• Journal of Advanced Navigation Technology
• /
• v.16 no.2
• /
• pp.211-218
• /
• 2012

In this paper, we propose a fault injection attack on AES-CMAC, which is defined by IETF. The fault assumption used in this attack is based on that introduced at FDTC'05. This attack can recover the 128-bit secret key of AES-CMAC by using only small number of fault injections. This result is the first known key recovery attack result on AES-CMAC.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.89-93
• /
• 2008

본 논문에서는 단순전력 분석(SPA)과 오류주입공격(FA)에 안전한 중국인의 나머지 정리를 이용한 RSA 암호 시스템(CRT-RSA)에 대하여 논한다. CRT-RSA를 이용한 서명 알고리즘은 스마트카드와 같은 내장형 장치(embedded device)에서 널리 사용된다. 하지만 이러한 장치들은 전력분석 공격과 오류주입 공격에 취약하다. 2005년 Giraud가 처음으로 단순전력분석과 오류주입공격에 모두 안전한 대응 방법을 제안하였다. 본 논문에서는 Giraud의 대응 방법에 대한 다른 공격방법을 소개하고, 제시한 공격 방법에도 안전한 대응 방법을 제안한다. 본 논문에서 제안하는 대응 방법은 세 개의 메모리와 덧셈과 뺄셈연산을 추가적으로 요구한다. 추가적으로 요구되는 연산량은 모듈러 지수승 연산에 필요한 연산량에 비교하면 크게 고려하지 않아도 될 연산량이다. 그러므로 본 논문에서 제안하는 대응 방법은 내장형 장치와 같은 환경에서 안전하고 효율적으로 이용될 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.3-13
• /
• 2010

Differential Fault Analysis (DFA) is widely known for one of the most efficient method analyzing block cipher. In this paper, we propose a new type of DFA on DES (Data Encryption Standard). DFA on DES was first introduced by Biham and Shamir, then Rivain recently introduced DFA on DES middle rounds (9-12 round). However previous attacks on DES can only be applied to the encryption process. Meanwhile, we first propose the DFA on DES key-schedule. In this paper, we proposed a more efficient DFA on DES key schedule with random fault. The proposed DFA method retrieves the key using a more practical fault model and requires fewer faults than the previous DFA on DES.

• Journal of Internet Computing and Services
• /
• v.17 no.4
• /
• pp.43-50
• /
• 2016

In this paper, we propose the protocol of Ethernet that will receive a popular interesting in the automotive intelligent network, it also attempts to implementation and verification through simulation and experiments to propose a fault tolerance algorithm when the data transfer on it. It has proven the usefulness of the system in order to apply toward an existing automotive communication system. In the case of actual real-time data for automotive industry, we generated a randomly-generated data which is the set of payload into a standard format to complete the experiment. Among the implemented existing algorithms performance, we confirmed the effectiveness of all range from a single data to mixed (Hybrid-type) data, to verify the proposed algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1117-1127
• /
• 2014

Differential Fault Analysis(DFA) is widely known for one of the most powerful method for analyzing block cipher. it is applicable to block cipher such as DES, AES, ARIA, SEED, and lightweight block cipher such as PRESENT, HIGHT. In this paper, we introduce a differential fault analysis on the lightweight block cipher LEA for the first time. we use 300 chosen fault injection ciphertexts to recover 128-bit master key. As a result of our attack, we found a full master key within an average of 40 minutes on a standard PC environment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.59-68
• /
• 2006

Although the cryptographic algorithms in IC chip such as smart card are secure against mathematical analysis attack, they are susceptible to side channel attacks in real implementation. In this paper, we analyze the security of smart card using a developed experimental tool which can perform power analysis attacks and fault insertion attacks. As a result, raw smart card implemented SEED and ARIA without any countermeasure is vulnerable against differential power analysis(DPA) attack. However, in fault attack about voltage and clock on RSA with CRT, the card is secure due to its physical countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1263-1270
• /
• 2020

The differential fault attacks (DFA) are cryptoanalysis methods that reveal the secret key utilizing differences between the normal and faulty ciphertexts, which occurred when artificial faults are injected into an encryption device. The conventional DFA methods use faults to falsify intermediate values. Meanwhile, we propose the novel DFA method that uses a fault to skip a function. The proposed method has a very low attack complexity that reveals the secret key using one fault injected ciphertext within seconds. Also, we proposed a method that filters out ciphertexts where the injected faults did not occur the function-skipping. It makes our method realistic. To demonstrate the proposed method, we performed fault injection on the Riscure's Piñata board. As a result, the proposed method can filter out and reveal the secret key within seconds on a real device.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.63-70
• /
• 2009

Many research results show that RSA system mounted using conventional binary exponentiation algorithm is vulnerable to some physical attacks. Recently, Schmidt and Hurbst demonstrated experimentally that an attacker can exploit secret key using faulty signatures which are obtained by skipping the squaring operations. Based on similar assumption of Schmidt and Hurbst's fault attack, we proposed new fault analysis attacks which can be made by skipping the multiplication operations or computations in looping control statement. Furthermore, we applied our attack to Montgomery ladder exponentiation algorithm which was proposed to defeat simple power attack. As a result, our fault attack can extract secret key used in Montgomery ladder exponentiation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.7
• /
• pp.311-316
• /
• 2013

256-bit block cipher XSB(eXtended Spn Block cipher) was proposed in 2012 and has a symmetric strucrure in encryption and decryption process. In this paper, we propose a differential fault analysis on XSB. Based on a random byte fault model, our attack can recover the secret key of XSB by using only two random byte fault injection. This result is the first known cryptanalytic result on the target algorithm.

• Review of KIISC
• /
• v.33 no.1
• /
• pp.13-21
• /
• 2023

NIST는 2022년 양자내성암호 표준화 진행 대상 알고리즘으로 KEM 1종(CRYSTALS-Kyber), 전자서명3종(CRYSTALS-Dilithium, FALCON, SPHINCS+)을 발표하였고, 추가로 KEM 4종(Classic McEliece, HQC, BIKE, SIKE)에 대한 Round 4 진행을 공표하였다. Round 3와 마찬가지로 Round 4에서도 부채널 분석 및 오류 주입에 대한 안전성은 알고리즘 선정에 있어 중요 평가 사항 중 하나이다. 따라서 해당 암호 알고리즘에 대한 새로운 부채널 분석기술에 대한 연구가 활발히 진행되고 있다. 본 논문은 Round 4의 암호 알고리즘 중 코드 기반 알고리즘 3종(Classic McEliece, HQC, BIKE)에 대한 부채널 분석 방법론의 동향을 파악하고 향후 연구 방향을 제시한다.