• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.327-334
• /
• 2016

Contrary to the common belief, DRAM which is used for the main memory of various computing devices retains its content even though it is powered-off. Especially, the data-retaining time can increase if DRAM is cooled down. The Cold Boot Attack, a kind of side-channel attacks, tries to recover the sensitive information such as the cryptographic key from the powered-off DRAM. This paper proposes a new algorithm which recovers the AES key under the symmetric-decay cold-boot-attack model. In particular, the proposed algorithm uses the strategy of reducing the size of the candidate key space by testing the randomness of the extracted AES key bit stream.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.127-132
• /
• 2007

This paper proposed receding methods for a radix-${\gamma}$ representation of the secret scalar which are resistant to SPA. Unlike existing receding method, these receding methods are left-to-right so they can be interleaved with a left-to-right scalar multiplication, removing the need to store both the scalar and its receding. Hence, these left-to-right methods are suitable for implementing on memory limited devices such as smart cards and sensor nodes

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.193-200
• /
• 2023

Cryptanalysis can be performed by various techniques such as known plaintext attack, differential attack, side-channel analysis, and the like. Recently, many studies have been conducted on cryptanalysis using deep learning. A known-plaintext attack is a technique that uses a known plaintext and ciphertext pair to find a key. In this paper, we use deep learning technology to perform a known-plaintext attack against S-PRESENT, a reduced version of the lightweight block cipher PRESENT. This paper is significant in that it is the first known-plaintext attack based on deep learning performed on a reduced lightweight block cipher. For cryptanalysis, MLP (Multi-Layer Perceptron) and 1D and 2D CNN(Convolutional Neural Network) models are used and optimized, and the performance of the three models is compared. It showed the highest performance in 2D convolutional neural networks, but it was possible to attack only up to some key spaces. From this, it can be seen that the known-plaintext attack through the MLP model and the convolutional neural network is limited in attackable key bits.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.6
• /
• pp.1017-1023
• /
• 2013

With the growing use of smartphones, many secure applications are performed on smartphones such as banking, payment, authentication. To provide security services, cryptographic algorithms are performed on smartphones' CPU. However, smartphone's CPU has no considerations against side-channel attacks including Electromagnetic Analysis (EMA). In DesignCon 2012, G. Kenworthy introduced the risk of cryptographic algorithms operated on smartphone against EMA. In this paper, using improved experimental setups, we performed EMA experiments on androin smartphones' commercial secure applications. As a result, we show that the weakness of real application. According to the experimental setups, we picked up the operation of w-NAF scalar multiplication from the operation of Google's Play Store application using radiated EM signal. Also, we distinguished scalar values (0 or not) of w-NAF scalar multiplication.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.27-35
• /
• 2011

Design of Sensor nodes in Wireless Sensor Network(WSN) should be considered some properties as electricity consumption, transmission speed, range, etc., and also be needed the protection against various attacks (e.g., eavesdropping, hacking, leakage of customer's secret data, and denial of services). The stream cipher Rabbit, selected for the final eSTREAM portfolio organized by EU ECRYPT and selected as algorithm in part of ISO/IEC 18033-4 Stream Ciphers on ISO Security Standardization recently, is a high speed stream cipher suitable for WSN. Since the stream cipher Rabbit was evaluated the complexity of side-channel analysis attack as 'Medium' in a theoretical approach, thus the method of power analysis attack to the stream cipher Rabbit and the verification of our method by practical experiments were described in this paper. We implemented the stream cipher Rabbit without countermeasures of power analysis attack on IEEE 802.15.4/ZigBee board with 8-bit RISC AVR microprocessor ATmega128L chip, and performed the experiments of power analysis based on difference of means and template using a Hamming weight model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.3
• /
• pp.587-601
• /
• 2016

In this paper we suggest method for scalar recoding which is both secure against SPA and DPA. Suggested method is countermeasure to power analysis attack through scalar recoding using negative expression. Suggested method ensures safety of SPA by recoding the operation to apply same pattern to each digit. Also, by generating the random recoding output according to random number, safety of DPA is ensured. We also implement precomputation table and modified scalar addition algorithm for addition to protect against SPA that targets digit's sign. Since suggested method itself can ensure safety to both SPA and DPA, it is more effective and efficient. Through suggested method, compared to previous scalar recoding that ensures safety to SPA and DPA, operation efficiency is increased by 11%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.1-15
• /
• 2020

As differential computation analysis attack(DCA) which is context of side-channel analysis on white-box cryptography is proposed, masking white-box cryptography based on table encoding has been proposed by Lee et al. to counter DCA. Existing higher-order DCA for the masked white box cryptography did not consider the masking implementation structure based on table encoding, so it is impossible to apply this attack on the countermeasure suggested by Lee et al. In this paper, we propose a new higher-order DCA method that can be applied to the implementation of masking based on table encoding, and prove its effectiveness by finding secret key information of masking white-box cryptography suggested by Lee et al. in practice.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.69-77
• /
• 2008

In the recent years, power attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate results in the algorithm computations(encryption, decryption, and key-schedule) are well-known. Applications of masking methods are able to vary in different block ciphers, therefore suitable masking methods about each ciphers have been researched. Existed methods of ARIA have many revisions of mask value. And because existed masking methods pay no regard for key schedule, secret information can be exposed. In the case of ARIA, this problem is more serious than different block ciphers. Therefore we proposes an efficient masking scheme of ARIA including the key-schedule. Our method reduces time-complexity of ARIA encryption, and solve table-size problem of the general ARIA masking scheme from 256*8 byte to 256*6 byte.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1031-1041
• /
• 2020

Cloud computing technology plays an important role in the deep learning industry as deep learning services are deployed frequently on top of cloud infrastructures. In such cloud environment, virtualization technology provides logically independent and isolated computing space for each tenant. However, recent studies demonstrate that by leveraging vulnerabilities of virtualization techniques and shared processor architectures in the cloud system, various side-channels can be established between cloud tenants. In this paper, we propose a novel attack scenario that can steal internal information of deep learning models by exploiting the Meltdown vulnerability in a multi-tenant system environment. On the basis of our experiment, the proposed attack method could extract internal information of a TensorFlow deep-learning service with 92.875% accuracy and 1.325kB/s extraction speed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.179-187
• /
• 2020

The FBC(Fixed-Base Comb) is a method to efficiently operate scalar multiplication, a core operation for signature generations of the ECDSA(Elliptic Curve Digital Signature Algorithm), utilizing precomputed lookup tables. Since the FBC refers to the table depending on the secret information and the values of the table are publicly known, an adversary can perform HCA(Horizontal Correlation Analysis), one of the single trace side channel attacks, to reveal the secret. However, HCA is a statistical analysis that requires a sufficient number of unit operation traces extracted from one scalar multiplication trace for a successful attack. In the case of the scalar multiplication for signature generations of ECDSA, the number of unit operation traces available for HCA is significantly fewer than the case of the RSA exponentiation, possibly resulting in an unsuccessful attack. In this paper, we propose an improved HCA on lookup table based scalar multiplication algorithms such as FBC. The proposed attack improves HCA by increasing the number of unit operation traces by determining such traces for the same intermediate value through collision analysis. The performance of the proposed attack increases as more secure elliptic curve parameters are used.