口令恢复是口令找回和电子取证的关键技术,而加密的Office文档被广泛使用,实现Office加密文档的有效恢复对信息安全具有重要的意义。口令恢复是计算密集型任务,需要硬件加速来实现恢复过程,传统的CPU和GPU受限于处理器结构,大大限制了...口令恢复是口令找回和电子取证的关键技术,而加密的Office文档被广泛使用,实现Office加密文档的有效恢复对信息安全具有重要的意义。口令恢复是计算密集型任务,需要硬件加速来实现恢复过程,传统的CPU和GPU受限于处理器结构,大大限制了口令验证速度的进一步提升。基于此,文中提出了基于FPGA集群的口令恢复系统。通过详细分析Office加密机制,给出了各版本Office的口令恢复流程。其次,在FPGA上以流水线结构优化了核心Hash算法,以LUT(Look Up Table)合并运算优化改进了AES(Advanced Encryption Standard)算法,以高速并行实现了口令生成算法。同时,以多算子并行设计了FPGA整体架构,实现了Office口令的快速恢复。最后,采用FPGA加速卡搭建集群,配合动态口令切分策略,充分发掘了FPGA低功耗高性能的计算特性。实验结果表明,无论在计算速度还是能效比上,优化后的FPGA加速卡都是GPU的2倍以上,具有明显的优势,非常适合大规模部署于云端,以缩短恢复时间找回口令。展开更多
Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to ...Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.展开更多
文摘口令恢复是口令找回和电子取证的关键技术,而加密的Office文档被广泛使用,实现Office加密文档的有效恢复对信息安全具有重要的意义。口令恢复是计算密集型任务,需要硬件加速来实现恢复过程,传统的CPU和GPU受限于处理器结构,大大限制了口令验证速度的进一步提升。基于此,文中提出了基于FPGA集群的口令恢复系统。通过详细分析Office加密机制,给出了各版本Office的口令恢复流程。其次,在FPGA上以流水线结构优化了核心Hash算法,以LUT(Look Up Table)合并运算优化改进了AES(Advanced Encryption Standard)算法,以高速并行实现了口令生成算法。同时,以多算子并行设计了FPGA整体架构,实现了Office口令的快速恢复。最后,采用FPGA加速卡搭建集群,配合动态口令切分策略,充分发掘了FPGA低功耗高性能的计算特性。实验结果表明,无论在计算速度还是能效比上,优化后的FPGA加速卡都是GPU的2倍以上,具有明显的优势,非常适合大规模部署于云端,以缩短恢复时间找回口令。
文摘Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.