|
|
论文:2022,Vol:40,Issue(1):76-83 |
|
|
引用本文: |
|
|
马艺新, 唐时博, 谭静, 李雪霏, 胡伟. 基于信息流分析的密码核设计安全验证与漏洞检测[J]. 西北工业大学学报 |
|
|
MA Yixin, TANG Shibo, TAN Jing, LI Xuefei, HU Wei. Cryptographic core design security verification and vulnerability detection based on information flow analysis[J]. Northwestern polytechnical university |
|
|
|
|
|
|
|
| 基于信息流分析的密码核设计安全验证与漏洞检测 |
|
| 马艺新, 唐时博, 谭静, 李雪霏, 胡伟 |
|
| 西北工业大学 网络空间安全学院, 陕西 西安 710072 |
| 摘要: |
| 密码算法核是保障信息机密性和完整性的关键部件。由于密码算法实现的安全性与算法在数学上的安全性是2个完全不同的问题,密码算法核可能隐含设计缺陷和旁路信道等安全隐患。基于功能验证的安全性分析方法严重依赖于测试向量的质量,覆盖率低,难以满足密码算法核这一安全关键部件的安全验证需求。从信息流安全的角度研究密码算法核安全验证与漏洞检测方法。该方法能够对密码算法核中全部逻辑信息流进行精确度量,实现对机密性和完整性等安全属性的形式化验证,可通过捕捉有害信息流动来检测密码算法核设计中潜在的安全隐患。实验结果表明信息流安全验证方法对密码算法核中的设计缺陷和旁路信道导致的敏感信息泄漏有很好的检测效果。 |
| 关键词:
信息流分析
安全验证
漏洞检测
密码算法核
|
|
| Cryptographic core design security verification and vulnerability detection based on information flow analysis |
|
| MA Yixin, TANG Shibo, TAN Jing, LI Xuefei, HU Wei |
|
| School of Cyberspace Security, Northwestern Polytechnical University, Xi'an 710072, China |
| Abstract: |
| Cryptographic cores are the key components to enforce information security properties related to confidentiality and integrity. Since the security of a cryptographic core implementation and the security of the cryptographic algorithm itself from the mathematical perspective are two different problems, cryptographic cores may contain hidden security vulnerabilities such as design flaws and side channels. Security analysis methods based on functional verification rely heavily on the quality of test vectors and usually have low test coverage, which is difficult to meet the security verification requirements of security-critical components like cryptographic cores. This work proposes a cryptographic core security verification and vulnerability detection method from the perspective of information flow security. The proposed method can accurately measure all logical information flows in cryptographic core designs to formally verify security properties such as confidentiality and integrity. It can detect potential security vulnerabilities in cryptographic implementations by capturing harmful information flows. Experimental results show that our information flow security verification method is effective in detecting sensitive information leakage caused by the design vulnerabilities and side channels in cryptographic cores. |
| Key words:
information flow analysis
security verification
vulnerability detection
cryptographic core
|
|
| 收稿日期: 2021-05-25
修回日期:
|
| DOI: 10.1051/jnwpu/20224010076 |
| 基金项目: 国家自然科学基金(62074131)与陕西省自然科学基金(2021JQ-123)资助 |
| 通讯作者: 胡伟(1982—),西北工业大学副教授、博士生导师,主要从事硬件安全、可重构计算以及嵌入式系统等研究。e-mail:weihu@nwpu.edu.cn
Email:weihu@nwpu.edu.cn |
| 作者简介: 马艺新(1997—),女,西北工业大学硕士研究生,主要从事硬件信息流安全验证研究。
|
|
| 相关功能 |
|
|
|
|
| 作者相关文章 |
|
| 马艺新 在本刊中的所有文章 |
| 唐时博 在本刊中的所有文章 |
| 谭静 在本刊中的所有文章 |
| 李雪霏 在本刊中的所有文章 |
| 胡伟 在本刊中的所有文章 |
|
|
|
|
|
|
|
|
参考文献: |
|
|
[1] MAO B, HU W, ALTHOFF A, et al. Quantitative analysis of timing channel security in cryptographic hardware design[J]. IEEE Trans on Computer-Aided Design of Integrated Circuits and Systems, 2017, 37(9):1719-1732
[2] ZHANG F, LOU X, ZHAO X, et al. Persistent fault analysis on block ciphers[J]. IACR Trans on Cryptographic Hardware and Embedded Systems, 2018, 20(3):150-172
[3] SKOROBOGATOV S, WOODS C. Breakthrough silicon scanning discovers backdoor in military chip[C]//Proceedings of the 14th International Conference on Cryptographic Hardware and Embedded Systems, 2012
[4] GAO Y, LIU L, DU H, et al. Software and hardware co-verification technology based on virtual prototyping of RF SOC[C]//2018 IEEE International Conference on Computer and Communication Engineering Technology, 2018
[5] TAI Y, HU W, ZHANG L, et al. A multi-flow information flow tracking approach for proving quantitative hardware security properties[J]. Tsinghua Science and Technology, 2020, 26(1):62-71
[6] TIWARI M, WASSEL H M, MAZLOOM B, et al. Complete information flow tracking from the gates up[C]//Proceedings of the 14th International Conference on Architectural Support for programming Languages and Operating Systems, 2009
[7] FERRAIUOLO A, XU R, ZHANG D, et al. Verification of a practical hardware security architecture through static information flow analysis[C]//Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, 2017
[8] JIN Y, GUO X, DUTTA R G, et al. Data secrecy protection through information flow tracking in proof-carrying hardware IP-part I:framework fundamentals[J]. IEEE Trans on Information Forensics and Security, 2017, 12(10):2416-2429
[9] BIDMESHKI M M, GUO X, DUTTA R G, et al. Data secrecy protection through information flow tracking in proof-carrying hardware IP-part Ⅱ:framework automation[J]. IEEE Trans on Information Forensics and Security, 2017, 12(10):2430-2443
[10] ARDESHIRICHAM A, HU W, MARXEN J, et al. Register transfer level information flow tracking for provably secure hardware design[C]//Design, Automation & Test in Europe Conference & Exhibition, 2017:1691-1696
[11] Aoki Laboratory. Cryptographic hardware project:IP cores[EB/OL]. (2008-04-01)[2021-03-01]. http://www.aoki.ecei.tohoku.ac.jp/crypto/web/cores.html
[12] 毛保磊, 胡伟, 慕德俊, 等. 基于信息熵的RSA硬件时间隐通道信息泄露量化研究[J]. 计算机学报, 2018, 41(2):426-438 MAO Baolei, HU Wei, MU Dejun, et al. Information entropy-based quantification of information leakage in RSA hardware time-hidden channels[J]. Journal of Computer Science, 2018, 41(2):426-438(in Chinese) |
|
|
|
|
|
|
|
