Abstract: As the side channel attacks diversification, the crypto-chip safety risk assessment and select optimal attack and defense tactics become the present study blind spot on many side channel leak conditions. In view of many side channel leaks, from the side channel information leak angle, using the information entropy to quantitative side channel information of the crypto-chip, mutual information as safety risk measure, a hierarchy-based risk evaluation model is presented. This model uses “bottom-up, first local then the whole” analysis method, divides the different of side channel leak and attack, and uses mutual information as the quantitative indexes of side channel leaks risk, evaluates safety risk effectively through the fuzzy comprehensive analysis method.

Key words: side-channel attack, risk assessment, risk quantitative, evaluation model, hierarchy

摘要： 随着攻击的多元化发展，在多种泄露条件下，密码芯片的安全风险评估问题以及优化的攻防策略选择问题成为目前研究盲点。针对多种泄露，从信息泄露的角度出发，利用信息熵对密码芯片的信息进行量化，并将互信息作为安全风险的衡量指标，提出了一种基于层次化的风险评估模型。该模型采用“自下而上，先局部后整体”的分析方法，将不同类型的泄露和攻击方法进行划分，并将互信息作为泄露风险的量化指标，通过模糊综合分析方法对安全风险进行有效的评估。

关键词: 侧信道攻击, 风险评估, 风险量化, 评估模型, 层次化