정보보호학회지 (Review of KIISC)

한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지

부채널 공격법과 이의 대응법에 대한 연구 동향

  • 발행 : 2006.08.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

전통적인 암호시스템의 분석방법은 암호 프리미티브들로 구성된 부분을 블랙박스로 생각하고 이들을 구성하는 수학적 함수를 분석하여 이론적인 안전성을 정량화 했다. 그러나 암호 프리미티브가 이론적으로 안전하다고 해도 이들을 적용한 암호시스템을 구축할 때 구현 방법에 따라 비밀정보와 연관된 내부 함수가 실행되면서 연산시간, 소모전력, 전자복사, 오류결과 등의 부가적인 정보를 밖으로 누출하는 경우가 있다. 최근 들어 이런 부채널 정보를 통해 비밀정보를 유추하는 기술이 발전하였는데 시차공격법, 전력분석법, 전자복사 공격법, 오류 공격법, 오류 메시지 공격법 등 여러 가지 공격법이 알려지고 있다. 부채널 공격법을 통해 비밀키 암호 알고리즘, 공개키 암호 알고리즘, 해쉬함수 등을 프리미티브로 사용하여 구현한 암호 메카니즘의 취약점이 분석되었으며, 이를 막을 수 있는 대응법도 다양하게 제안되고 있다. 본 고에서는 부채널 공격법과 이의 대응법에 대한 최근 동향을 살펴본다.

키워드

참고문헌

  1. D. Agrawal, B. Archambeault, J. R. Rao, P. Rohatgi, 'The EM Side-Channel(s)', CHES 2002, LNCS 2523, pp.29-45, 2003
  2. M. Akkar, R. Bevan, P. Dischmp, and D. Moyart, 'Power Analysis, what is now possible...', ASIACRYPT 2000, LNCS 1976, pp.489-502, 2000
  3. M. Akkar, C. Girard, 'An Implemetation of DES and AES, Secure against Some Attacks', CHES 2001, LNCS 2162, pp.309-318, 2001
  4. R. Anderson, Security Engineering: A guide to Building Dependable Distributed Systems, John Wiley & Sons, 2001
  5. R. Anderson, M. Bond, J. Clulow, and S. Skorobogatov, 'Cryptographic Processors-A Survey', Proc. of IEEE, Vol. 94, No.2, pp.357-369, 2005
  6. M. Bellare, P. Rogaway, 'Optimal Asymmetric Encryption', Eurocrypt'94, LNCS 950, pp.92-111, 1994
  7. D. Bleichenbacher, 'Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1', CRYPTO'98, LNCS 1462, pp.1-12, 1998
  8. D. Boneh, R. A. DeMillo, R. J. Lipton, 'On the importance of checking cryptographic protocols for faults', EUROCRYPT'97, LNCS 1233, pp.37-51, 1997
  9. E. Brier, M. Joye, 'Weierstrass Elliptic Curves and Side-Channel Attacks', PKC 2002, LNCS 2274, pp.335-345, 2002
  10. D. Brumley, D. Boneh, 'Remote Timing Attacks are Practical', Proc. of 12th Usenix Security Symposium, 2003
  11. J. Cathalo, F. Koeune, J. J. Quisquater, 'A New Type of Timing Attack: Application to GPS', CHES 2003, LNCS 2779, pp.291-303, 2003
  12. S. Chari, C. Jutla, J. Rao, P. Rohatgi, 'Towards sound approaches to counteract power-analysis attacks', CRYPTO'99, LNCS 1666, pp.398-412, 1999
  13. D. Chaum, 'Blind Signatures for untraceable payments', CRYPTO'82, pp.199-203, 1983
  14. C. Clavier, J. S. Coron, N. Dabbus, 'Differential Power Analysis in the Presence of Hardware Countermeasures', CHES 2002, LNCS 1965, pp.252-263, 2002
  15. J. S. Coron, 'Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems', CHES'99, LNCS 1717, pp.292-302, 1999
  16. J. F. Dhem, F. Koeune, P. A. Leroux, P. Mestre, J. J. Quisquater, J. L. Williems, 'A practical implementation of the timing attack', Proc. of CARDIS 1998, 1998
  17. E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern, 'RSA-OAEP is secure under the RSA assumption', CRYPTO 2001, LNCS 2139, pp.260-274, 2001
  18. C. H. Gebotys, R. H. Gebotys, 'Secure elliptic curve implementations: an analysis of resistance to power-attacks in a DSP processor', CHES 2002, LNCS 2523, pp.114-128, 2003
  19. J. Golic, C. Tymen, 'Multiplicative Masking and Power Analysis of AES', CHES 2002, LNCS 2535, pp.198-212, 2003
  20. L. Goubin, 'A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems', PKC 2003, LNCS 2567, pp.199-211, 2003
  21. L. Goubin, J. Paratin, 'DES and differential power analysis', CHES'99, LNCS 1717, pp.158-172, 1999
  22. M. Hasan, 'Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems', IEEE Trans. on Computers, vol.50, pp.1071-1083, 2001 https://doi.org/10.1109/12.956092
  23. A. Hevia, M. Kiwi, 'Strength of two data encryption standard implementations under timing attacks', ACM Trans. on Information and System Security, Vol. 2, pp.416-437, 1999 https://doi.org/10.1145/330382.330390
  24. M. Joye, J. J. Quisquater, 'Hessian elliptic curve and side-channel attacks', CHES 2001, LNCS 2162, pp.402-410, 2001
  25. M. Joye, C. Tymen, 'Protections against differential analysis for elliptic curve cryptography: An algebraic approach', CHES 2001, LNCS 2162, pp.377-390, 2001
  26. V. Klima, T. Rosa, 'Further results and considerations on side channel attacks on RSA', CHES 2002, LNCS 2523, pp.244-259, 2002
  27. P. Kocher, 'Timing attacks on implementations of Diffie-Hellmann, RSA, DSS, and other systems', Crypto'96, LNCS 1109, pp.104-113, 1996
  28. P. Kocher, J. Jaffe, B. Jun, 'Differential Power Analysis', CRYPTO'99, LNCS 1666, pp.388-397, 1999
  29. M. G. Kuhn, R. J. Anderson, 'Soft tempest: hidden data transmission using electromagnetic emanations', Information Hiding 1998, LNCS 2140, pp.200-210, 2001
  30. M. G. Kuhn, 'Optical Time-Domain Eavesdropping Risks of CRT Displays', Proc. of the 2002 Symposium on Security and Privacy, pp.3-18, 2002
  31. P. Y. Liardet, N. P. Smart, 'Preventing SPA/DPA in ECC systems using the Jacobi form', CHES 2001, LNCS 2162, pp.391-401, 2001
  32. J. Loughry, D. Umphress, 'Information leakage from optical emanations', ACM Trans. on Information and System Security, vol. 5, pp.262-289, 2002 https://doi.org/10.1145/545186.545189
  33. J. Manger, 'A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding(OAEP) as Standardized in PKCS #1 v2.0', CRYPTO 2001, LNCS 2139, pp.230-238, 2001
  34. T. S. Messerges, E. A. Dabbish, R. H. Sloan, 'Examining smart-card security under the threat of power analysis attacks', IEEE Trans. Computers, 51(5), pp.541-552, 2002 https://doi.org/10.1109/TC.2002.1004593
  35. K. Okeya, T. Takagi, 'A More Flexible Countermeasure against Side Channel Attacks Using Window Method', CHES 2003, LNCS 2779, pp.397-410, 2003
  36. K. Okeya, K. Sakurai, 'Power Analysis Breadks Elliptic Curve Cryptosystems even Secure against the Timing Attack', INDOCRYPT 2000, LNCS 1977, pp.178-190, 2000
  37. E. Osward, S. Mangard, N. Pramstaller, and Vincent Rijmen, 'A Side-Channel Analysis Resistant Description of the AES S-box', FES 2005, LNCS 3557, 2005
  38. J. J. Quisquater, D. Smayde, 'Electromagnetic Analysis(EMA): measures and countermeasures for smart cards', E-smart 2001, LNCS 2140, pp.200-210, 2001
  39. A. Shamir, E. Tramer, 'Acoustic cryptanalysis: on noisy people and noisy machines', Eurocrypt 2004 rump session, 2004
  40. V. Shoup, 'OAEP reconsidered', J. of Cryptology, vol.15, pp.223-249, 2002 https://doi.org/10.1007/s00145-002-0133-9
  41. S. Skorobogatov, R. Anderson, 'Optical Fault Induction Attacks', CHES 2002, LNCS 2523, pp.2-12, 2003
  42. C. C. Tiu, A New Frequency-Based Side Channel Attack for Embedded Systems, Master degree thesis, Department of Electrical and Computer Engineering, Univ. of Waterloo, 2005
  43. E. Trichina, D. Seta, and L. Germani, 'Simplified Adaptive Multiplicative Masking for AES', CHES 2002, LNCS 2535, pp.187-197, 2003
  44. Y. Tsunoo, E. Tsujihara, K. Minematsu, h. Miyauchi, 'Cryptanalysis of Block Ciphers Implemented on Computers with Cashe', ISITA 2002, 2002
  45. S. Vaudenay, 'Security Flaws Induced by CBC padding - Applications to SSL, IPSEC, STLS', Erutocrypt 2002, LNCS 2332, pp.534-545, 2002
  46. P. Wright, Spy Catcher: The Candid Autobiography of a Senior Intelligence Officer, Viking Press, 1987
  47. B. Yang, K. Wu, R. Karri, 'Scan-Based Side-Channel Attack on Dedicated Hardware Implementations of Data Encryption Standard', ITC 2004, pp.339-344, 2004
  48. Y. Zhou, D. Feng, 'Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptography Module Security Testing', Cryptology ePrint Archive, Report 2005/388, 2005