• Review of KIISC
• /
• v.30 no.1
• /
• pp.23-33
• /
• 2020

암호시스템에 대한 부채널분석 공격은 기기에 대한 훼손이 없이 비교적 저렴한 비용으로 적용이 가능한 반면에 공격결과는 보안에 매우 치명적일 수 있다. 따라서 암호시스템의 구현에 있어서 성능적인 측면과 함께 부채널분석 공격에 대한 안전성 역시 반드시 고려되어야 한다. 본 논문에서는 부채널분석 공격 대응기법 중에서 하드웨어 기반 마스킹 기법의 연구동향에 대해서 알아보고자 한다.

• Review of KIISC
• /
• v.16 no.4
• /
• pp.47-58
• /
• 2006

전통적인 암호시스템의 분석방법은 암호 프리미티브들로 구성된 부분을 블랙박스로 생각하고 이들을 구성하는 수학적 함수를 분석하여 이론적인 안전성을 정량화 했다. 그러나 암호 프리미티브가 이론적으로 안전하다고 해도 이들을 적용한 암호시스템을 구축할 때 구현 방법에 따라 비밀정보와 연관된 내부 함수가 실행되면서 연산시간, 소모전력, 전자복사, 오류결과 등의 부가적인 정보를 밖으로 누출하는 경우가 있다. 최근 들어 이런 부채널 정보를 통해 비밀정보를 유추하는 기술이 발전하였는데 시차공격법, 전력분석법, 전자복사 공격법, 오류 공격법, 오류 메시지 공격법 등 여러 가지 공격법이 알려지고 있다. 부채널 공격법을 통해 비밀키 암호 알고리즘, 공개키 암호 알고리즘, 해쉬함수 등을 프리미티브로 사용하여 구현한 암호 메카니즘의 취약점이 분석되었으며, 이를 막을 수 있는 대응법도 다양하게 제안되고 있다. 본 고에서는 부채널 공격법과 이의 대응법에 대한 최근 동향을 살펴본다.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.1
• /
• pp.64-72
• /
• 2013

Recently, stream cipher Rabbit was selected for the final eSTREAM portfolio organized by EU ECRYPT and as one of algorithm in part of ISO/IEC 18033-4 Stream Ciphers on ISO Security Standardization. However, a feasibility of practical power analysis attack to algorithm in experiment was introduced. Therefore, we propose appropriate methods such as random masking and hiding schemes to secure against power analysis attack on stream cipher Rabbit. We implement the proposed method with increment of 24% operating time and 12.3% memory requirements due to maintaining a high-speed performance. We use a 8-bit RISC AVR microprocessor (ATmegal128L chip) to implement our method for practical experiments, and verify that stream cipher Rabbit with our method is secure against power analysis attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.5
• /
• pp.93-101
• /
• 2008

Side channel attacks are well known as one of the most powerful physical attacks against low-power cryptographic devices and do not take into account of the target's theoretical security. As an important succeeding factor in side channel attacks (specifically in DPAs), exact time-axis alignment methods are used to overcome misalignments caused by trigger jittering, noise and even some countermeasures intentionally applied to defend against side channel attacks such as random clock generation. However, the currently existing alignment methods consider only on the position of signals on time-axis, which is ineffective for certain countermeasures based on time-axis misalignments. This paper proposes a new signal alignment method based on interpolation and decimation techniques. Our proposal can align the size as well as the signals' position on time-axis. The validity of our proposed method is then evaluated experimentally with a smart card chip, and the results demonstrated that the proposed method is more efficient than the existing alignment methods.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.21 no.5
• /
• pp.14-21
• /
• 2020

In order to provide confidential services between two communicating parties, block data encryption using a symmetric secret key is applied. A power analysis attack on a cryptosystem is a side channel-analysis method that can extract a secret key by measuring the power consumption traces of the crypto device. In this paper, we propose an attack model that can recover the secret key using a power analysis attack based on a deep learning convolutional neural network (CNN) algorithm. Considering that the CNN algorithm is suitable for image analysis, we particularly adopt the recurrence plot (RP) signal processing method, which transforms the one-dimensional power trace into two-dimensional data. As a result of executing the proposed CNN attack model on an XMEGA128 experimental board that implemented the AES-128 encryption algorithm, we recovered the secret key with 22.23% accuracy using raw power consumption traces, and obtained 97.93% accuracy using power traces on which we applied the RP processing method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.335-344
• /
• 2016

It is known that power analysis is one of the most powerful attack in side channel analysis. Among power analysis single trace attack is widely studied recently since it uses one power consumption trace to recover secret key of public cryptosystem. Recently Sim et al. proposed new exponentiation algorithm for RSA cryptosystem with higher attack complexity to prevent single trace attack. In this paper we analyze the vulnerability of exponentiation algorithm described by Sim et al. Sim et al. applied message blinding and random exponentiation splitting method on $2^t-ary$ for higher attack complexity. However we can reveal private key using information exposed during pre-computation generation. Also we describe modified algorithm that provides higher attack complexity on collision attack. Proposed algorithm minimized the reuse of value that are used during exponentiation to provide security under single collision attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.31-39
• /
• 2008

The development of next-generation resident registration cards, financial IC cards and administrative agency IC cards based on a smart card is currently coming out in Korea. However, the low-price IC cards without countermeasures against side channel analysis attacks are expected to be used fer cost reduction. This paper has investigated the side channel resistance of financial IC cards that are currently in use and have performed DPA attacks on the financial IC cards. We have been able to perform successful DPA attacks on these cards by using only 100 power measurement traces. From our experiment results, we have been able to extract the master key used for encryption of a count PIN number.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.6A
• /
• pp.540-548
• /
• 2002

Attacks have been proposed that use side information as timing measurements, power consumption, electromagnetic emissions and faulty hardware. Elimination side-channel information or prevention it from being used to attack a secure system is an tractive ares of research. In this paper, differential power analysis techniques to attack the DES are experimented and analyzed. And we propose the prevention of DPA attack by software implementation technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.1
• /
• pp.153-166
• /
• 2011

Recent trends in mobile device market whose services are rapidly expanding to provide wireless internet access are drawing people's attention to mobile security. Especially, since threats to information leakage are reaching to the critical level due to the frequent interchange of important data such as personal and financial information through wireless internet, various encryption algorithms has been developed to protect them. The encryption algorithms confront the serious threats by the appearance of side channel attack (SCA) which uses the physical leakage information such as timing, and power consumption, though the their robustness to threats is theoretically verified. Against the threats of SCA, researches including the performance and development direction of SCA should precede. Among tile SCA methods, the power analysis (PA) attack overcome this misalignment problem. The conventional methods require large computational power and they do not effectively deal with the delay changes in a power trace. To overcome the limitation of the conventional methods, we proposed a novel alignment method using peak matching. By computer simulations, we show the advantages of the proposed method compared to the conventional alignment methods.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2008.02a
• /
• pp.89-93
• /
• 2008

본 논문에서는 단순전력 분석(SPA)과 오류주입공격(FA)에 안전한 중국인의 나머지 정리를 이용한 RSA 암호 시스템(CRT-RSA)에 대하여 논한다. CRT-RSA를 이용한 서명 알고리즘은 스마트카드와 같은 내장형 장치(embedded device)에서 널리 사용된다. 하지만 이러한 장치들은 전력분석 공격과 오류주입 공격에 취약하다. 2005년 Giraud가 처음으로 단순전력분석과 오류주입공격에 모두 안전한 대응 방법을 제안하였다. 본 논문에서는 Giraud의 대응 방법에 대한 다른 공격방법을 소개하고, 제시한 공격 방법에도 안전한 대응 방법을 제안한다. 본 논문에서 제안하는 대응 방법은 세 개의 메모리와 덧셈과 뺄셈연산을 추가적으로 요구한다. 추가적으로 요구되는 연산량은 모듈러 지수승 연산에 필요한 연산량에 비교하면 크게 고려하지 않아도 될 연산량이다. 그러므로 본 논문에서 제안하는 대응 방법은 내장형 장치와 같은 환경에서 안전하고 효율적으로 이용될 수 있다.