• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.62-68
• /
• 2008

Remote user authentication scheme is a cryptographic tool which permits a server to identify a remote user. In 2007, Wang et al. pointed out that Ku's remote user authentication scheme is vulnerable to a dictionary attack by obtaining some secret information in a smart card using side channel attacks. They also proposed a remote user authentication scheme which is secure against dictionary attack. In this paper, we analyze the protocol proposed by Wang et al. In the paper, it is claimed that the protocol is secure even though some values, which is stored in a smart card, are revealed to an adversary, However, we show that their protocol is insecure if the values are disclosed to an adversary.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.5
• /
• pp.1013-1022
• /
• 2014

Correlation Power Analysis (CPA) is a type of Side-Channel Analysis (SCA) that extracts the secret key using the correlation coefficient both side-channel information leakage by cryptography device and intermediate value of algorithms. Attack performance of the CPA is affected by noise and temporal synchronization of power consumption leaked. In the recent years, various researches about the signal processing have been presented to improve the performance of power analysis. Among these signal processing techniques, compression techniques of the signal based on Principal Component Analysis (PCA) has been presented. Selection of the principal components is an important issue in signal compression based on PCA. Because selection of the principal component will affect the performance of the analysis. In this paper, we present a method of selecting the principal component by using the correlation of the principal components and the power consumption is high and a CPA technique based on the principal component that utilizes the feature that the principal component has different. Also, we prove the performance of our method by carrying out the experiment.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.1
• /
• pp.43-50
• /
• 2022

Correlation Power Analysis(CPA) is a sub-channel attack method that measures the detailed power consumption of attack target equipment equipped with cryptographic algorithms and guesses the secret key used in cryptographic algorithms with more than 90% probability. Since CPA performs analysis based on statistics, a large amount of data is necessarily required. Therefore, the CPA must measure power consumption for at least about 15 minutes for each attack. In this paper proposes a method of using a Convolutional Neural Network(CNN) capable of accumulating input data and predicting results to solve the data collection problem of CPA. By collecting and learning the power consumption of the target equipment in advance, entering any power consumption can immediately estimate the secret key, improving the computational speed and 96.7% of the secret key estimation accuracy.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2024.05a
• /
• pp.358-361
• /
• 2024

2010 년 UC Berkely 에서 개발한 RISC-V ISA 는 x86, Arm 과 다르게 Free Open-source 라는 장점으로 인해 많은 연구와 개발이 이루어지고 있다. RISC-V ISA 는 RISC 명령어셋을 활용하며 서버 및 데스트탑 CPU 부터 IoT 디바이스까지 여러 방면에서 상용을 위한 노력이 계속되고 있다. 하지만 상용 CPU 에 비해 부채널 공격 방어 기법이 제한적으로 구현되어 있는 것을 확인하였고 특히 부채널 공격 중 전력 분석(Power Analysis)에 대한 방어 기법이 부족한 것을 확인하였다. 따라서 본 논문에서는 RISC-V 를 포함한 여러 아키텍처에 대해 전력 분석 및 하드웨어 방어 기법을 분석하고, RISC-V에 추가적으로 적용되어야 할 방어 기법에 대해 서술한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.219-222
• /
• 2013

The Side Channel attack methods proposed by P.Kocher are mainly used for cryptanalysis different cipher algorithms even though they are claimed to be strongly secured. Those kinds of attacks depend on environment implementation especially on the hardware implementation of the algorithm to the crypto module. side-channel attacks are a type of attack introduced by P.Kocher and is applicable according to each environment or method that is designed. This kind of attack can analyze and also extract important information by reading the binary code data via measurement of changes in electricity(voltage) consumption, running time, error output and sounds. Thus, in this paper, we discuss recent SPA and DPA attacks as well as recent countermeasure techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.807-816
• /
• 2022

See-In-The-Middle (SITM) is an analysis technique that uses Side-Channel information for differential cryptanalysis. This attack collects unmasked middle-round power traces when implementing block ciphers to select plaintext pairs that satisfy the attacker's differential pattern and utilize them for differential cryptanalysis to recover the key. Romulus, one of the final candidates for the NIST Lightweight Cryptography standardization competition, is based on Tweakable block cipher Skinny-128-384+. In this paper, the SITM attack is applied to Skinny-128-384 implemented with 14-round partial masking. This attack not only increased depth by one round, but also significantly reduced the time/data complexity to 2^14.93/2^14.93. Depth refers to the round position of the block cipher that collects the power trace, and it is possible to measure the appropriate number of masking rounds required when applying the masking technique to counter this attack. Furthermore, we extend the attack to Romulus's Nonce-based AE mode Romulus-N, and Tweakey's structural features show that it can attack with less complexity than Skinny-128-384.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.3
• /
• pp.477-489
• /
• 2014

Based on some flaws occurred for implementing a public key cryptosystem in the embedded security device, many side-channel attacks to extract the secret private key have been tried. In spite of the fact that the cryptographic exponentiation is basically composed of a sequence of multiplications and squarings, a new Square Always exponentiation algorithm was recently presented as a countermeasure against side-channel attacks based on trading multiplications for squarings. In this paper, we propose Known Power Collision Analysis and modified Doubling attacks to break the Right-to-Left Square Always exponentiation algorithm which is known resistant to the existing side-channel attacks. And we also present a Collision-based Combined Attack which is a combinational method of fault attack and power collision analysis. Furthermore, we verify that the Square Always algorithm is vulnerable to the proposed side-channel attacks using computer simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.2
• /
• pp.279-286
• /
• 2013

The recent power shortages due to surge in demand for electricity highlights the importance of smart grid technologies for efficient use of power. The experimental content for vulnerability against availability of smart meter, an essential component in smart grid networks, has been reported. Designing availability protection mechanism to boost the realization possibilities of the secure smart grid is essential. In this paper, we propose a mechanism to detect the availability infringement attack for smart meter and also to find anomaly nodes through analyzing smart grid structure and traffic patterns. The proposed detection mechanism uses approximate entropy technique to decrease the detection load and increase the detection rate with few samples and utilizes the signal information(CIR or RSSI, etc.) that the anomaly node can not be changed to find the anomaly nodes. Finally simulation results of proposed method show that the detection performance and the feasibility.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.639-653
• /
• 2013

Smart grid is a network of computers and power infrastructure that monitor and manage energy usage efficiently. Recently, the smart grid demonstration projects around the world, including the United States, Europe, Japan, and the technology being developed. The protection of the many components of the grid against cyber-threats has always been critical, but the recent Smart grid has been threatened by a variety of cyber and physical attacks. We model and analyze advanced metering infrastructure(AMI) in smart grid. Using attack countermeasure tree(ACT) we show qualitative and probabilistic security analysis of AMI. We implement using SHARPE(Symbolic Hierarchical Automated Reliability and Performance Evaluator) tool and calculate probability, ROA, ROI, Structure Importance, Birnbaum Importance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.919-928
• /
• 2023

Deep learning technology is used in various fields such as self-driving cars, image creation, and virtual voice implementation, and deep learning accelerators have been developed for high-speed operation in hardware devices. However, several side channel attacks that recover secret information inside the accelerator using side-channel information generated when the deep learning accelerator operates have been recently researched. In this paper, we implemented a DNN(Deep Neural Network)-based MNIST digit classifier on a microprocessor and attempted a correlation power analysis attack to confirm that the weights of deep learning accelerator could be sufficiently recovered. In addition, to counter these power analysis attacks, we proposed a Node-CUT shuffling method that applies the principle of misalignment at the time of power measurement. It was confirmed through experiments that the proposed countermeasure can effectively defend against side-channel attacks, and that the additional calculation amount is reduced by more than 1/3 compared to using the Fisher-Yates shuffling method.