基于时频特征的多源融合信息泄露检测方法

冯祺; 周永彬; 明经典; 张倩

引用本文：

冯祺,周永彬,明经典,张倩.基于时频特征的多源融合信息泄露检测方法[J].信息安全学报,2026,11(2):221-236 [点击复制]
FENG Qi,ZHOU Yongbin,MING Jingdian,ZHANG Qian.Time-Frequency Characteristics Based Multi-Channel Fusion Leakage Detection[J].Journal of Cyber Security,2026,11(2):221-236 [点击复制]

本文已被：浏览 14次下载 6次	码上扫一扫！
基于时频特征的多源融合信息泄露检测方法
冯祺^1,2, 周永彬^1,2, 明经典^1,2, 张倩^1,2
0 字体:加大+\|默认\|缩小-
(1.中国科学院信息工程研究所信息安全国家重点实验室北京中国 100093;2.中国科学院大学网络空间安全学院北京中国 100049)

摘要:

密码芯片在运行过程中会同时产生能量消耗、电磁辐射等多种信息泄露,而信息泄露利用对密码设备的实际安全性造成严重威胁。泄露检测是评估密码设备信息泄露风险威胁的一项重要技术,主要通过假设检验的方式检测密码设备是否存在与敏感数据相关的信息泄露。仅对其中一种特定类型的信息泄露进行检测容易忽视多种信息泄露之间存在的内在关联性,故难以充分刻画密码设备的实际安全性。多源融合信息泄露检测是试图克服这一重要技术缺陷的新方向。本文提出基于时频特征的多源融合信息泄露检测方法,在确定性和非确定性检测两种场景,基于时频特征的多源融合信息泄露检测方法充分利用假设检验t-test、Hotelling’s T2-test、F-test、Wilk’s Lambda-test的特性,并将这四种假设检验方法与信息泄露的时域和频域特征进行融合,深入挖掘与敏感信息相关的信息泄露。本文通过频率信息泄露点密度、信噪比、维数等多种因素与检测出泄露所需侧信息数量的关系,分析了基于时频特征的多源融合信息泄露检测方法的可行性与适用性。实验结果表明,在采样点数量相同的情况下,与已有检测方法相比,本文新方法的误报率降低99.33%～99.97%;在确定性检测情况下,与已有检测方法相比,本文新方法检测出泄露所需侧信息数量降低15%～52%;在非确定性检测情况下,与已有检测方法相比,本文新方法检测出泄露所需侧信息数量降低29%～64%。

关键词: 密码设备侧信道分析泄露检测时频特征多源融合

DOI：10.19363/J.cnki.cn10-1380/tn.2026.03.14

投稿时间：2020-12-18修订日期：2021-02-01

基金项目:本课题得到国家自然科学基金(No.61632020,No.U1936209,No.62002353)和北京市自然科学基金(No.4192067)资助。

Time-Frequency Characteristics Based Multi-Channel Fusion Leakage Detection

FENG Qi^1,2, ZHOU Yongbin^1,2, MING Jingdian^1,2, ZHANG Qian^1,2

(1.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China)

Abstract:

Various information leakages such as power and electromagnetic are generated during the running of cryptographic devices, and The utilization of information leakage poses a serious threat to the actual security of cryptographic device. Leakage detection is an important technology to assess the risk of leakage of cryptographic device, it is to find the evidence of dependency between leakages and sensitive data through hypothesis testing. Detecting only one specific type of information leakage ignores the inherent correlation between multiple information leakages, so it is difficult to fully characterize the actual security of cryptographic devices. Multi-channel fusion leakage detection is a new direction to overcome this technical defect. This paper proposes time-frequency characteristics based multi-channel fusion leakage detection. In both of specific and non-specific scenarios, time-frequency characteristics based multi-channel fusion leakage detection fully utilize the characteristics of hypothesis testing t-test, Hotelling's T2 test, F-test, and Wilk's Lambda test, and combine these four hypothesis testing methods with the time-domain and frequency-domain characteristics of information leakage to deeply explore information leakages related to sensitive data. This paper analyzes the feasibility and applicable scenarios of time-frequency characteristics based multi-channel fusion leakage detection by examining the relationship between multiple factors such as frequency information leakage density, signal-to-noise ratio, dimension, etc and the number of measures required to detect. The experimental results show that the false positive rate of the new method proposed in this paper is reduced by 99.33%-99.97% compared with the existing detection methods when the number of sampling points is the same. In the case of specific test, compared with the existing detection methods, the number of measures required to detect by the new method in this paper is reduced by 15%-52%. In the case of non-specific test, compared with the existing detection methods, the number of measures required to detect by the new method in this paper is reduced by 29%-64%.

Key words: cryptographic device side channel analysis leakage detection time-frequency characteristics multi-channel fusion