• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2002.11a
• /
• pp.564-568
• /
• 2002

정보보호 평가는 크게 시스템 평가인 CC평가와 암호모듈 평가인 CMVP평가고 나눌 수 있다. 본 논문은 암호모듈 평가 방법으로 북미 CMVP의 3가지 블록 알고리즘시험방법인 KAT(Known Answer Test), MCT(Monte Calro Test), MMT(Multi-block Message Test)를 JAVA환경에 적용하여 시범 구현하였다. 대상 알고리즘은 CMVP의 4가지 블록 알고리즘(DES, TDES, AES, Skipjack)을, 테스트 방법으로 MOVS, TMOVS, AESAVS를 선정하여 FIPS표준을 적용하였다. 구현 환경으로는 JCA기반의 Cryptix를 채택하여 CMVP의 블록 암호 알고리즘 테스트 시스템 중 일부를 구현하였다.

• IEIE Transactions on Smart Processing and Computing
• /
• v.6 no.2
• /
• pp.133-139
• /
• 2017

Vehicles have increasingly evolved and become intelligent with convergence of information and communications technologies (ICT). Vehicle communications (VC) has become one of the major necessities for intelligent vehicles. However, VC suffers from serious security problems that hinder its commercialization. Hence, the IEEE 1609 Wireless Access Vehicular Environment (WAVE) protocol defines a security service for VC. This service includes Advanced Encryption Standard-Counter with CBC-MAC (AES-CCM) for data encryption in VC. A high-speed AES-CCM crypto module is necessary, because VC requires a fast communication rate between vehicles. In this study, we propose and implement an efficient AES-CCM hardware architecture for high-speed VC. First, we propose a 32-bit substitution table (S_Box) to reduce the AES module latency. Second, we employ key box register files to save key expansion results. Third, we save the input and processed data to internal register files for secure encryption and to secure data from external attacks. Finally, we design a parallel architecture for both cipher block chaining message authentication code (CBC-MAC) and the counter module in AES-CCM to improve performance. For implementation of the field programmable gate array (FPGA) hardware, we use a Xilinx Virtex-5 FPGA chip. The entire operation of the AES-CCM module is validated by timing simulations in Xilinx ISE at a speed of 166.2 MHz.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.1
• /
• pp.13-23
• /
• 2001

This paper implemented into hardware SEED which is the KOREA standard 128-bit block cipher. First, at the respect of hardware implementation, we compared and analyzed SEED with AES finalist algorithms - MARS, RC6, RIJNDAEL, SERPENT, TWOFISH, which are secret key block encryption algorithms. The encryption of SEED is faster than MARS, RC6, TWOFISH, but is as five times slow as RIJNDAEL which is the fastest. We propose a SEED hardware architecture which improves the encryption speed. We divided one round into three parts, J1 function block, J2 function block J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined one round into three parts, J1 function block, J2 function block, J3 function block including key mixing block, because SEED repeatedly executes the same operation 16 times, then we pipelined it to make it more faster. G-function is implemented more easily by xoring four extended 4 byte SS-boxes. We tested it using ALTERA FPGA with Verilog HDL. If the design is synthesized with 0.5 um Samsung standard cell library, encryption of ECB and decryption of ECB, CBC, CFB, which can be pipelined would take 50 clock cycles to encrypt 384-bit plaintext, and hence we have 745.6 Mbps assuming 97.1 MHz clock frequency. Encryption of CBC, OFB, CFB and decryption of OFB, which cannot be pipelined have 258.9 Mbps under same condition.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1237-1246
• /
• 2021

This paper is about Asynchronous Transfer Mode (ATM) cell security in which an Output Feedback (OFB) mode is applied to an AES block ciphers. ATM cells are divided into user data cells and maintenance cells, and each cell is 53 octets in size and consists of a header of 5 octets and a payload of 48 octets. In order to encrypt/decrypt ATM cells, the boundaries of cells must be detected, which is possible using the Header Error Control (HEC) field in the header. After detecting the boundary of the cell, the type of payload is detected using a payload type (PT) code to encrypt only the user cell. In this paper, a security method for ATM cells that satisfies the requirements of ISO 9160 is presented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.17-24
• /
• 2010

A differential fault attack(DFA) is one of the most efficient side channel attacks on block ciphers. Almost all block ciphers, such as DES, AES, ARIA, SEED and so on., have been analysed by this attack. In the case of the known DFAs on SEED, the attacker induces permanent faults on a whole left register of round 16. In this paper, we analyse SEED against DFA with differential characteristics and addition-XOR characteristics of the round function of SEED. The fault assumption of our attack is that the attacker induces 1-bit faults on a particular register. By using our attack, we can recover last round keys and the master key with about $2^{32}$ simple arithmetic operations. It can be simulated on general PC within about a couple of second.

• Journal of Korea Society of Industrial Information Systems
• /
• v.15 no.2
• /
• pp.1-9
• /
• 2010

Feistel and SPN are the two main structures in a block cipher. Feistel is a symmetric structure which has the same structure in encryption and decryption, but SPN is not a symmetric structure. In this paper, we propose a SPN which has a symmetric structure in encryption and decryption. The whole operations of proposed algorithm are composed of the even numbers of N rounds where the first half of them, 1 to N/2 round, applies a right function and the last half of them, (N+1)/2 to N round, employs an inverse function. And a symmetry layer is located in between the right function layer and the inverse function layer. In this paper, AES encryption and decryption function are selected for the right function and the inverse function, respectively. The symmetric layer is composed with simple matrix and round key addition. Due to the simplicity of the symmetric SPN structure in hardware implementation, the proposed modified AES is believed to construct a safe and efficient cipher in Smart Card and RFID environments where electronic chips are built in.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.3-9
• /
• 2009

In this paper we introduce a new side-channel attack using block cipher cryptanalysis named meet-in-the middle attack. Using our new side-channel technique we introduce side-channel attacks on AES with reduced masked rounds. That is, we show that AES with reduced 10 masked rounds is vulnerable to side channel attacks based on an existing 4-round function. This shows that one has to mask the entire rounds of the 12-round 192-bit key AES to prevent our attacks. Our results are the first ones to analyze AES with reduced 10 masked rounds.

• Journal of IKEEE
• /
• v.23 no.3
• /
• pp.971-977
• /
• 2019

This paper presents an experimental result showing the encryption and decryption times of the AES and LEA algorithms. AES and LEA algorithms are international and Korean standards for block ciphers, respectively. Through experiments, this paper investigates the applicability of the LEA algorithm for light weight IoT devices. In order to measure the encryption and decryption times, 256-bit and 128-bit secret keys were randomly generated for AES and LEA, respectively. Under our test environment using an Arduino microcontroller, the AES algorithm takes about 45ms for encryption and decryption processes, whereas the LEA algorithm takes about 4ms. Even though processing times of each algorithm may vary much under different implementation and test environments, this experimental result shows that the LEA algorithm can be applied to many light weight IoT devices for security goals.

• Proceedings of the IEEK Conference
• /
• 2005.11a
• /
• pp.591-594
• /
• 2005

This paper describes a design of AES-based CCM Protocol for IEEE 802.11i Wireless LAN Security. The CCMP core is designed with 128-bit data path and iterative structyre which uses 1 clock cycle per round operation. To maximize its performance, two AES cores are used, one is for counter mode for data confidentiality and the other is for CBC(Cipher Block Chaining) mode for authentication and data integrity. The S-box that requires the largest hardware in AES core is implemented using composite field arithmetic, and the gate count is reduced by about 23% compared with conventional LUT-based design. The CCMP core designed in Verilog-HDL has 35,013 gates, and the estimated throughput is about 768Mbps at 66-MHz clock frequency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.167-174
• /
• 2009

Recently, Li et al. proposed a new differential fault analysis(DFA) attack on the block cipher ARIA using about 45 ciphertexts. In this paper, we apply their DFA skill on AES and improve attack method and its analysis. The basic idea of our DFA method is that we recover intermediate ciphertexts in last round using final faulty ciphertexts and find out last round secret key. In addition, we present detail DFA procedure on AES and analysis of complexity. Furthermore computer simulation result shows that we can recover its 128-bit secret key by introducing a correct ciphertext and 2 faulty ciphertexts.