Journal of the Institute of Electronics Engineers of Korea SP (대한전자공학회논문지SP)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

New Power Analysis Attack on The Masking Type Conversion Algorithm

마스킹 형태 변환 알고리즘에 대한 새로운 전력 분석 공격

  • Cho, Young-In (Graduate School of Information Management and Security, Korea University) ;
  • Kim, Hee-Seok (Graduate School of Information Management and Security, Korea University) ;
  • Han, Dong-Guk (Department of Mathematics, Kookmin University) ;
  • Hong, Seok-Hie (Graduate School of Information Management and Security, Korea University) ;
  • Kang, Ju-Sung (Department of Mathematics, Kookmin University)
  • 조영인 (고려대학교 정보경영공학전문 대학원) ;
  • 김희석 (고려대학교 정보경영공학전문 대학원) ;
  • 한동국 (국민대학교 수학과) ;
  • 홍석희 (고려대학교 정보경영공학전문 대학원) ;
  • 강주성 (국민대학교 수학과)
  • Published : 2010.01.25
Download PDF
⟨ Previous Next ⟩

Abstract

In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate results in the algorithm computations(encryption, decryption, and key-schedule) are well-known. The type conversion of masking is unavoidable since Boolean operation and Arithmetic operation are performed together in block cipher. Messerges proposed a masking type conversion algorithm resistant general power analysis attack and then it's vulnerability was reported. We present that some of exiting attacks have some practical problems and propose a new power analysis attack on Messerges's algorithm. After we propose the strengthen DPA and CPA attack on the masking type conversion algorithm, we show that our proposed attack is a practical threat as the simulation results.

전력 분석 공격의 다양한 대응법들 중 대칭키 암호의 경우, 암/복호화, 키 스케쥴링의 연산 도중 중간 값이 전력 측정에 의해 드러나지 않도록 하는 마스킹 기법이 잘 알려져 있다. 대칭키 암호는 Boolean 연산과 Arithmetic연산이 섞여 있으므로 마스킹 형태 변환이 불가피하다. Messerges에 의해서 일반적인 전력 분석 공격에 안전한 마스킹 형태 변환 알고리즘이 제안되었고 이에 대한 취약성이 보고되었다. 본 논문에서는 Messerges가 제안한 마스킹 형태 변환 알고리즘에 대한 기존 전력 분석 공격이 불가능함을 보이고 새로운 전력 분석 공격 방법을 제안한다. 마스킹 형태 변환 알고리즘에 대하여 강화된 DPA와 CPA 공격 방법을 제시한 뒤 시뮬레이션 결과로써 제안하는 공격 방법으로 실제 분석이 가능함을 확인한다.

Keywords

References

  1. P. Kocher, J. Jaffe, and B. Jun, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Others Systems." CRYPTO'6, LNCS 1109, pp.104-113, Springer-Verlag, 1996.
  2. P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," CRYPTO'9, pp.388-397, Springer -Verlag, 1999.
  3. P. Kocher, J. Jaffe, and B. Jun, "Introduction to differential power analysis and related attacks," http://www.cryptography.com/dpa/technical, 1998.
  4. T. S. Messerges, E. A. Dabbish, and R. H. Sloan, "Power analysis attacks on modular exponentiation in Smart cards," Proc. of Workshop on Cryptographic Hardware and Embedded Systems, pp.144-157, Springer-Verlag, 1999.
  5. T. Messerges, "Securing the AES Finalists Against Power Analysis Attacks," Proc. Seventh Int'l Workshop Fast Software Encryption (FSE 2000), pp. 150-164, 2001.
  6. E. Oswald and K. Schramm. "An Efficient Masking Scheme for AES Software Implementations," TM WISA 2005, LNCS 3786, pp. 292–305, Springer, 2006.
  7. E. Oswald, S. Mangard, N. Pramstaller, and V. Rijmen., "A Side-Channel Analysis Resistant Description of the AES S-box," FSE 2005, LNCS 3557, pp. 413–423, Springer, 2005.
  8. J. Bl"omer, J. Guajardo, and V. Krummel. "Provably Secure Masking of AES," SAC 2004, LNCS 3357, pp. 69-83, Springer, 2005.
  9. J.S. Coron, L. Goubin, "On Boolean and Arithmetic Masking against Differential Power Analysis," Proc. of CHES'00, pp. 231-237, 2000.