Constraint based program analysis is widely used in program validation, program vulnerability analysis, etc. This paper proposes a temporal correlation function to protect programs from analysis. The temporal correlat...Constraint based program analysis is widely used in program validation, program vulnerability analysis, etc. This paper proposes a temporal correlation function to protect programs from analysis. The temporal correlation function can be applied to resist against both static and dynamic function summary and eoncolie testing. What' s more, the temporal correlation function can produce different outputs even with same input. This feature can be used to damage the premise of function summary as well as prevent concolie testing process to run the new branch with new input. Experiment results show that this method can reduce efficiency and path coverage of concolic testing, while greatly in- creasing the difficulty of constraint based program analysis.展开更多
Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel sec...Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.展开更多
基金Supported by the National Natural Science Foundation of China(No.61121061)National Key Technology R&D Program(No.2012BAH38B02,2012BAH06B00)
文摘Constraint based program analysis is widely used in program validation, program vulnerability analysis, etc. This paper proposes a temporal correlation function to protect programs from analysis. The temporal correlation function can be applied to resist against both static and dynamic function summary and eoncolie testing. What' s more, the temporal correlation function can produce different outputs even with same input. This feature can be used to damage the premise of function summary as well as prevent concolie testing process to run the new branch with new input. Experiment results show that this method can reduce efficiency and path coverage of concolic testing, while greatly in- creasing the difficulty of constraint based program analysis.
基金Project supported by the Major Program of the Ministry of Industry and Information Technology of China(No.2017ZX01030301)the Beijing Natural Science Foundation of China(No.4162053)
文摘Hash-based message authentication code(HMAC)is widely used in authentication and message integrity.As a Chinese hash algorithm,the SM3 algorithm is gradually winning domestic market value in China.The side channel security of HMAC based on SM3(HMAC-SM3)is still to be evaluated,especially in hardware implementation,where only intermediate values stored in registers have apparent Hamming distance leakage.In addition,the algorithm structure of SM3 determines the difficulty in HMAC-SM3 side channel analysis.In this paper,a skillful bit-wise chosen-plaintext correlation power attack procedure is proposed for HMAC-SM3 hardware implementation.Real attack experiments on a field programmable gate array(FPGA)board have been performed.Experimental results show that we can recover the key from the hypothesis space of 2256 based on the proposed procedure.
