information comprises energy waveform information, electromagnetic waveform information and time waveform information; Extracting characteristics corresponding to the waveform information; invoking a preset correlation analysis mathematical model to calculate the correlation between the characteristic corresponding to the energy waveform information and the key secret information of the component to be tested and the correlation between the characteristic corresponding to the electromagnetic waveform information and the key secret information of the component to be tested; and obtaining a detection result of the component to be detected according to the calculation result, wherein the detection result comprises the presence side channel attack or the absence side channel attack. In the aspect and any possible implementation manner described above, there is further provided an implementation manner, after the acquiring waveform information of the component under test, the method further includes: Storing the waveform information. In the aspect and any possible implementation manner described above, there is further provided an implementation manner, where the extracting the features corresponding to the waveform information includes: performing autocorrelation processing on the waveform information; And extracting the characteristics corresponding to the waveform information according to the waveform information after the autocorrelation processing. In accordance with the aspects and any possible implementation manner of the foregoing, there is further provided an implementation manner, before the performing autocorrelation processing on the waveform information, the method further includes: And carrying out elastic alignment, resampling, sliding average, grouping average or waveform operation pretreatment on the waveform information. In the aspect and any possible implementation manner as described above, there is further provided an implementation manner, where the preset correlation analysis mathematical model is a first-order CPA analysis mathematical model and an explicit ciphertext correlation analysis mathematical model. In the aspect and any possible implementation manner as described above, further provided is an implementation manner, where the correlation coefficients of the first-order CPA analysis mathematical model and the plaintext correlation analysis mathematical model include: Wherein r represents a correlation coefficient, namely, the amount of linear correlation degree between study variables (X, Y), cov (X, Y) represents covariance of X and Y, var [ X ] represents variance of X, var [ Y ] represents variance of Y, X represents characteristics corresponding to waveform information, and Y represents key secret information of a component to be tested. According to a second aspect of the present disclosure, a side channel attack detection arrangement is provided. The device comprises: The device comprises an acquisition module, a control module and a control module, wherein the acquisition module is used for acquiring waveform information of a component to be tested, and t