• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.9
• /
• pp.225-230
• /
• 2019

Recently, with the development of Internet technology, various encryption algorithms have been adopted to protect the sensing data measured by hardware devices. The Advanced Encryption Standard (AES), the most widely used encryption algorithm in the world, is also used in many devices with strong security. However, it has been found that the AES algorithm is vulnerable to side channel analysis attacks such as Differential Power Analysis (DPA) and Correlation Power Analysis (CPA). In this paper, we present a software optimization implementation technique of the AES algorithm applying the most widely known masking technique among side channel analysis attack methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.457-465
• /
• 2015

Internet of Things(IoT) technologies should be able to communication with various embedded platforms. We will need to select an appropriate cryptographic algorithm in various embedded environments because we should consider security elements in IoT communications. Therefore the lightweight block cryptographic algorithm is essential for secure communication between these kinds of embedded platforms. However, the lightweight block cryptographic algorithm has a vulnerability which can be leaked in side channel analysis. Thus we also have to consider side channel countermeasure. In this paper, we will propose the scenario of side channel analysis and confirm the vulnerability for HIGHT algorithm which is composed of ARX structure. Additionally, we will suggest countermeasure for HIGHT against side channel analysis. Finally, we will explain how much the effectiveness can be provided through comparison between countermeasure for AES and HIGHT.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.951-959
• /
• 2017

Under the assumption that there is available some additional information other than plaintext-ciphertext pairs, the security of the RSA cryptosystem has been analyzed by the attack methods such as the side-channel attacks and the lattice-based attacks. Recently, based on the data retention property of the powered-off DRAMs, the so called cold boot attack was proposed in the literature, which is focusing on recovering the various cryptosystems' key from some auxiliary information. This paper is dealing with the problem of recovering the RSA private key with erasures and errors and proposes a new key recovery algorithm which is shown to have better performance than the previous one introduced by Kunihiro et al.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.4
• /
• pp.527-536
• /
• 2020

It has been found that an attacker can extract the secret key embedded in a security device and recover the operation instruction using power consumption traces which are some kind of side channel information. Many profiling-based side channel attacks based on a deep learning model such as MLP(Multi-Layer Perceptron) method are recently researched. In this paper, we implemented a disassembler for operation instruction set used in the micro-controller AVR XMEGA128-D4. After measuring the template traces on each instruction, we automatically made the pre-processing process and classified the operation instruction set using a deep learning model CNN. As an experimental result, we showed that all instructions are classified with 87.5% accuracy and some core instructions used frequently in device operation are with 99.6% respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.709-718
• /
• 2019

A lightweight block cipher CHAM designed for suitability in resource-constrained environment has reasonable security level and high computational performance. Since this cipher may contain intrinsic weakness on side channel attack, it should adopt a countermeasure such as masking method. In this paper, we implement the masked CHAM cipher on 32-bit microprosessor Cortex-M3 platform to resist against side channel attack and analyze their computational performance. Based on the shortcoming of having many round functions, we apply reduced masking method to the implementation of CHAM cipher. As a result, we show that the CHAM-128/128 algorithm applied reduced masking technique requires additional operations about four times.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.2
• /
• pp.117-126
• /
• 2011

RSA-CRT algorithm is widely used to improve the performance of RSA algorithm. However, it is also vulnerable to side channel attacks like as general RSA. One of the power attacks on RSA-CRT, proposed by Boer et al., is a power analysis which utilizes reduction steps of RSA-CRT algorithm with equidistant chosen messages, called as ECMPA(Equidistant Chosen Messages Power Analysis) or MRED(Modular Reduction on Equidistant Data) analysis. This method is to find reduction output value r=xmodp which has the same equidistant patterns as equidistant messages. One can easily compute secret prime p from exposure of r. However, the result of analysis from a reduction step in [5] is remarkably different in our experiment from what Boer expected in [5]. Especially, we found that there are Ghost key patterns depending on the selection of attack bits and selected reduction algorithms. Thus, in this paper we propose several Ghost key patterns unknown to us until now, then we suggest enhanced and detailed analyzing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.6
• /
• pp.3-13
• /
• 2010

Differential Fault Analysis (DFA) is widely known for one of the most efficient method analyzing block cipher. In this paper, we propose a new type of DFA on DES (Data Encryption Standard). DFA on DES was first introduced by Biham and Shamir, then Rivain recently introduced DFA on DES middle rounds (9-12 round). However previous attacks on DES can only be applied to the encryption process. Meanwhile, we first propose the DFA on DES key-schedule. In this paper, we proposed a more efficient DFA on DES key schedule with random fault. The proposed DFA method retrieves the key using a more practical fault model and requires fewer faults than the previous DFA on DES.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.155-162
• /
• 2022

The SITM (See-In-The-Middle) attack proposed in CHES 2020 is a type of analysis technique that combines differential cryptanalysis and side-channel analysis, and can be applied even in a harsh environment with a low SNR (Signal-to-Noise Ratio). This attack targets partial 1^st or higher order masked block cipher, and uses unmasked middle round weakness. PRESENT is a lightweight blockcipher proposed in CHES 2007, designed to be implemented efficiently in a low-power environment. In this paper, we propose SITM attacks on 14-round masked implementation of PRESENT while the previous attacks were applicable to 4-round masked implementation of PRESENT. This indicates that PRESENT has to be implemented with more than 16-round masking to be resistant to our attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.923-941
• /
• 2017

A side-channel attack is a method of attacking a cipher based on physical information of a cryptographic device. The masking method, which is a typical method overcoming this attack, is a method of calculating an arbitrary masking value at the round intermediate value through rounds. Thus, it is difficult to guess the intermediate value by the side-channel attack, but if the masking operation is applied to all rounds of the encryption algorithm, the encryption process may become overloaded. Therefore, it is practical to use a reduced-round masking technique that applies a masking technique to only a part of the cipher for lightweight equipment such as Internet of Things(IoT) and wearable devices. In this paper, we describe a Hamming weight filtering for SIMON family with reduced-round masking technique and it is shown that first round key recovery is possible through actual programming.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1089-1098
• /
• 2018

As the development of quantum computers becomes visible, the researches on post-quantum cryptography to alternate the present cryptography system have actively pursued. To substitute RSA and Elliptic Curve Cryptosystem, post-quantum cryptography must also consider side channel resistance in implementation. In this paper, we propose a side channel analysis on NTRU, based on the implementation made public in the NIST standardization. Unlike the previous analysis which exploits a thousands of traces, the proposed attack can recover the private key using a single power consumption trace. Our attack not only reduces the complexity of the attack but also gives more possibility to analyze a practical public key cryptosystem. Furthermore, we suggested the countermeasure against our attacks. Our countermeasure is much more efficient than existing implementation.