|
US$509.00 · In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GM/T 0083-2020: Guideline for the mitigation of non-invasive attacks against cryptographic modules
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GM/T 0083-2020 | English | 509 |
Add to Cart
|
4 days [Need to translate]
|
Guideline for the mitigation of non-invasive attacks against cryptographic modules
| Valid |
GM/T 0083-2020
|
PDF similar to GM/T 0083-2020
Basic data | Standard ID | GM/T 0083-2020 (GM/T0083-2020) | | Description (Translated English) | Guideline for the mitigation of non-invasive attacks against cryptographic modules | | Sector / Industry | Chinese Industry Standard (Recommended) | | Classification of Chinese Standard | L80 | | Word Count Estimation | 22,226 | | Date of Issue | 2020-12-28 | | Date of Implementation | 2021-07-01 | | Regulation (derived from) | National Cryptography Administration Announcement No. 41 | | Issuing agency(ies) | State Administration of Cryptography | GM/T 0083-2020: Guideline for the mitigation of non-invasive attacks against cryptographic modules
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Guideline for the mitigation of non-invasive attacks against cryptographic modules
ICS 35.040
CCSL80
People's Republic of China Password Industry Standard
Cryptographic module non-invasive attack mitigation technical guide
2020-12-28 released
2021-07-01 implementation
Issued by the National Cryptography Administration
Table of contents
Foreword Ⅰ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Symbols and abbreviations 2
4.1 Symbol 2
4.2 Abbreviations 3
5 Non-invasive attack methods 3
5.1 Overview 3
5.2 Naming and Classification 4
5.3 Analysis Process 4
5.4 Relevance to safety functions 5
6 Non-invasive attack mitigation techniques 6
6.1 Overview 6
6.2 Timing analysis attack mitigation technology 7
6.3 Energy analysis attack mitigation technology 7
6.4 Electromagnetic analysis attack mitigation technology 10
7 Non-invasive attack test method 11
7.1 Overview 11
7.2 Test Strategy 11
7.3 Test Framework 11
7.4 Test process 12
7.5 Manufacturer Information Required for Testing 16
Appendix A (informative) SM2/SM9 and SM4 non-invasive attack mitigation technology introduction 17
Reference 19
Cryptographic module non-invasive attack mitigation technical guide
1 Scope
This document provides non-intrusive attack methods, mitigation techniques, and test methods for cryptographic modules.
This document is suitable for guiding the deployment of non-intrusive attack mitigation techniques in the cryptographic module, and guiding technical personnel in the development and use of the cryptographic module
In the process, according to the characteristics of specific cryptographic algorithms, cryptographic module features, and actual deployment scenarios, mitigation technologies are selected to resist non-intrusive
Threat of attack.
2 Normative references
The contents of the following documents constitute the indispensable clauses of this document through normative references in the text. Among them, dated quotations
Only the version corresponding to that date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
This document.
GB/T 25069 Information Security Technical Terms
GB/T 32905 Information Security Technology SM3 Cipher Hash Algorithm
GB/T 32907 Information Security Technology SM4 Block Cipher Algorithm
GB/T 32918 (all parts) Information security technology SM2 elliptic curve public key cryptographic algorithm
GB/T 37092-2018 Information Security Technology Cryptographic Module Security Requirements
GM/T 0001 (all parts) Zu Chong's sequence cipher algorithm
GM/T 0044 (all parts) SM9 identification password algorithm
3 Terms and definitions
The following terms and definitions defined in GB/T 25069 and GB/T 37092 apply to this document.
3.1
Advanced side-channel analysis advanced side-channelattacks
Advanced utilization of channel leakage. These leaks mainly depend on the data processed by the cryptographic device and the execution of the secret parameters when retrieving the secret parameters.
operate.
3.2
Criticalsecurityparameter
Security-related information (e.g. secret and private cryptographic keys, authentication data such as passwords, personal identification numbers, certificates or other
Trusted anchor), its leakage or modification will endanger the security of the cryptographic module.
Note. The key security parameters may be clear text or encrypted.
[GB/T 25069-2010, definition 2.2.2.50]
3.3
Critical safety parameter class CSPclass
CSP classification, such as keys, authentication data (such as passwords, PINs, biometric authentication data).
3.4
Differential electromagnetic analysis
Analyze the electromagnetic radiation changes of the cryptographic module. For a large number of electromagnetic radiation measurement values, statistical methods are used to determine the classification
Side channel analysis process.
The simple side-channel analysis process is usually. direct (mainly visual) or visual recognition analysis methods on the cryptographic module
Run time, energy consumption or electromagnetic leakage detection and analysis, thereby revealing the secret parameters of the cryptographic algorithm.
Advanced side channel analysis usually includes the following steps.
a) Perform N measurements on the observed measurement (o_i), and each measurement corresponds to a cryptographic operation with known input X and key K as parameters.
Calculate A;
b) Select leakage model M for the device;
c) Select the observation processing function C (by default, C is set to identity transformation);
d) Make an assumption about the possible value of the key K or its subkeys, denoted as h;
e) Infer N predicted values pred_i from A, h, (o_i)_i and possible M (each predicted value corresponds to a plaintext, and the
Observations corresponding to the plaintext have been obtained);
f) Select the statistical test function D, and calculate D[pred_i,C(o_i)];
g) If D[pred_i,C(o_i)] is greater than a certain threshold, the hypothesis h is considered correct. Otherwise, consider that the assumed value is wrong and go back to step
Step d) and re-select the hypothetical value h.
Among them, step b) and step c) are optional. The threshold in step g) should be selected according to the actual attack method. A classic
The method is to select the maximum value in D[pred_i,C(o_i)] corresponding to all key hypotheses as the threshold. Observation o_i is univariate
It can also be multivariate. When o_i is a multi-variable, each variable in o_i corresponds to the measured quantity at a different time. o_i dimensions are available
d_o said. The observation processing function C(.) is a polynomial function, defined on the d_o-dimensional real number vector set, and the Rd_o table is used below
Show, the degree of the polynomial is represented by d_C. Function D(pred_i,.). X→D(pred_i,X) represents a polynomial containing X, polynomial
The number of times is d_D, and the value d_C*d_D is the order d of the attack.
Collision attack is a special advanced side channel analysis method, and its analysis process mainly includes.
a) Perform N measurements on the observed measurement (o_i), and each measurement corresponds to a cryptographic operation with known input X and key K as parameters.
Calculate A;
b) Extract feature points from different operation moments in the energy trace o_i;
c) Assume the possible values of the difference value (k1-k2), and the hypothetical value is denoted as h, where k1 and k2 are the two parts of the target key K respectively
Points (that is, the two subkeys in the block cipher implementation);
d) Group each observation (o_i)_i according to the differential hypothesis h;
e) If it is assumed that the difference value h is the same as the real subkey difference value, then the observable o_i group corresponding to the difference value is selected
There is a strong correlation between the different feature points.
For example, if the attack targets the operation of F(x1_i k1), the attack will be extracted from the observation o_i and F(x1_i k1) and another
Feature points related to the F(x2_i k2) operation, and these observations will be regrouped according to h, and the satisfaction of the observations in each group
The quality x2_i-x1_i=h. In order to confirm this hypothesis h, the correlation coefficient is usually used as the test function D. When h correctly predicts k1-k2
The difference value of the observations in the h-th group has a high correlation on the two parts of the feature points corresponding to F(x1_i k1) and F(x2_i k2).
All attacks described in this section include vertical attacks, horizontal attacks, and rectangular attacks (i.e. horizontal and vertical attacks).
---In the vertical attack method, each observation o_i corresponds to a different algorithm operation;
---In the horizontal attack method, all o_i correspond to the same algorithm operation;
--- In the rectangular attack method, one part of o_i corresponds to the same arithmetic operation and the other part corresponds to a different arithmetic operation.
In this document, vertical attack is the default attack method.
5.4 Relevance to safety functions
The non-intrusive attack methods described in this section are related to the non-intrusive security functions involved in GB/T 37092.
See Appendix C in GB/T 37092-2018, and the correlation between non-intrusive attack methods and security functions is shown in Table 1.Actual use of this document
Can be used in conjunction with GB/T 37092-2018.
6.2 Timing analysis attack mitigation technology
6.2.1 Balanced instruction branch technology
The balanced instruction branching technology checks all the instruction branches related to key security parameters that appear in the cryptographic module.
When the characteristics allow, reduce the variance of the total execution time of instructions of different branches as much as possible, thereby balancing instruction branches and using fixed time
Command execution features to combat timing analysis attacks.
6.2.2 Random Delay Insertion Technology
The random delay insertion technology counteracts timing analysis attacks by inserting random delay operations in the implementation of cryptographic algorithms. this method
It can effectively reduce the accuracy of the attacker's measurement of the execution time of instructions related to key security parameters. From the number of timings required by the attacker
In other words, the number of times the attacker needs to perform a successful attack is proportional to the square of the time noise introduced. For example, a modular exponentiation
The standard deviation of the operation time of the device is n milliseconds, and the use of timing analysis attacks can restore the key safety of its use in x times of timing measurements.
Parameters, when a random delay is introduced to make the standard deviation of the modular exponentiation operator's own operation time become m milliseconds, the number of timing measurements required by the attacker
Will become y=(m/n)2*(x).
6.2.3 Blinding technology
The blinding technology completely randomizes the time required for the cryptographic operation, so that the intermediate value of the calculation generated during the calculation process is unpredictable.
Resist timing analysis attacks. This technique is mainly used in the signature process. Before each signature starts, a random number generator (RNG) is used to generate
Into two random numbers (vi, vf), and then the random number vi is combined with the plaintext message to be signed, so that all operations in the subsequent signing process are
Method forecast. In order to finally obtain the correct signature result, vf can be derived from vi, and the signature result generated by the blind message is compensated.
To the correct plaintext message signature result.
6.3 Energy analysis attack mitigation technology
6.3.1 Hidden technology
Common hiding technologies are divided into time-dimension hiding technologies and amplitude-dimension hiding technologies. The hidden technology of the time dimension is mainly
For the differential energy analysis attack, it is necessary to collect the energy consumption at a fixed time point on the energy curve for statistical analysis. If the condition cannot be fulfilled
If enough, the difficulty of the attack is greatly increased. In the concealment technology of the amplitude dimension, it can be achieved by using dual-track precharge logic and introducing additional noise.
Formula to generate a constant voltage amplitude or randomize the measured voltage amplitude, and then hide the energy consumption including the intermediate value of the key safety parameters.
a) Time dimension hiding technology
1) Randomly insert pseudo-instruction technology
Random insertion pseudo-instruction technology randomly inserts null instructions or some invalid instructions to change the order of cryptographic algorithm instructions
Column, reduce the probability of occurrence of real energy consumption generated by sensitive intermediate values at a fixed point in time, and increase energy analysis attacks
The difficulty. This technology is easy to deploy in cryptographic modules and will not increase additional computational overhead. However, the technology has instructions
The pattern is easy to be recognized, the total time of algorithm encryption is inconsistent, etc., so that this mitigation technology will still be affected by some common attack techniques.
Technical analysis, such as simple energy analysis. The mitigation technology of randomly inserting pseudo-instructions should be used as the mitigation technology of the lowest security level
To use.
2) Pseudo-wheel computing technology
The pseudo-round operation technology is mainly randomized by randomly inserting pseudo-round operations between the modules of the cryptographic algorithm round function.
Algorithm execution flow. The pseudo-round operation can be implemented by inserting the forward and reverse round function pairs at the same time, and the pseudo-round function
The round key of the pair is a fixed value, independent of the key set by the cryptographic algorithm itself, and the forward encryption round operation and the reverse solution
The round keys of the dense round operation are the same, but the round order is reversed. It is difficult for an attacker to determine the internal calculation data of the algorithm and the operating function of the circuit.
Correspondence between time-consuming points, and then effectively hide the energy consumption related to key safety parameters.
6.3.2 Masking/Blinding Technology
Mask mitigation technology is mainly used in symmetric cryptographic algorithms to randomize all intermediate values generated during the calculation of cryptographic algorithms
It cuts off the direct connection between the energy consumption of the cryptographic module and the predictable and sensitive intermediate value. The masking scheme can be divided according to the order of the mask.
The N-order mask scheme refers to the protection of all intermediate values generated during the operation with random numbers, and can be expressed in the following form. M0=
X M1 M2 Mn, where M0 is called the masked median value, X represents the sensitive median value (which contains key safety parameters), Mi, i
∈[1,n] represents n masked random numbers generated randomly, and "" represents a kind of arithmetic operation, such as XOR operation. Normally, higher-order masks
The scheme is more secure than the low-level mask scheme, but it will cause more random number generation overhead, storage overhead, and in the actual operation process.
The computational overhead introduced in.
The blinding mitigation technology is mainly used in asymmetric cryptographic algorithms. As introduced in 6.2.3, this technology uses randomization of asymmetric cryptography.
The algorithm calculates the intermediate value to avoid the attacker's effective prediction of the intermediate value, thereby preventing energy analysis attacks. Therefore, blinding technology does not
It can only effectively resist timing analysis attacks, and also has mitigating effects for energy analysis attacks.
6.3.3 Other mitigation techniques
In order to deploy higher security mitigation technology in the cryptographic module, while taking into account the resource overhead of the cryptographic module, it is advisable to use a mixed defense mitigation technology.
Solution technology.
The hybrid defense mitigation technology adopts a low-order mask scheme and a hybrid mitigation technology of order out of order, which can effectively improve the energy analysis attack.
Threshold, to provide high security protection for the cryptographic module. Take the first-order mask as an example, although the first-order mask scheme can resist common statistical analysis techniques.
However, it is vulnerable to the threat of second-order attacks. For example, since the first-order mask divides the sensitive median value into two random variables M0=X M1
And M1, if the attacker can extract the energy consumption corresponding to these two random variables at a specific moment in the energy trace, then the two parts can
The combined energy consumption of the mass consumption will once again have a correlation with the sensitive intermediate value X. To avoid the threat of such energy analysis attacks,
The instruction disorder technology is further adopted to randomize the appearance positions of the two random variables divided by the sensitive intermediate value. This kind of
Out-of-order processing makes it impossible for an attacker to easily locate the calculated position of each sub-part of the divided intermediate value on the energy curve, which improves the
It is difficult for the energy consumption of related locations to be jointly processed, which in turn provides higher security protection for the cryptographic module.
6.4 Electromagnetic analysis attack mitigation technology
6.4.1 Low-power technology
The low-power technology suppresses the electromagnetic radiation available from the cryptographic module by reducing the energy consumption of the cryptographic module.
6.4.2 Shielding kit technology
The shielding kit technology installs electromagnetic shielding kits outside all components that may cause electromagnetic leakage related to key safety parameters
(Such as Faraday cage), suppress or effectively reduce the available electromagnetic radiation, eliminate electromagnetic analysis attacks from the source, that is, eliminate the password module
The electromagnetic radiation generated when the operation password calculates the intermediate value.
6.4.3 Spread spectrum clock technology
Spread spectrum clock technology mainly uses low-frequency modulation signals to frequency modulate periodic narrowband clocks and expand them into broadband clocks
Signal. This method can effectively reduce the fundamental frequency and the amplitude of the harmonics of all digital signals driven by the modulation clock, and the energy of the signal
Uniform diffusion in the entire frequency band, to obtain a greater attenuation of electromagnetic radiation. This method of using a spread spectrum clock to reduce peak radiated energy
Law is more common in the field of electromagnetic compatibility.
6.4.4 Interleaved dual-track logic technology
The interleaved dual-rail logic technology is an improved form of placement and routing of the dual-rail precharge logic technology (see 6.3.1), that is, the interleaved original logic
A wiring realization of the logic circuit and compensation logic circuit. The mitigation technology first combines the circuit part including the calculation of key safety parameters with
The parts of the logic circuit that do not need to be protected are reasonably divided, and at the same time, the dual-rail precharge logic circuit is implemented on the sensitive circuit, and the maximum
The local real circuit and compensation circuit are laid out in adjacent spatial locations. This mitigation can reduce the electromagnetic energy of any part of the dual-track logic circuit
The amount consumption remains constant, which effectively hides the energy consumption generated when the intermediate value is operated in the actual operation of the circuit, and resists the subsequent use of statistical analysis methods.
Perform an electromagnetic analysis attack for key recovery.
6.4.5 Distributed circuit architecture technology
The distributed circuit architecture technology splits the modules related to the calculation of key safety parameters into parallel distributed computing sub-modules.
This makes it impossible to collect complete leaked information for electromagnetic analysis attacks against a single detection location, thereby effectively mitigating the dependence on electromagnetic probe pairs.
Target calculation module accurately locates the electromagnetic analysis attack threat.
7 Non-invasive attack test methods
7.1 Overview
This chapter provides corresponding test methods for the non-intrusive attack methods specified in Chapter 5.
7.2 Test strategy
The goal of non-intrusive attack testing is to evaluate whether cryptographic modules that use non-intrusive attack mitigation technologies can provide resistance to non-intrusive attacks.
The ability to strike. The test program cannot guarantee that the cryptographic module can completely resist attacks, but an effective test can show that the cryptographic module is fully considered
Design and implementation of non-invasive attack mitigation technology.
The basic principle of non-intrusive attack testing is to first extract physical quantities from or around the cryptographic module in a non-intrusive method.
Then use the bias hidden in the physical quantity to launch the attack. This bias originates from or depends on the secret information of the attacker as the target.
interest. In this document, this biased amount that relies on secret information is called a leak. If the experimental results show that the leaked information exceeds the allowable
If the leakage threshold is higher, it is considered that the cryptographic module cannot pass the non-intrusive attack test. On the contrary, if the leak is not observed, the attack will fail, then
It is believed that the cryptographic module has passed the non-intrusive attack test. This method of testing for the presence or absence of a leak is referred to as leak analysis in this document.
The non-intrusive attack test process is to collect and analyze measurement data under certain test restrictions, and determine information about key security parameters
The degree of leakage, and these test restrictions include the maximum upper limit of data collection and the test time used.
7.3 Test Framework
Testers should check the security of the cryptographic module, including resistance to timing analysis attacks, simple energy/electromagnetic analysis attacks, differential energy/
The ability of electromagnetic analysis attack, non-intrusive attack test framework is shown in Figure 5.The tester should follow the sequence of operations in Figure 5.E.g,
A simple energy/electromagnetic analysis test is required after passing the timing analysis attack test.
The non-intrusive attack test method in this document does not need to extract the complete key in the cryptographic module. As long as there is a clear
If the sensitive information is leaked, it is considered that the cryptographic module has not passed the test.
|