无线传感网（WSN）应用在很多高安全场合中如军事应用，其安全性非常重要，但是WSN节点又很容易受到功耗攻击等侧信道攻击的危害。因此，WSN节点中的密码算法的实现需要增加抗侧信道攻击措施。WSN节点的一个固有属性就是资源和能量极度受限。但是现有的抗侧信道攻击方案的代价是功耗成倍地增加，安全性带来的消耗与WSN节点的有限的能量是相互矛盾的。本文提出风险感知的动态防护思想，即根据节点安全状态动态调整侧信道防护模式和密钥更新频率，这样可以极大地降低节点平均功耗。其核心技术是侧信道风险的实时在线监测。本文面向分组密码算法分别提出了依据受到侧信道攻击的可能性与依据侧信道攻击的成功率的两种风险监测和预警方法，并对其有效性进行了实验评估。本文提出的第一种监测方法是基于明文分布异常的侧信道攻击检测。通过对攻击者的平均成功率与明文分布之间关系的数学推导得出了攻击采用的明文为均匀分布时，其攻击平均成功率最大；而与均匀分布距离较大的分布通常会带来平均成功率的降低。通过实验得到平均成功率负相关于明文分布与均匀分布之间的Cramer-von-Mises统计距离。而WSN节点加密的数据来自于实际的物理信号，其往往不是均匀分布。本文分析并验证了上述统计距离用于攻击检测时能检测第一轮攻击，其漏警率为0，但不能检测最后一轮的攻击；得出了对于攻击者而言，如果不能控制输入明文，那么攻击分组密码算法的最后一轮成功率更高。本文提出的第二种监测方法是基于敏感特征的侧信道攻击成功率评估。通过对相关功耗分析的成功率公式的推导，成功率完全由正确密钥的估计功耗值的校正平方和决定。本文利用该校正平方和来监测节点的侧信道攻击风险，通过AES的ASIC和FPGA两种实现进行实际攻击验证，得到漏警率、虚警率和正确检测率分别为0，7.06%，92.94%和0，16.25%，83.75%。本文对该监测量的硬件实现提出了优化算法和低开销的电路结构，在SMIC65nm的工艺下，得到在不影响标准AES的性能情况下，监测器的面积和功耗小于标准AES的面积和功耗的一半。本文把第二种监测方法集成到已有的泄漏弹性方案中，实验结果得出，带风险监测的泄露弹性方案相比原始方案面积增加了53.75%，本地的密钥更新模块的能耗降低了36.8%，通信开销降低了80%。验证了风险监测能够极大的降低WSN节点的不必要的侧信道防护能耗。

Security is a critical issue in many applications of WSN such as military applications, yet WSN nodes are vulnerable to side-channel analysis such as power analysis. Hence, the implementation of cryptographic algorithm in WSN nodes should be protected by side-channel countermeasures. WSN nodes share one inherent property, extremely limited resource and energy. However, implementation of all proposed countermeasures multiplies the power, the cost of security is contradictory to the limited energy of WSN nodes. This paper proposes the concept of dynamic defense based on risk awareness, whose principle is adjusting dynamically the strength of countermeasures and the frequency of key updating according to the secure state of nodes, then the average power consumed by the node will decrease dramatically. The key technology of dynamic defense is the real-time and on-the-fly monitoring of side-channel risk. This paper proposes two side-channel risk monitoring and alarming methods for block cipher and evaluates their effectiveness experimentally, one is based on the probability of being attacked and the other is based on the attacker’s success rate of the key. The first proposed monitoring method is side-channel attack detection based on the abnormality of plaintext’s distribution. Through mathematical analysis of the relationship between the distribution of plaintext and the average attack success rate, this paper concludes that the average attack success rate reaches the maximum if the exploited plaintext obeys the uniform distribution and plaintext following non-uniform distribution will lead to the decrease of average success rate. The experiment results show that the average success rate is negatively related to the Cramer-von-Mises test between the distribution of plaintext and the uniform distribution. Since the data manipulated by WSN nodes comes from natural physical signals, the distribution of plaintext will follow their natural properties, in all probability instead of being uniformly random when they are encrypted by the security module. This paper analyzes and verifies that the monitor could be used to detect the attack targeting the first round with missing alarm rate 0, but it isn’t fit for the attack targeting the last round. And this paper arrives at a conclusion that as to the attacker, attacking the last round will be more effective if the attacker cannot manipulate the plaintext.The second proposed monitoring method is the evaluation of side-channel attack success rate based on the feature of sensitive variable. By mathematical derivation of the attack success rate of correlation power analysis (CPA), it’s concluded that the success rate is determined by the corrected sum of squares of the hypothetical power value corresponding to the correct key. This paper exploits the corrected sum of squares as the monitor to evaluate the side-channel risk of the nodes and validates the effectiveness of the monitor through actual attack experiments of ASIC AES and FPGA AES. The missing alarm rate, false alarm rate and detection rate of ASIC AES and FPGA AES are 0, 7.06%, 92.94% and 0, 16.25%, 83.75% respectively. Moreover, this paper proposes an optimized algorithm for the monitor’s hardware implementation and a circuit structure in low overhead. The synthesis result in SMIC 65nm shows that the area and power of the monitor is less than half the area and power of standard AES without any performance loss. Finally, this paper realized a dynamic defense scheme by integrating the second monitoring method into an existing leakage resilient scheme. The result shows that the area of leakage resilient scheme with risk monitor increases by 53.75%, while the average power of local key-updating reduces by 36.8% and the communication overhead of involved parties decreases by 80%, implying that the risk-monitoring method can be used to reduce the unnecessary protection energy of WSN nodes dramatically.