• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.11 no.3
• /
• pp.71-78
• /
• 2001

In this paper, we describe the vulnerabilities against mobile agent and analyze existing schemes to cope with them. Also we propose a new scheme which protects the executed information by mobile agent and simultaneously traces the executions of mobile agent. The proposed scheme provides non-repudiation between participations for the executions of mobile agent, forward integrity against modification and protection against code insertion or deletion attack.

• ETRI Journal
• /
• v.44 no.3
• /
• pp.512-523
• /
• 2022

Random delay countermeasures introduce random delays into the execution flow to break the synchronization and increase the complexity of the side channel attack. A novel method for attacking devices with random delay countermeasures has been proposed by using a maximal overlap discrete wavelet transform (MODWT)-based power trace alignment algorithm. Firstly, the random delay in the power traces is sensitized using MODWT to the captured power traces. Secondly, it is detected using the proposed random delay detection algorithm. Thirdly, random delays are removed by circular shifting in the wavelet domain, and finally, the power analysis attack is successfully mounted in the wavelet domain. Experimental validation of the proposed method with the National Institute of Standards and Technology certified Advanced Encryption Standard-128 cryptographic algorithm and the SAKURA-G platform showed a 7.5× reduction in measurements to disclosure and a 3.14× improvement in maximum correlation value when compared with similar works in the literature.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.727-738
• /
• 2015

Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

• Journal of information and communication convergence engineering
• /
• v.16 no.3
• /
• pp.166-172
• /
• 2018

A pseudo-random sequence generated by using a primitive polynomial, trace function, and Legendre symbol has been researched in our previous work. Our previous sequence has some interesting features such as period, autocorrelation, and linear complexity. A pseudo-random sequence widely used in cryptography. However, from the aspect of the practical use in cryptographic systems sequence needs to generate swiftly. Our previous sequence generated by utilizing a primitive polynomial, however, finding a primitive polynomial requires high calculating cost when the degree or the characteristic is large. It’s a shortcoming of our previous work. The main contribution of this work is to find some relation between the generated sequence and irreducible polynomials. The purpose of this relationship is to generate the same sequence without utilizing a primitive polynomial. From the experimental observation, it is found that there are (p - 1)/2 kinds of polynomial, which generates the same sequence. In addition, some of these polynomials are non-primitive polynomial. In this paper, these relationships between the sequence and the polynomials are shown by some examples. Furthermore, these relationships are proven theoretically also.

• Proceedings of the Korean Society of Broadcast Engineers Conference
• /
• 2010.07a
• /
• pp.32-35
• /
• 2010

This paper presents an efficient monitoring method of a network protocol for a downloadable conditional access system (DCAS) that can securely transmit conditional access software via a bi-directional communication channel. In order to guarantee a secure channel based on mutual authentication between a DCAS head end server and set-top boxes, DCAS messages are encrypted and digitally signed. Owing to applied cryptographic algorithms, it is impossible to get information from messages directly without additional processing. Through categorizing DCAS messages into several groups, the proposed monitoring method can efficiently parse and trace DCAS messages in real-time. In order to verify the stability and effectiveness of the proposed monitoring method, we implement a DCAS monitoring system capable of capturing and parsing all DCAS messages. The experimental results show that the proposed monitoring method is well designed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.985-991
• /
• 2015

The user's secret key can be retrieved by various side channel leakage informations occurred during the execution of cryptographic RSA exponentiation algorithm which is embedded on a security device. The collision-based power analysis attack known as a serious side channel threat can be accomplished by finding some collision pairs on a RSA power consumption trace. Recently, an RSA exponentiation algorithm was proposed as a countermeasure which is based on the window method adopted combination of message blinding and exponent splitting. In this paper, we show that this countermeasure provides approximately $2^{53}$ attack complexity, much lower than $2^{98}$ insisted in the original article, when the window size is two.

• Journal of the Korea Convergence Society
• /
• v.8 no.10
• /
• pp.29-35
• /
• 2017

In this paper, we describe certificate policy and characteristics in cooperation condition with Cooperative intelligent transport system and autonomous driving vehicle. Among the authentication functions of the vehicle, there is a pseudonym authentication function. This pseudonymity is provided for the purpose of protecting the privacy of information that identifies the vehicle driver, passenger or vehicle. Therefore, the purpose of the pseudonym certificate is to be used for reporting on BSM authentication or misbehavior. However, this pseudonym certificate is used in the OBE of the vehicle and does not have a cryptographic key. In this paper, we consider a method for managing a pseudonym authentication function, which is a key feature of the pseudonym certificate, such as location privacy protection, pseudonym function, disposition of linkage value or CRL, request shuffling processing by registry, butterfly key processing, The authentication policy and its characteristics are examined in detail. In connection with the management of pseudonymes of the vehicle, the attacker must record the BSM transmission and trace the driver or vehicle. In this respect, the results of this study are contributing.

• Journal of the Institute of Convergence Signal Processing
• /
• v.11 no.1
• /
• pp.47-52
• /
• 2010

For cryptographic systems, nonlinearity is crucial since most linear systems are easily decipherable. C.Bracken, Z.Zhaetc., propose the APN(Almost Perfect Nonlinear) functions with the properties similar to those of the bent functions with perfect nonlinearity. We design two kinds of new code sequence generating algorithms using the above APN functions. And we find that the out of phase ${\tau}\;{\neq}\;0$, autocorrelation functions, $R_{ii}(\tau)$ and the crosscorrelation functions, $R_{ik}(\tau)$ of the binary code sequences generated by two new algorithms over GF(2), have three values of {-1, $-1-2^{n/2}$, $-1+2^{n/2}$}. We also find that the out of phase ${\tau}\;{\neq}\;0$, autocorrelation functions, $R_{p,ii}(\tau)$ and the crosscorrelation functions, $R_{p,ik}(\tau)$ of the nonbinary code sequences generated by the modified algorithms over GF(p), $p\;{\geq}\;3$, have also three values of {$-1+p^{n-1}$, $-1-p^{(n-1)/2}+p^{n-1}$, $-1+p^{(n-1)/2}p^{n-1}$}. We show that these code sequences have the characteristics of the correlation functions similar to those of Gold code sequences.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.491-501
• /
• 2019

In side-channel analysis, which exploit physical leakage from a cryptographic device, deep learning based attack has been significantly interested in recent years. However, most of the state-of-the-art methods have been focused on classifying side-channel information in a profiled scenario where attackers can obtain label of training data. In this paper, we propose a new method based on deep learning to improve non-profiling side-channel attack such as Differential Power Analysis and Correlation Power Analysis. The proposed method is a signal preprocessing technique that reduces the noise in a trace by modifying Auto-Encoder framework to the context of side-channel analysis. Previous work on Denoising Auto-Encoder was trained through randomly added noise by an attacker. In this paper, the proposed model trains Auto-Encoder through the noise from real data using the noise-reduced-label. Also, the proposed method permits to perform non-profiled attack by training only a single neural network. We validate the performance of the noise reduction of the proposed method on real traces collected from ChipWhisperer board. We demonstrate that the proposed method outperforms classic preprocessing methods such as Principal Component Analysis and Linear Discriminant Analysis.