本文为卢森堡大学（作者：Dumitru-DanielDINU）的博士论文，共278页。

本论文致力于为资源受限的设备（例如通常部署在远程位置的无线传感器和执行器）提供高效、安全的轻量级对称密码原语实现。在这种情况下，加密算法必须消耗很少的计算资源，并且能够抵御各种各样的攻击，包括旁道攻击。

本论文的第一部分是关于轻量级对称算法在8位、16位和32位微控制器上的有效软件实现。这一部分的第一个贡献是FELICS的开发，FELICS是一个开源的基准测试框架，有助于从轻量级密码的实现中提取性能比较的图片。使用FELICS，我们在两种不同的使用场景下对19种轻量级分组密码的实现特性进行了公平的评估，这两种场景是物联网（IoT）中常见安全服务的代表。这项研究为密码算法的结构和在嵌入式微控制器上实现的性能之间的联系提供了新的见解。然后，我们提出了Sparx族的轻量级密码，描述了在形成该族的三个实例的过程中对软件效率的影响。最后，我们评估了对称算法的主要构造模块的成本，以确定哪些是最有效的。这一部分的贡献对于轻量级密码的设计者、软件和安全工程师以及标准化组织特别有价值。

在这项工作的第二部分中，我们将重点讨论利用嵌入式设备的能量或电磁辐射来执行轻量级算法的无保护实现的旁道攻击。首先，我们在相关功率分析（CPA）的背景下评估不同的选择函数，以推断哪些操作容易受到攻击。第二，我们展示了流行的开源加密库中存在的AES的大多数实现容易受到诸如CPA之类的旁道攻击，即使在攻击者对输入控制有限的网络协议场景中也是如此。此外，我们还描述了一种利用CPA攻击恢复主密钥的优化算法。第三，我们对Thread进行了第一次电磁漏洞分析，Thread是一个网络堆栈，旨在促进物联网设备之间的安全通信。本文的第三部分是针对能量和电磁分析攻击的旁道对抗。我们研究在布尔共享上计算简单位函数的高效安全表达式。为此，我们描述了一种高效搜索表达式的算法，这些表达式在初等运算的数量上具有最优代价。然后，我们介绍了位与或运算的一阶布尔掩膜的最佳表达式。最后，我们分析了三种使用最优表达式保护的轻量级分组密码的性能。

This thesis is devoted to efficient andsecure implementations of lightweight symmetric cryptographic primitives forresource-constrained devices such as wireless sensors and actuators that aretypically deployed in remote locations. In this setting, cryptographicalgorithms must consume few computational resources and withstand a largevariety of attacks, including side-channel attacks. The first part of thisthesis is concerned with efficient software implementations of lightweightsymmetric algorithms on 8, 16, and 32-bit microcontrollers. A firstcontribution of this part is the development of FELICS, an open-sourcebenchmarking framework that facilitates the extraction of comparativeperformance figures from implementations of lightweight ciphers. Using FELICS,we conducted a fair evaluation of the implementation properties of 19lightweight block ciphers in the context of two different usage scenarios,which are representatives for common security services in the Internet ofThings (IoT). This study gives new insights into the link between the structureof a cryptographic algorithm and the performance it can achieve on embeddedmicrocontrollers. Then, we present the Sparx family of lightweight ciphers anddescribe the impact of software efficiency in the process of shaping threeinstances of the family. Finally, we evaluate the cost of the main buildingblocks of symmetric algorithms to determine which are the most efficient ones.The contributions of this part are particularly valuable for designers oflightweight ciphers, software and security engineers, as well asstandardization organizations. In the second part of this work, we focus onside-channel attacks that exploit the power consumption or the electromagneticemanations of embedded devices executing unprotected implementations oflightweight algorithms. First, we evaluate different selection functions in thecontext of Correlation Power Analysis (CPA) to infer which operations are easyto attack. Second, we show that most implementations of the AES present inpopular open-source cryptographic libraries are vulnerable to side-channelattacks such as CPA, even in a network protocol scenario where the attacker haslimited control of the input. Moreover, we describe an optimal algorithm forrecovery of the master key using CPA attacks. Third, we perform the firstelectromagnetic vulnerability analysis of Thread, a networking stack designedto facilitate secure communication between IoT devices. The third part of thisthesis lies in the area of side-channel countermeasures against power andelectromagnetic analysis attacks. We study efficient and secure expressionsthat compute simple bitwise functions on Boolean shares. To this end, wedescribe an algorithm for efficient search of expressions that have an optimalcost in number of elementary operations. Then, we introduce optimal expressionsfor first-order Boolean masking of bitwise AND and OR operations. Finally, weanalyze the performance of three lightweight block ciphers protected using theoptimal expressions.

1.      引言

2. 轻量级密码系统的公平评估

3. 轻量级分组密码的公平评估

4. 轻量级分组密码Sparx族的效率

5. 高效的轻量对称密码体制

6. 对相关功率分析攻击的恢复能力

7. 对通信协议的相关功率分析攻击

8. Thread的电磁易损性分析

9. 最优一阶布尔掩膜

附录A 基本8位旋转的汇编代码

附录B 基本16位旋转的汇编代码

附录C 基本32位旋转的汇编代码

更多精彩文章请关注公众号：