ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (10): 2216-2228.doi: 10.7544/issn1000-1239.2019.20190406

所属专题: 2019密码学与智能安全研究专题

• 信息安全 • 上一篇    下一篇

物联网中MIBS轻量级密码的唯密文故障分析

李玮1,2,3,4,曹珊1,谷大武2,李嘉耀1,汪梦林1,蔡天培1,石秀金1   

  1. 1(东华大学计算机科学与技术学院 上海 201620);2(上海交通大学计算机科学与工程系 上海 200240);3(上海市可扩展计算与系统重点实验室(上海交通大学) 上海 200240);4(上海市信息安全综合管理技术研究重点实验室(上海交通大学) 上海 200240) (liwei.cs.cn@gmail.com)
  • 出版日期: 2019-10-16
  • 基金资助: 
    国家自然科学基金项目(61772129);国家密码发展基金项目(MMJJ20180101);上海市可扩展计算与系统重点实验室开放课题;上海市信息安全综合管理技术研究重点实验室开放课题(AGK201703);上海市青年科技英才扬帆计划(17YF1405500);东华大学研究生创新基金项目(GSIF-DH-M-2019013)

Ciphertext-Only Fault Analysis of the MIBS Lightweight Cryptosystem in the Internet of Things

Li Wei1,2,3,4, Cao Shan1, Gu Dawu2, Li Jiayao1, Wang Menglin1, Cai Tianpei1, Shi Xiujin1   

  1. 1(School of Computer Science and Technology, Donghua University, Shanghai 201620);2(Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240);3(Shanghai Key Laboratory of Scalable Computing and Systems (Shanghai Jiao Tong University), Shanghai 200240);4(Shanghai Key Laboratory of Integrate Administration Technologies for Information Security (Shanghai Jiao Tong University), Shanghai 200240)
  • Online: 2019-10-16

摘要: MIBS密码是在2009年的密码学和网络安全(CANS)会议上提出的一种轻量级算法,它具有较高的软硬件实现效率,并且能够抵抗差分分析、线性分析等传统密码分析方法,适合运行在资源受限,并有一定安全要求的物联网环境中.提出了一种针对MIBS密码的新型唯密文故障攻击,即利用新型双重“与”故障模型、新型Parzen-HW和Parzen-HW-MLE区分器对中间状态进行分析,进而破译MIBS密码.实验表明:该方法最少使用72个故障注入即可破译出主密钥,并且成功率不小于99%.该方法可以进一步降低故障注入数和时间,有效地提高了攻击效率.研究表明:唯密文故障攻击对MIBS密码算法的安全性造成极大的威胁,为其他轻量级密码的安全性分析提供了重要参考.

关键词: 轻量级密码, MIBS, 唯密文故障攻击, 物联网, 区分器

Abstract: The lightweight cryptosystem MIBS was proposed at the CANS conference in 2009. It has high efficiency in both hardware implementation and software implementation. MIBS can resist against classical cryptanalysis, such as differential analysis and linear analysis, etc. It is suitable for the resource-limited devices in the Internet of things. This paper proposes new ciphertext-only fault analysis of the MIBS cryptosystem. The attackers can apply a new fault model of Double AND and two novel distinguishers of Parzen-HW and Parzen-HW-MLE to break MIBS. The experiments only require at least 72 fault injections to recover the secret key with a success probability of no less than 99%. The method can further reduce fault injections and time, and effectively improve the attacking efficiency. It shows that the ciphertext-only fault analysis poses a serious threaten to the security of MIBS. The research also provides an important reference for the security analysis of other lightweight cryptosystems.

Key words: lightweight cryptosystem, MIBS, ciphertext-only fault analysis, Internet of things, distinguisher

中图分类号: