錯誤攻擊法實驗與具抵抗電路之先進加密標準核心設計

Abstract

先進加密標準(AES)是一種兼具高安全度與效率之對稱式加密演算法，並被廣泛應用於現今之電子設備中來保護機密資料。但是 AES 硬體設計實作卻可能被錯誤攻擊法在短時間內破解出密鑰。本論文中提供實際對 FPGA上實作的AES硬體使用錯誤攻擊法攻擊的差動錯誤分析演算法實作結果，與在硬體運算過程中造成錯誤之方法的實驗結果分析以及比較，並成功破解 AES 取得密鑰。為了防範錯誤攻擊法，本論文中提供了具錯誤攻擊法抵抗電路之 AES 硬體設計，具有良好錯誤偵測能力，並且可支援現今高效能無線傳輸系統需求。本論文之防禦電路設計合成於 90nm CMOS 製程的結果顯示支援AES 128bit 金鑰的硬體設計在2.9Gbps 傳輸量占19.3K gates 之面積，而支援 AES128, 192, 256bit金鑰之設計可達 2.3Gbps 並使用 21K gates，兩者皆符合現今無線傳輸系統如 IEEE 802.11ac定義之超越 Gbps 效能需求，並且提供良好的錯誤偵測能力以抵抗錯誤攻擊法。

AES is a highly efficient and secure symmetric key crypto-system protecting secret data against malicious third party. Various AES hardware implementations has been adopted in electronic devices such as high throughput wireless transmission, storage system, and low cost biomedical devices. In this thesis, we present high throughput and area efficient AES designs supporting wireless or mobile terminals. Our design can achieve over Gbps throughput, which is compatible for IEEE 802.11ac wireless standard, anticipating to be announced in late 2013. However, differential fault analysis(DFA) proposed in 1997 noticed the weakness of AES under fault attack. We implement Piret and Mukhopadhyay attack proving that both attacks can uncover the AES key in short time period using only two faulty cipher texts. The faulty ciphers are generated by disturbing the normal operation using supply voltage reduction and clock glitch insertion attacks on FPGA. Furthermore, countermeasures against fault attack with good fault detection ability are designed and synthesized in 90nm CMOS technology. Our compact and high throughput designs achieve 2.9Gbps@19.3Kgates and 2.3Gbps@21Kgates for AES128 and AES256 respectively, which are ideal for protecting next generation wireless communication.