[go: up one dir, main page]

CN118540155A - Method, system and storage medium for detecting algorithm security of password encryption card - Google Patents

Method, system and storage medium for detecting algorithm security of password encryption card Download PDF

Info

Publication number
CN118540155A
CN118540155A CN202410985641.0A CN202410985641A CN118540155A CN 118540155 A CN118540155 A CN 118540155A CN 202410985641 A CN202410985641 A CN 202410985641A CN 118540155 A CN118540155 A CN 118540155A
Authority
CN
China
Prior art keywords
ciphertext
interface
signature
test
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410985641.0A
Other languages
Chinese (zh)
Other versions
CN118540155B (en
Inventor
李曦灏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Quantum Technology Co ltd
Original Assignee
China Telecom Quantum Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Quantum Technology Co ltd filed Critical China Telecom Quantum Technology Co ltd
Priority to CN202410985641.0A priority Critical patent/CN118540155B/en
Publication of CN118540155A publication Critical patent/CN118540155A/en
Application granted granted Critical
Publication of CN118540155B publication Critical patent/CN118540155B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an algorithm security detection method, a system and a storage medium of a password encryption card, wherein the method comprises the steps of receiving a first ciphertext and a second ciphertext output by the encryption card, wherein the first ciphertext is obtained by encrypting a known plaintext message, and the second ciphertext is obtained by encrypting an attacked target; setting a random private key value, wherein key reuse exists, and judging whether the second ciphertext can be restored to an attacked target according to the known plaintext message and the first ciphertext; if yes, determining that the security detection result of the encryption card algorithm is that the security risk exists; if not, determining that the security detection result of the encryption card algorithm is normal; the invention can realize the security detection of the algorithm of the encryption card.

Description

Method, system and storage medium for detecting algorithm security of password encryption card
Technical Field
The invention relates to the technical field of information security, in particular to an algorithm security detection method, an algorithm security detection system and a storage medium of a password encryption card.
Background
The commercial cryptographic card is a hardware device for providing commercial cryptographic services, and generally has functions of generating, storing and managing digital keys, performing encryption and decryption operations, providing digital signatures and authentication, and the like. The encryption card is an infrastructure for constructing a security system and can be integrated into information security equipment by means of a built-in or plug-in card and the like.
The security detection of the encryption card is a test method for ensuring that the card can continuously, safely and effectively protect channels and data. The detection content involves: cryptographic function detection, physical security testing, protocol implementation testing, authentication and authorization, etc.
During the type selection or production of the whole equipment, the encryption card testing link usually focuses on functional indexes such as algorithm correctness, interface performance, pressure testing performance and the like. As a basis for the whole cryptographic security system, the algorithm security detection implemented by the encryption card itself is often ignored, mainly for the following reasons:
(1) Limited to test interfaces of the cryptographic card vendor, which typically contain only algorithmic correctness and performance related content.
(2) The testers lack test experience and tools to detect the safety of the algorithm.
(3) The authentication process of the cryptographic module is based on compliance detection.
(4) It is difficult to find out the problem from the callback result, and whether the hardware safely realizes the algorithm or not needs to be verified through a formula.
In the related art, a performance test method of a cryptographic device is proposed in a patent application document with publication number CN114244503a, and the scheme only performs "correctness" verification on an algorithm interface of an encryption card, and does not perform verification on security of an algorithm implemented by the encryption card itself. In the patent application document with publication number CN115525564a, a method for testing a kernel-mode driver interface of a PCIe cryptographic card is proposed, where the method is aimed at functional testing of a server cryptographic machine, but not for functional testing of an encryption card, and no security verification is performed for a hardware algorithm. In the literature 'research on key technology based on PCI-E high-performance password card, the master thesis, li Ming' proposes whether the random number quality is balanced, namely whether the occurrence probabilities of 0 and 1 are balanced or not, but only whether the probabilities of 0 and 1 are met or not is detected, and the randomness of the sequence cannot be completely proved.
Disclosure of Invention
The technical problem to be solved by the invention is how to realize the security detection of the algorithm realized by the encryption card.
The invention solves the technical problems by the following technical means:
the invention provides an algorithm security detection method of a password encryption card, which comprises the following steps:
Receiving a first ciphertext and a second ciphertext output by an encryption card, wherein the first ciphertext is obtained by encrypting a known plaintext message, and the second ciphertext is obtained by encrypting an attacked target;
Setting random private key value to have key reuse, judging whether the second ciphertext can be restored to plaintext according to the plaintext message and the first ciphertext
If yes, determining that the security detection result of the encryption card algorithm is that the security risk exists;
if not, determining that the security detection result of the encryption card algorithm is normal.
Further, the setting the random private key value to have key reuse, determining whether the second ciphertext can be restored to the target under attack according to the plaintext message and the first ciphertext includes:
Determining a ciphertext fragment containing plaintext information in the first ciphertext and a ciphertext fragment containing plaintext information in the second ciphertext based on a random private key value and an encrypted public key;
According to the plaintext message, the ciphertext fragment containing the plaintext information in the first ciphertext and the ciphertext fragment containing the plaintext information in the second ciphertext, adopting a plaintext reduction function to try to reduce the plaintext corresponding to the second ciphertext, wherein the plaintext reduction function is as follows:
in the method, in the process of the invention, Representing the fact that the plaintext is to be broken,The message in the clear text is represented by,A ciphertext fragment representing the first ciphertext comprising plaintext information,And representing ciphertext fragments containing plaintext information in the second ciphertext.
Further, the method further comprises:
receiving a first signature value and a second signature value which are output by an encryption card, wherein the first signature value and the second signature value are obtained by signing two known groups of plaintext messages respectively;
Setting a random private key value, wherein the random private key value has key reuse, and judging whether the signature private key can be successfully restored according to the first signature value and the second signature value;
If yes, determining that the algorithm security detection result of the encryption card is that security risks exist;
If not, determining that the algorithm security detection result of the encryption card is normal.
Further, the setting the random private key value has key reuse, and determining whether the signature private key can be successfully restored according to the first signature value and the second signature value includes:
and according to the first signature value and the second signature value, adopting a private key restoring function to try to restore a signature private key, wherein the private key restoring function is as follows:
in the method, in the process of the invention, Representing the restored private key of the signature,Representing the value of the first signature in question,Representing the second signature value;
Calculating the deduction result of the public signature key according to the restored private signature key In deriving the public key of the signatureWith the true public signature keyWhen the signature private key is equal, the signature private key is successfully restored.
Further, the method further comprises:
Traversing key management and algorithm interfaces in the API function interfaces of the encryption card, and adding the interface names of the key management and algorithm interfaces with hook function records to the detection list file along with the corresponding hook functions;
When the detection list file is empty, directly outputting a test result, otherwise, calling a random number generation interface of the API to acquire data with a set size and transmitting the data to a random number sieve function to obtain each detection result of the random number sieve function;
Generating a section of random plaintext message M;
The message M is circularly encrypted N times, and each ciphertext is recorded Segment content to detection list file;
for detecting ciphertext in list file Performing duplicate removal operation on the segment content, and modifying the return value of the hook function;
And detecting the safety of the API function interface according to the number of times of hook function recording, each detection result of the random number sieve function and whether repetition exists in the deduplication operation.
Further, the detecting the security of the API function interface according to the number of times of the hook function recording, each detection result of the random number sieve function, and whether the duplication removing operation is repeated, includes:
When the number of times of hook function recording is zero, judging that the interface state of the API function is normal;
when the number of times of hook function recording is non-zero and each detection result of the random number sieve function has no failed item and the deduplication operation has no repetition, judging that the interface state of the API function is low risk;
when the number of times of hook function recording is non-zero and each detection result of the random number sieve function has failed items and the deduplication operation is not repeated, judging that the interface state of the API function is medium risk;
And when the number of times of the hook function record is non-zero and each detection result of the random number sieve function has failed items and the deduplication operation is repeated, judging that the interface state of the API function is high risk.
Further, the method further comprises:
Detecting the compliance of the interface according to the requirement of the password equipment application interface specification GM/T0018-2012, wherein the interface type for compliance detection comprises an equipment management interface, a key management interface, an asymmetric algorithm interface, a symmetric algorithm interface, a hash algorithm interface and a file operation interface;
And when at least one type of interface call fails or does not exist in the interface types of the compliance detection, judging that the password card interface is not compliant.
Further, the method further comprises:
Calling a random number generation interface of the encryption card, and collecting random sequence files with set sizes;
creating a test thread to test a random sequence file, wherein the test items comprise a poker algorithm test item, a frequency test item, a block frequency test item, an overlapping template matching test item, a total number of runs test item, a run distribution test item, a fast inner maximum run Cheng Ceshi item, a binary derivation test item, an autocorrelation test item, an accumulation and test item, an approximate entropy test item, a discrete Fourier transform test item, a matrix rank test item, a linear complexity test item and a compression test item;
and detecting random number compliance according to the test results of the test items.
In addition, the invention also provides an algorithm security detection system of the password encryption card, which comprises: the system comprises a container manager, a test container and an encryption card driving module, wherein the container manager is used for providing a running environment of the test container mirror image and commanding a running daemon to the test container through unshare;
the test container comprises a random private key detection container comprising an encryption test module, wherein:
The encryption test module is used for determining that the encryption card has a security risk when the encryption test module sets that a random private key value has a key reuse and can restore a second ciphertext into a plaintext according to a plaintext message and a first ciphertext output by the encryption card, wherein the first ciphertext is obtained by encrypting a known plaintext message, and the second ciphertext is obtained by encrypting an attacked target.
Further, the random private key detection container further comprises a signature test module, wherein the signature test module is used for determining that the encryption card has a security risk when the random private key value is set to have key reuse and the signature private key can be successfully restored according to a first signature value and a second signature value output by the encryption card, and the first signature value and the second signature value are obtained by respectively signing two groups of known plaintext messages.
Further, the encryption test module is used for restoring the plaintext of the second ciphertext by adopting a plaintext restoring function;
The plaintext reduction function is:
in the method, in the process of the invention, Representing the fact that the plaintext is to be broken,The message in the clear text is represented by,A ciphertext fragment representing the first ciphertext comprising plaintext information,And representing ciphertext fragments containing plaintext information in the second ciphertext.
Further, the signature test module is used for restoring the signature private key by adopting a private key restoring function;
the private key reduction function is:
in the method, in the process of the invention, Representing the restored private key of the signature,Representing the value of the first signature in question,Representing the second signature value.
Further, the test container further comprises an API security detection container, wherein the API security detection container comprises an API security detection program, a security detection library and a hook function library, and the API security detection program is used for calling an asymmetric algorithm interface of the encryption card and recording a tracking call interface of the API by using the security detection library when loading;
the hook function library is used for carrying out hook operation on the basic function and modifying the return value of the hook function so that the return value has a characteristic rule.
Further, the test container further comprises a compliance test container comprising an interface test module and a random number abstraction test module, wherein:
The interface testing module is used for detecting the compliance of the interface according to the requirements of the password equipment application interface specification GM/T0018-2012, wherein the interface types for compliance detection comprise equipment management type interfaces, key management type interfaces, asymmetric algorithm type interfaces, symmetric algorithm type interfaces, hash algorithm type interfaces and file operation type interfaces; and when at least one type of interface call fails or does not exist in the interface types of the compliance detection, judging that the password card interface is not compliant.
The random number abstract test module is used for calling a random number generation interface of the encryption card, extracting a random number sequence with a set size, and carrying out quality detection on the random number sequence according to the requirement of the password product random number detection requirement GM/T0062-2018.
Further, the test container includes a random private key detection container, an API security detection container, and a compliance test container, in which an encryption card API interface library is provided, where the encryption card API interface library is used to provide a cryptographic service interface.
Furthermore, the present invention also proposes a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method for detecting the algorithmic security of a cryptographic card as described above.
The invention has the advantages that:
(1) When a plurality of groups of ciphertexts output by the encryption card are received, assuming that the random private key value has key reuse, the ciphertexts can be directly restored to plaintext under the condition that the encryption private key is not available, namely the receiver private key, if the ciphertext is successfully restored, the random private key of the encryption card is represented as a non-random entropy value, and the encryption card has security risk; the invention realizes the encryption security detection of the asymmetric algorithm and detects whether the asymmetric algorithm realized by the encryption card has security risk.
(2) When a plurality of groups of signature values output by the encryption card are received, assuming that the random private key value has key reuse, the signature private key can be directly calculated under the condition that only the signature value and the signature public key are adopted, if the signature private key is successfully restored, the random private key of the encryption card is a non-random entropy value, and the encryption card has serious security holes; the invention realizes the signature security detection of the asymmetric algorithm.
(3) And performing vulnerability test on the API dynamic library matched with the encryption card by a detection method based on a hook function.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 is a flow chart of an algorithm security detection method for a cryptographic card according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an algorithm security detection system for a cryptographic card according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described in the following in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
As shown in fig. 1, a first embodiment of the present invention proposes an algorithm security detection method for a cryptographic card, the method comprising the steps of:
s10, receiving a first ciphertext and a second ciphertext output by an encryption card, wherein the first ciphertext is obtained by encrypting a known plaintext message, and the second ciphertext is obtained by encrypting an attacked target;
S20, setting a random private key value to have key reuse, judging whether the second ciphertext can be restored to an attacked target according to the plaintext message and the first ciphertext, if so, executing a step S30, and if not, executing a step S40;
S30, determining that a security detection result of the encryption card algorithm is that a security risk exists;
S40, determining that the security detection result of the encryption card algorithm is normal.
In this embodiment, the encryption card is used as the sender and the detection system is used as the receiver, so that the data encryption means that the sender uses the encryption public key of the receiverAfter encryption, the ciphertext is sent to the receiver, and the receiver uses the encryption private key of the receiverDecrypting the ciphertext; the data signature means that the sender uses the private key of the signatureAfter signing, the signature value is sent to the receiver, and the receiver uses the signature public key of the senderThe signature value can be decrypted. When several groups of ciphertexts output by the encryption card are received, the random private key value can be set as a fixed value without the encryption private key assuming that the random private key value has key reuseThe cipher text is directly restored to the plaintext under the condition of the private key of the receiver, if the cipher text is successfully restored, the random private key of the encryption card is represented to be a non-random entropy value, and the encryption card has security risks.
As a further preferable embodiment, the step S20: setting a random private key value to have key reuse, judging whether the second ciphertext can be restored to an attacked target according to the plaintext message and the first ciphertext, and comprising the following steps:
Determining a ciphertext fragment containing plaintext information in the first ciphertext and a ciphertext fragment containing plaintext information in the second ciphertext based on a random private key value and an encrypted public key;
And according to the plaintext message, the ciphertext fragment containing the plaintext information in the first ciphertext and the ciphertext fragment containing the plaintext information in the second ciphertext, adopting a plaintext reduction function to try to reduce the plaintext corresponding to the second ciphertext. Wherein, the plaintext reduction function is:
in the method, in the process of the invention, Representing the fact that the plaintext is to be broken,Representing the plaintext message as known,A ciphertext fragment representing the first ciphertext comprising plaintext information,Ciphertext fragment representing the second ciphertext comprising plaintext information
Further, two groups of plaintext messages are arranged,) In which the plaintext messageClear text messages are knownFor the attacked target, two groups of plaintext messages,) Incoming encryption cardThe algorithm performs encryption processing, and the callback can obtain a first ciphertext corresponding to the plaintext message,,) Plaintext messageCorresponding second ciphertext,,):
)-->(,,
)-->(,,
Comparing ciphertext fragments in the first ciphertext sequence and the second ciphertext sequence, respectively, assuming that the random private key value k is a constant value (i.e., the random private key value is reused),For encrypting the public key, i.e. the public key of the receiver, then one of the ciphertext fragment in the first ciphertext sequence and the ciphertext fragment in the second ciphertext sequenceIs equal to the number of times it is,Representing a random private keyPublic key with receiverThe result of the dot product between them,Derived keysEncrypting the plaintext message to obtainThe content of the segment.
Since both ciphertext segments are using the recipient's public keyEncryption when it occursWhen the value is re-used, the two encryption processes are usedThe values are equal, e.gAnd (3) withIn (a)Is equal to:
in the method, in the process of the invention, Representation of plaintextWhen encryptingThe value of the sum of the values,Representation of plaintextWhen encryptingValues.
Then according toEvaluation formula of'XorM ", obtainable by:
Deducing The reduction function of (2) is:
it should be noted that, in this embodiment, when restoring ciphertext corresponding to an attacked target, only ciphertext fragments containing plaintext information need to be cracked, for example, when adopting When the algorithm encrypts a plaintext message, the obtained ciphertext comprises three ciphertext fragmentsWherein the fragmentsContains plaintext information.
As a further preferred technical solution, the method further comprises the steps of:
S1, receiving a first signature value and a second signature value which are output by an encryption card, wherein the first signature value and the second signature value are obtained by signing two known groups of plaintext messages respectively;
s2, setting a random private key value to have key reuse, judging whether the signature private key can be successfully restored according to the first signature value and the second signature value, if so, executing the step S3, and if not, executing the step S4;
S3, determining that an algorithm security detection result of the encryption card is that security risks exist;
S4, determining that the algorithm security detection result of the encryption card is normal.
It should be noted that, when receiving several sets of signature values output by the encryption card, it is assumed that there is key reuse of the random private key value, and only the signature value and the signature public key can be usedDirectly calculating the signature private key under the condition of (1)If the private key is signedIf the encryption card is successfully restored, the random private key of the encryption card is a non-random entropy value, and the encryption card has serious security holes; the invention realizes the encryption security detection of the asymmetric algorithm and the signature security detection of the asymmetric algorithm, and detects whether the asymmetric algorithm realized by the encryption card has security risk or not.
As a further preferable technical solution, in the step S2, a random private key value is set to have a key reuse, and it is determined whether the private signature key can be successfully restored according to the first signature value and the second signature value, including the following steps:
and successfully restoring the signature private key by adopting a private key restoring function according to the first signature value and the second signature value, wherein the private key restoring function is as follows:
in the method, in the process of the invention, Representing the restored private key of the signature,Representing the value of the first signature in question,Representing the value of the second signature in question,AndRepresenting a portion of a signature, incorporating a private keyRandom private keyThe information of the value is calculated and obtained,AndRepresenting a portion of a signature, a hash value through a message and an elliptic curve point abscissaCalculating to obtain;
s32, calculating the deduction result of the signature public key according to the restored signature private key In deriving the public key of the signatureWith the true public signature keyWhen the security risk is equal, the security risk of the encryption card is determined.
Further, two groups of plaintext messages are arranged,) Obtaining two sets of signature valuesAndAssume that a private signature key within an encryption cardFor attack target, setting random private key value asIn the formula of the signature algorithm,The evaluation was:
in the method, in the process of the invention, Representing the order of elliptic curves, e.g. inIn the algorithmThe value is a 256-bit constant (prime number).
In the clear text messageAccording to the signature value in the calculation process of the signature value of (1)Calculated to obtainIn plain text messageAccording to the signature value in the calculation process of the signature value of (1)Calculated to obtain. Assuming a random private key valueThere is key reuse, i.eThe signature private key can be directly calculated under the condition that only the signature value and the signature public key are used as fixed values. If the private key is signed in a given test periodAnd if the encryption card is successfully restored, the random private key of the encryption card is a non-random entropy value, and the encryption card has serious security holes.
Setting random private key valueIs a fixed value, will firstThe evaluation formula of (c) is transformed into:
When (when) When the values are heavy, the following equation is obtained:
After the equation is transformed, the private key reduction function can be obtained as follows:
Further preferable technical scheme, the method further comprises the following steps of And a security detection step of the function interface:
Traversing encryption card The key management and algorithm interface in the function interface adds the interface name of the key management and algorithm interface with the hook function record output and the corresponding hook function to the detection list file;
when the list file is detected to be empty, directly outputting a test result, otherwise, calling The random number interface is used for collecting data with a set size and transmitting the data to the random number sieve function to obtain each detection result of the random number sieve function;
generating a random plaintext message
Loop pair messagePerforming encryptionNext, record each ciphertextSegment content to detection list file;
for detecting ciphertext in list file Performing duplicate removal operation on the segment content, and modifying the return value of the hook function;
According to the number of times of hook function recording, each detection result of random number sieve function and whether duplication eliminating operation exists or not, for The security of the function interface is detected.
It should be noted that, in this embodiment, the encryption card is tracked by the common correlation function of the hook base libraryInterface implementation, observationWhether the related operation of the password and the random number is strictly realized by a hardware encryption card or not, and modifying the return value of the hook function to enable the return value to present regularity or characteristic value, and observing whether the operation is performed on the password or the random number or notThe output of the interface generates security influence to realizeThe security of the function interface is detected. By aligningThe security detection of the function interface means that the cryptographic implementation of the cryptographic card is safer than the cryptographic service interface of the operating system or open source software. The purpose of the test is to ensure the manufacturerOnly the bottom implementation of the encryption card is always invoked during the operation process, and the password-related interface of the operating system is not used. By performing the hooking operation in a soft implementation of the operating system and open source software running in the container,If the soft implementation interfaces are called, the record is triggered when the soft implementation interfaces are called, and the judgment can be carried out through the recordWhether the cryptographic services of the cryptographic card are strictly executed, not third party software.
As a further preferable technical scheme, the method further comprises the steps of recording the number of times of the hook function, each detection result of the random number sieve function and whether the duplicate removal operation is repeated or notThe security of the function interface is detected, which comprises the following steps:
when the number of times of hook function recording is zero, determining The function interface is in a normal state;
When the number of times of the hook function record is non-zero and each detection result of the random number sieve function has no failed item and the deduplication operation has no repetition, judging The function interface state is low risk;
when the number of times of the hook function record is non-zero and each detection result of the random number sieve function has a failed item and the deduplication operation is not repeated, judging The function interface state is medium risk;
When the number of times of the hook function record is non-zero and each detection result of the random number sieve function has failed items and the deduplication operation is repeated, judging The function interface state is a high risk.
As a further preferable technical solution, the method further includes the step of detecting compliance of the encryption card interface:
detecting the compliance of the interface according to the requirement of the password equipment application interface specification GM/T0018-2012, wherein the interface type for compliance detection comprises an equipment management interface, a key management interface, an asymmetric algorithm interface, a symmetric algorithm interface, a hash algorithm interface and a file operation interface; and when at least one type of interface call fails or does not exist in the interface types of the compliance detection, judging that the password card interface is not compliant.
It should be noted that, since the encryption card is the basis of the security service, all security devices using the cryptographic function follow the "code device application interface Specification GM/T0018-2012" to design their own upper layer code interface call, and then must verify the vendor providedCompletely meets the standard and can be normally executed.
The embodiment realizes the verification of the compliance and the correctness of the service interface of the encryption card according to the interface definition of equipment management, key management, algorithms (asymmetric, symmetric and hash algorithms) and file operation described in the password equipment application interface specification GM/T0018-2012.
As a further preferable technical solution, the method further includes a step of random number compliance detection:
Calling a random number generation interface of the encryption card, and collecting random sequence files with set sizes;
creating a test thread to test a random sequence file, wherein the test items comprise a poker algorithm test item, a frequency test item, a block frequency test item, an overlapping template matching test item, a total number of runs test item, a run distribution test item, a fast inner maximum run Cheng Ceshi item, a binary derivation test item, an autocorrelation test item, an accumulation and test item, an approximate entropy test item, a discrete Fourier transform test item, a matrix rank test item, a linear complexity test item and a compression test item;
and detecting random number compliance according to the test results of the test items.
The embodiment realizes the detection of the quality of the random number according to the E-class product described in the password product random number detection requirement GM/T0062-2018, accurately converts a mathematical formula related to a use case into a code flow, comprehensively judges the quality of the random number from a plurality of test results such as distribution, autocorrelation, run length, compression and the like, and judges the quality of a random number sequence generated in a password card more strictly and judges the result more accurately.
In addition, as shown in fig. 2, a second embodiment of the present invention proposes an algorithm security detection system of a cryptographic card, the system comprising: the system comprises a container manager, a test container and an encryption card driving module, wherein the container manager is used for providing a running environment of the test container mirror image and commanding a running daemon to the test container through unshare;
the test container comprises a random private key detection container comprising an encryption test module, wherein:
the encryption test module is used for determining that the encryption card has a security risk when the encryption test module sets that a random private key value has a key reuse and can restore a second ciphertext into a plaintext according to a plaintext message and a first ciphertext output by the encryption card, wherein the first ciphertext is obtained by encrypting a known plaintext message, and the second ciphertext is obtained by encrypting an attacked target.
As a further preferable technical scheme, the random private key detection container further comprises a signature test module, wherein the signature test module is used for determining that the encryption card has a security risk when the random private key value is set to have key reuse and the signature private key can be successfully restored according to a first signature value and a second signature value output by the encryption card, and the first signature value and the second signature value are obtained by respectively signing two groups of known plaintext messages.
Further, the encryption card driving module comprises VFIO driving framework and an encryption card driving group, and is used for driving the encryption card to carry out encryption processing.
The container manager can be used for managing daemon processes to realize operations of creating, starting, stopping and the like of the test container for the encrypted card. The method can be used for managing the client, and is communicated with the daemon through the REST API, so that a user can control the test container. For managing unshare commands, running daemons into independent test containers, isolating the host system from the test resources.
As a further preferable technical scheme, the encryption test module is configured to restore plaintext of the second ciphertext by using a plaintext restoration function;
The plaintext reduction function is:
in the method, in the process of the invention, Representing the fact that the plaintext is to be broken,The message in the clear text is represented by,A ciphertext fragment representing the first ciphertext comprising plaintext information,And representing ciphertext fragments containing plaintext information in the second ciphertext.
The encryption test module is used for attempting plaintext cracking on the ciphertext output by the plurality of groups of collected encryption cards under the condition that no receiver private key exists, so as to realize encryption security detection on the asymmetric algorithm.
As a further preferable technical scheme, the signature test module is configured to restore the signature private key by using a private key restoration function;
the private key reduction function is:
in the method, in the process of the invention, Representing the restored private key of the signature,Representing the value of the first signature in question,Representing the second signature value.
The signature test module is used for generating an asymmetric key, collecting encryption and signature results output by a plurality of groups of encryption cards, observing whether the encryption results have regularity, if so, deducing a signature private key by using a signature value, verifying whether the deduced value is the signature private key through a G point, and realizing signature security detection of an asymmetric algorithm. The derivation processes of the plaintext reduction function and the private key reduction function are described in the above method embodiments, and are not described herein.
As a further preferable technical scheme, the test container further comprisesA safety inspection container, saidThe safety detection container comprisesSafety detection program, safety detection library and hook function library, whereinThe security detection program is used for calling the asymmetric algorithm interface of the encryption card and using the security detection library record when loadingIs used for tracking and calling interfaces; the hooking function library is used for hooking the basic function and modifying the return value of the hooking function so that the return value is a constant or a regular range value.
As a further preferred technical solution, the test container further comprises a compliance test container, the compliance test container comprises an interface test module and a random number abstraction test module, wherein:
The interface testing module is used for detecting the compliance of the interface according to the requirements of the password equipment application interface specification GM/T0018-2012, wherein the interface types for compliance detection comprise equipment management type interfaces, key management type interfaces, asymmetric algorithm type interfaces, symmetric algorithm type interfaces, hash algorithm type interfaces and file operation type interfaces; and when at least one type of interface call fails or does not exist in the interface types of the compliance detection, judging that the password card interface is not compliant.
The random number abstract test module is used for calling a random number generation interface of the encryption card, extracting a random number sequence with a set size, and carrying out quality detection on the random number sequence according to the requirement of the password product random number detection requirement GM/T0062-2018.
As a further preferable technical scheme, the test container comprises a random private key detection container,The security detection container and the compliance test container are provided with encryption cardsInterface library, the said encryption cardThe interface library is used for providing a password service interface.
As a further preferable technical scheme, the test container comprises a random private key detection container,The safety detection container and the compliance testing container are provided with a base library.
It should be noted that, in both the operating system and the open source software, there are software implementations that provide basic cryptographic algorithms, and these implementations are integrated into the operating system by way of a base software library, where the base library is used to provide cryptographic service interfaces for various upper-layer applications, and its operation process is executed on a local CPU and a memory.
Specifically, after the encryption card is inserted into the detection system, the process of detecting the security of the encryption card by using the detection system includes:
(1) Asymmetric algorithm encryption security detection
A1: and (3) calling a management interface of the detection system, checking whether the encryption card is in place or not, if so, executing the step a2, otherwise, terminating the detection flow.
A2: creating plaintext messagesInvoking an encryption cardEncryption interface for plaintext messageEncrypting to obtain ciphertext
A3: starting loop execution of the asymmetric algorithm detection sub-flow (100000 times default):
a3-1: randomly generating 128-byte character string recorded as message plaintext
A3-2: invoking encryption cardsEncryption interface for message plaintextEncrypting to obtain ciphertext
A3-3: comparing ciphertextAnd (3) withIn a sequence ofIf the values are the same, skipping to a process a3-4; otherwise, jump to a3-1.
A3-4: message is sent to the clientCiphertext ofAnd (3) withA kind of electronic deviceThe segment is transmitted into a plaintext reduction formula function to return to the cracked plaintext
A3-5: recording the circulation value, time stamp and message plaintextCracking plaintextTo the test log.
A4: and (5) after the circulation is finished, printing an encryption security detection test result.
The encryption security of the asymmetric algorithm is judged according to the encryption security detection test result as shown in table 1:
table 1 asymmetric algorithm encryption security test results
N' number of recordings Safety detection result
0 Normal state
Non-0 value Has serious security hole and is not usable
(2) Asymmetric algorithm signature security detection
B1: and (3) calling a device management interface to check whether the encryption card is in place or not, if so, executing the step (b 2), otherwise, terminating the detection flow.
B2: creating a 32 byte digest message
B3: the loop execution of the asymmetric algorithm detection sub-flow (100000 times by default) is started.
B3-1: invoking encryption cardsSignature interface for obtaining informationIs signed by (a)
B3-2: traversing the signatures in the detection list willAnd (3) with(Non-)) And the result is transferred to a private key restoring function, and the derived private key d' is returned.
B3-3: usingComputing public keysComparison ofWith public keyWhether equal.
B3-4: if not, save signatureTo list, jump to b3-1, if equal, outputAnd exits the loop.
B4: recording time stamp, cyclic value, signatureSignatureTo a log file.
The signature security of the asymmetric algorithm is judged according to the signature security detection test result as shown in table 2:
table 2 signature security test results for asymmetric algorithms
D' record presence Safety detection result
Without any means for Normal state
Has the following components The private key can be deduced, the card has serious security hole and can not be used
(3)Security detection
C1: loading the hook function library into the test process space.
C2: traversingKey management and algorithm (asymmetric/symmetric/hash algorithm) class interfaces.
C2-1: a function call interface is executed.
C2-2: it is checked whether there is a recorded output of the hook function.
C2-3: if there is output, add the interface name to the detection list file with the corresponding hook, otherwise jump to c2-1.
C4: if the list file is detected to be empty, jumping to c11; otherwise, jump to c5.
C5: callingIs used for generating a random number interface and collecting 20MB data.
C6: the data is passed into a random number sieve function.
C7: each test result of the random number screen is printed.
C8: generating a random plaintext message
C9: loop pair messageSM2 encryption (100000 times) is performed, and each ciphertext is recordedSegment content to list.
C10: the list is subjected to a deduplication operation, and a return value is printed.
C11: and printing the test result, and exiting the process.
According toDetermination of safety detection test resultsThe security is shown in table 3:
TABLE 3 API safety test results
The classes of functions in the hook function library are shown in Table 4:
TABLE 4 library of hook functions
(4) Interface compliance detection
And detecting whether the interface form meets the requirements of the password equipment application interface specification GM/T0018-2012, and detecting that the interface form comprises six types of interfaces. Judgment standard: more than one interface call is found to fail or not exist, and the interface is judged to be non-compliant.
The six interfaces are respectively as follows:
And the device management class is used for managing the encryption card device, the operation authority and the session.
And the key management class is used for generating a key pair, importing and exporting the key and performing digital envelope functions.
And the asymmetric algorithm class is used for RSA/ECC operation, signature and verification.
Symmetric algorithm class for symmetric encryption, symmetric decryption and MAC computation.
The hash algorithm is used for a three-section interface of hash operation.
And the file operation class is used for file creation, reading, writing and deleting operations in the encryption card.
(5) Random number compliance detection
The random number detection standard of the cipher device in China is very strict, the embodiment can not meet the requirement by adopting NIST and other general tests, and the random number quality detection should be carried out according to E-class products of the cipher product random number detection requirement GM/T0062-2018.
D1: the encryption card is automatically called to generate a random number interface, and 128MB random sequences are collected.
D2: a random sequence file is entered and a unit test thread is created for each test item.
D3: and executing the test threads in parallel, and recording the test data of each unit.
D4: and (5) testing by an automatic statistics unit, and outputting a detection result.
Judgment standard: if the test sub-items are all disqualified, judging that the test items are disqualified; when the disqualifying term is greater than three, the randomness test determines that it is not passed.
Wherein, the random number unit detection item is shown in table 5:
TABLE 5 random number cell detection term
Test item Detecting content
Frequency testing Random number sequence distribution uniformity was evaluated.
Block frequency testing The probability of 0 and 1 occurrence is calculated.
Overlapping template matching Calculating the ratio of 1 in a block of a given length
Games Cheng Zongshu A given binary template is checked for the number of occurrences in a binary sequence.
Run length distribution The length and number of consecutive occurrences of the same number in the analysis sequence.
Intra block maximum run Detecting whether the length distribution of a run (a segment of consecutive identical numbers) corresponds to the expected distribution of a random sequence
Binary derivation Dividing the sequence into a plurality of blocks, calculating the maximum run of each block, and determining whether the lengths follow the theoretical distribution
Auto-correlation After converting a binary sequence, testing the randomness of the new sequence
Cumulative sum Calculating correlation coefficients between binary sequences and time-delayed sequences
Approximate entropy Calculating the deviation between each value in the sequence and the expected value, and observing the transformation trend of the deviation accumulation
Discrete fourier transform The sequence is partitioned into a plurality of blocks and the number of similar data blocks in the sequence between each block is calculated.
Matrix rank Checking whether the series has periodic characteristics, e.g. whether a particular frequency is present
Linear complexity Constructing a sequence as a matrix, and evaluating randomness of the sequence by calculating rank of the matrix
Compression test Calculating the shortest LFSR length that a given sequence can generate and determining the randomness of the sequence from that value
Frequency testing And using a compression algorithm on the test sequence to calculate the difference between the original file and the compressed file.
The test outputs were as follows:
[12] discrete Fourier (algorithm time-consuming: 1835812 us)
Failure 0 (including recheck 0), qualification rate 100.00%, q value distribution 0.468120. Result YES
[13] Matrix autumn (algorithm time-consuming: 374029 us)
M, q=32, reject 2 (containing recheck 0), yield 97.01%, q value distribution 0,680539, result YES
[14] Maurer statistics (algorithm time consuming: 8601 us)
L= 7,q =1280, reject 1 (containing retest 0), yield 98.51%, q value distribution 0.468120, result YES
[15] Linearity complexity (algorithm time-consuming: 740045 us)
M=500, reject 0 (containing retest 0), yield 100.00%, q value distribution 0.131642. Result YES
M=1000, reject 1 (containing recheck 0), yield 98.51%, q value distribution 0.998785, result YES
Significance level p-value 0.01, q-value distribution 0.0001
Maximum reject number 3 (threshold 3)
Packet bit length 1000000
Effective number is 67
Rechecking number 0
The algorithm is time-consuming to 4419155us
Detection result by
It should be noted that, other embodiments of the algorithm security detection system or the implementation method of the cryptographic card of the present invention may refer to the above method embodiments, and are not repeated here.
In addition, the embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method for detecting the algorithm security of the password encryption card according to the first embodiment is realized.
It should be noted that the logic and/or steps represented in the flowcharts or otherwise described herein, for example, may be considered as a ordered listing of executable instructions for implementing logical functions, and may be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.

Claims (16)

1. An algorithm security detection method for a cryptographic card, the method comprising:
Receiving a first ciphertext and a second ciphertext output by an encryption card, wherein the first ciphertext is obtained by encrypting a known plaintext message, and the second ciphertext is obtained by encrypting an attacked target;
setting a random private key value, wherein key reuse exists, and judging whether the second ciphertext can be restored to an attacked target according to the plaintext message and the first ciphertext;
If yes, determining that the security detection result of the encryption card algorithm is that the security risk exists;
if not, determining that the security detection result of the encryption card algorithm is normal.
2. The method for detecting the algorithmic security of a cryptographic card according to claim 1, wherein the step of determining whether the second ciphertext can be restored to the target under attack based on the plaintext message and the first ciphertext includes:
Determining a ciphertext fragment containing plaintext information in the first ciphertext and a ciphertext fragment containing plaintext information in the second ciphertext based on a random private key value and an encrypted public key;
According to the plaintext message, the ciphertext fragment containing the plaintext information in the first ciphertext and the ciphertext fragment containing the plaintext information in the second ciphertext, adopting a plaintext reduction function to try to reduce the plaintext corresponding to the second ciphertext, wherein the plaintext reduction function is as follows:
in the method, in the process of the invention, Representing the fact that the plaintext is to be broken,Representing the plaintext message as known,A ciphertext fragment representing the first ciphertext comprising plaintext information,And representing ciphertext fragments containing plaintext information in the second ciphertext.
3. The algorithmic security detection method of cryptographic cards according to claim 1, characterized in that it further comprises:
receiving a first signature value and a second signature value which are output by an encryption card, wherein the first signature value and the second signature value are obtained by signing two known groups of plaintext messages respectively;
Setting a random private key value, wherein the random private key value has key reuse, and judging whether the signature private key can be successfully restored according to the first signature value and the second signature value;
If yes, determining that the algorithm security detection result of the encryption card is that security risks exist;
If not, determining that the algorithm security detection result of the encryption card is normal.
4. The method for detecting the algorithmic security of a cryptographic card according to claim 3, wherein the setting of the random private key value with the key reuse, determining whether the signature private key can be successfully restored based on the first signature value and the second signature value, comprises:
and according to the first signature value and the second signature value, adopting a private key restoring function to try to restore a signature private key, wherein the private key restoring function is as follows:
in the method, in the process of the invention, Representing the restored private key of the signature,Representing the value of the first signature in question,Representing the second signature value;
Calculating the deduction result of the public signature key according to the restored private signature key In deriving the public key of the signatureWith the true public signature keyWhen the signature private key is equal, the signature private key is successfully restored.
5. The algorithmic security detection method of cryptographic cards according to claim 1, characterized in that it further comprises:
Traversing key management and algorithm interfaces in the API function interfaces of the encryption card, and adding the interface names of the key management and algorithm interfaces with hook function records to the detection list file along with the corresponding hook functions;
When the detection list file is empty, directly outputting a test result, otherwise, calling a random number generation interface of the API to acquire data with a set size and transmitting the data to a random number sieve function to obtain each detection result of the random number sieve function;
Generating a section of random plaintext message M;
The message M is circularly encrypted N times, and each ciphertext is recorded Segment content to detection list file;
for detecting ciphertext in list file Performing duplicate removal operation on the segment content, and modifying the return value of the hook function;
And detecting the safety of the API function interface according to the number of times of hook function recording, each detection result of the random number sieve function and whether repetition exists in the deduplication operation.
6. The method for detecting the algorithm security of the cryptographic card according to claim 5, wherein the detecting the security of the API function interface according to the number of times of the hook function recording, each detection result of the random number sieve function, and whether the deduplication operation is repeated, comprises:
When the number of times of hook function recording is zero, judging that the interface state of the API function is normal;
when the number of times of hook function recording is non-zero and each detection result of the random number sieve function has no failed item and the deduplication operation has no repetition, judging that the interface state of the API function is low risk;
when the number of times of hook function recording is non-zero and each detection result of the random number sieve function has failed items and the deduplication operation is not repeated, judging that the interface state of the API function is medium risk;
And when the number of times of the hook function record is non-zero and each detection result of the random number sieve function has failed items and the deduplication operation is repeated, judging that the interface state of the API function is high risk.
7. The algorithmic security detection method of cryptographic cards according to claim 1, characterized in that it further comprises:
Detecting the compliance of the interface according to the requirement of the password equipment application interface specification GM/T0018-2012, wherein the interface type for compliance detection comprises an equipment management interface, a key management interface, an asymmetric algorithm interface, a symmetric algorithm interface, a hash algorithm interface and a file operation interface;
And when at least one type of interface call fails or does not exist in the interface types of the compliance detection, judging that the password card interface is not compliant.
8. The algorithmic security detection method of cryptographic cards according to claim 1, characterized in that it further comprises:
Calling a random number generation interface of the encryption card, and collecting random sequence files with set sizes;
creating a test thread to test a random sequence file, wherein the test items comprise a poker algorithm test item, a frequency test item, a block frequency test item, an overlapping template matching test item, a total number of runs test item, a run distribution test item, a fast inner maximum run Cheng Ceshi item, a binary derivation test item, an autocorrelation test item, an accumulation and test item, an approximate entropy test item, a discrete Fourier transform test item, a matrix rank test item, a linear complexity test item and a compression test item;
and detecting random number compliance according to the test results of the test items.
9. An algorithmic security detection system for cryptographic cards, the system comprising: the system comprises a container manager, a test container and an encryption card driving module, wherein the container manager is used for providing a running environment of the test container mirror image and commanding a running daemon to the test container through unshare;
the test container comprises a random private key detection container comprising an encryption test module, wherein:
The encryption test module is used for determining that the encryption card has a security risk when the encryption test module sets that a random private key value has a key reuse and can restore a second ciphertext into a plaintext according to a plaintext message and a first ciphertext output by the encryption card, wherein the first ciphertext is obtained by encrypting a known plaintext message, and the second ciphertext is obtained by encrypting an attacked target.
10. The system for detecting the algorithmic security of a cryptographic card according to claim 9, wherein the random private key detection container further comprises a signature test module, wherein the signature test module is configured to determine that the cryptographic card has a security risk when the random private key value is set to have a key reuse and the signature private key can be successfully restored according to a first signature value and a second signature value output by the cryptographic card, wherein the first signature value and the second signature value are obtained by respectively signing two known sets of plaintext messages.
11. The algorithmic security detection system for cryptographic cards of claim 9, wherein the encryption test module is configured to recover the plaintext of the second ciphertext using a plaintext recovery function;
The plaintext reduction function is:
in the method, in the process of the invention, Representing the fact that the plaintext is to be broken,Representing the plaintext message as known,A ciphertext fragment representing the first ciphertext comprising plaintext information,And representing ciphertext fragments containing plaintext information in the second ciphertext.
12. The algorithmic security detection system for cryptographic cards of claim 10, wherein the signature test module is configured to recover the signature private key using a private key recovery function;
the private key reduction function is:
in the method, in the process of the invention, Representing the restored private key of the signature,Representing the value of the first signature in question,Representing the second signature value.
13. The algorithmic security detection system of cryptographic cards according to claim 9, wherein the test container further comprises an API security detection container comprising an API security detection program, a security detection library and a hooking function library, the API security detection program being for calling an asymmetric algorithmic interface of the cryptographic card and recording a trace call interface of the API using the security detection library when loaded;
the hook function library is used for carrying out hook operation on the basic function and modifying the return value of the hook function so that the return value has a characteristic rule.
14. The algorithmic security detection system of cryptographic cards of claim 9, wherein the test container further comprises a compliance test container comprising an interface test module and a random number abstraction test module, wherein:
The interface testing module is used for detecting the compliance of the interface according to the requirements of the password equipment application interface specification GM/T0018-2012, wherein the interface types for compliance detection comprise equipment management type interfaces, key management type interfaces, asymmetric algorithm type interfaces, symmetric algorithm type interfaces, hash algorithm type interfaces and file operation type interfaces; when at least one type of interface call fails or does not exist in the interface types of the compliance detection, judging that the password card interface is not compliant;
The random number abstract test module is used for calling a random number generation interface of the encryption card, extracting a random number sequence with a set size, and carrying out quality detection on the random number sequence according to the requirement of the password product random number detection requirement GM/T0062-2018.
15. The system for detecting the algorithmic security of a cryptographic card according to claim 9, wherein the test container comprises a random private key detection container, an API security detection container and a compliance test container, and a cryptographic card API interface library is provided in each of the test container and the API interface library is used for providing a cryptographic service interface.
16. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-8.
CN202410985641.0A 2024-07-23 2024-07-23 Method, system and storage medium for detecting algorithm security of password encryption card Active CN118540155B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410985641.0A CN118540155B (en) 2024-07-23 2024-07-23 Method, system and storage medium for detecting algorithm security of password encryption card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410985641.0A CN118540155B (en) 2024-07-23 2024-07-23 Method, system and storage medium for detecting algorithm security of password encryption card

Publications (2)

Publication Number Publication Date
CN118540155A true CN118540155A (en) 2024-08-23
CN118540155B CN118540155B (en) 2024-10-11

Family

ID=92388696

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410985641.0A Active CN118540155B (en) 2024-07-23 2024-07-23 Method, system and storage medium for detecting algorithm security of password encryption card

Country Status (1)

Country Link
CN (1) CN118540155B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963646A (en) * 1997-03-10 1999-10-05 The Pacid Group Secure deterministic encryption key generator system and method
US6965673B1 (en) * 1997-09-19 2005-11-15 Telcordia Technologies, Inc. Method of using transient faults to verify the security of a cryptosystem
CN112039730A (en) * 2020-08-31 2020-12-04 海南大学 An encryption algorithm performance evaluation method and storage medium
CN113285850A (en) * 2021-04-23 2021-08-20 国网上海能源互联网研究院有限公司 Method and system suitable for testing password performance of power distribution safety equipment
CN114070768A (en) * 2021-11-29 2022-02-18 中国工商银行股份有限公司 Test method, test device, computer equipment and storage medium
US20220327046A1 (en) * 2019-07-19 2022-10-13 Nippon Telegraph And Telephone Corporation Testing system, testing method, and testing program
CN115473703A (en) * 2022-08-24 2022-12-13 华南农业大学 Identity-based ciphertext equivalence testing method, device, system and medium for authentication
CN115941299A (en) * 2022-11-24 2023-04-07 国网福建省电力有限公司电力科学研究院 A security detection method for commercial ciphers
CN117014212A (en) * 2023-08-17 2023-11-07 中国银联股份有限公司 Encryption system security test system, method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5963646A (en) * 1997-03-10 1999-10-05 The Pacid Group Secure deterministic encryption key generator system and method
US6965673B1 (en) * 1997-09-19 2005-11-15 Telcordia Technologies, Inc. Method of using transient faults to verify the security of a cryptosystem
US20220327046A1 (en) * 2019-07-19 2022-10-13 Nippon Telegraph And Telephone Corporation Testing system, testing method, and testing program
CN112039730A (en) * 2020-08-31 2020-12-04 海南大学 An encryption algorithm performance evaluation method and storage medium
CN113285850A (en) * 2021-04-23 2021-08-20 国网上海能源互联网研究院有限公司 Method and system suitable for testing password performance of power distribution safety equipment
CN114070768A (en) * 2021-11-29 2022-02-18 中国工商银行股份有限公司 Test method, test device, computer equipment and storage medium
CN115473703A (en) * 2022-08-24 2022-12-13 华南农业大学 Identity-based ciphertext equivalence testing method, device, system and medium for authentication
CN115941299A (en) * 2022-11-24 2023-04-07 国网福建省电力有限公司电力科学研究院 A security detection method for commercial ciphers
CN117014212A (en) * 2023-08-17 2023-11-07 中国银联股份有限公司 Encryption system security test system, method and device

Also Published As

Publication number Publication date
CN118540155B (en) 2024-10-11

Similar Documents

Publication Publication Date Title
CN112637166A (en) Data transmission method, device, terminal and storage medium
US8804954B2 (en) Secure method for reconstructing a reference measurement of a confidential datum on the basis of a noisy measurement of this datum, notably for the generation of cryptographic keys
US11645409B2 (en) Search and access pattern hiding verifiable searchable encryption for distributed settings with malicious servers
CN117353893B (en) Network information security verification method and system based on blockchain technology
JPWO2011077819A1 (en) Verification device, secret information restoration device, verification method, program, and secret sharing system
CN118590227B (en) Sign-on method based on encryption mutual recognition
CN117728947A (en) Digital signature verification method and system based on cryptography
US20200099521A1 (en) Trusted ring
CN119720201B (en) A method and device for processing ransomware virus, and electronic device
CN116996270A (en) Cloud computing-based data transmission safety protection method, system and storage medium
CN111865891B (en) Data transmission method, user terminal, electronic equipment and readable storage medium
CN114329632B (en) A digital signature method, device, terminal equipment and storage medium
CN118540155B (en) Method, system and storage medium for detecting algorithm security of password encryption card
US20240152616A1 (en) Detection of ransomware
CN116418511A (en) A firmware integrity verification method and system for QKD equipment based on national secret algorithm
KR102827225B1 (en) BLOCKCHAIN-BASED IoT NETWORK SECURITY MANAGEMENT SYSTEM AND THE OPERATING METHOD THEREOF
US8422683B2 (en) Appraising systems with zero knowledge proofs
CN1735007A (en) Method and device for generating device authentication key, device authentication method and device
CN111680325A (en) A method and device for adding data
CN115277240A (en) Authentication method and device for Internet of things equipment
Han et al. Sec-Auditor: A Blockchain-Based Data Auditing Solution for Ensuring Integrity and Semantic Correctness.
CN116263815A (en) JWT-based software authorization method
US20200153617A1 (en) Method of verifying integrity of a pair of cryptographic keys and cryptographic device
CN118972061B (en) Key segmentation detection method
Rivera Carranza Large-scale analysis of the security of cryptographic keys

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant