DOI QR코드

DOI QR Code

오류주입을 이용한 DSA 서명 알고리즘 공격 및 대응책

Cryptanalysis using Fault Injection and Countermeasures on DSA

  • 정철조 (호서대학교 정보보호학과) ;
  • 오두환 (호서대학교 정보보호학과) ;
  • 최두식 (호서대학교 정보보호학과) ;
  • 김환구 (호서대학교 정보보호학과) ;
  • 하재철 (호서대학교 정보보호학과)
  • Jung, Chul-Jo (Dept. of Information Security, Hoseo University) ;
  • Oh, Doo-Hwan (Dept. of Information Security, Hoseo University) ;
  • Choi, Doo-Sik (Dept. of Information Security, Hoseo University) ;
  • Kim, Hwan-Koo (Dept. of Information Security, Hoseo University) ;
  • Ha, Jae-Cheol (Dept. of Information Security, Hoseo University)
  • 투고 : 2010.07.02
  • 심사 : 2010.08.10
  • 발행 : 2010.08.31

초록

국제 표준 디지털 서명 알고리즘인 DSA(Digital Signature Algorithm)는 이산 대수 문제에 기반하여 이론적 안전성을 보장하지만 최근 서명 시스템 구동시 오류가 주입되면 디바이스 내부에 있는 비밀키를 노출시킬 수 있는 물리적 공격이 제시되었다. 본 논문에서는 Bao 등이 제시한 DSA의 비밀키 비트에 오류를 주입하는 오류 공격법을 소개하고, 서명에 사용되는 랜덤 수에 오류를 주입하는 새로운 공격 모델을 제안한다. 또한, 오류 확산 기법을 이용하여 두 가지 오류주입 공격을 모두 방어할 수 있는 대응책을 제시하고 컴퓨터 시뮬레이션을 통해 그 안전성과 효율성을 검증한다.

The international standard signature algorithm DSA has been guaranteed its security based on discrete logarithm problem. Recently, the DSA was known to be vulnerable to some fault analysis attacks in which the secret key stored inside of the device can be extracted by occurring some faults when the device performs signature algorithm. After analyzing an existing fault attack presented by Bao et al., this paper proposed a new fault analysis attack by disturbing the random number. Furthermore, we presented a countermeasure to compute DSA signature that has its immunity in the two types of fault attacks. The security and efficiency of the proposed countermeasure were verified by computer simulations.

키워드

참고문헌

  1. E. Biham, A. Shamir, "Differential Fault Analysis of Secret Key Cryptosystems," CRYPTO-1997, LNCS vol. 1294, pp. 513-525, 1997.
  2. D. Boneh, R. A. DeMillo and R. J. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults," EUROCRYPT-1997, LNCS vol. 1233, pp. 37-51, 1997
  3. C. H. Kim and J. -J. Quisquater, "New Differential Fault Analysis on AES Key Schedule: Two Faults are enough", CARDIS-2008, LNCS 5189, pp. 48-60, 2008.
  4. S. Yen, S. Kim, S. Lim, and S. Moon, "RSA speedup with Chinese Remainder Theorem Immune Against Hardware Fault Cryptanalysis," IEEE Transaction on Computer, Special issue on CHES, vol. 52, no. 4, pp. 461-472, 2003. https://doi.org/10.1109/TC.2003.1190587
  5. F. Bao, R. H. Deng, Y. Han, A Jeng, A. D. Narasimhalu, T. Ngair, "Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults", International Workshop on Security Protocols-1997, LNCS, vol. 1361, pp. 115-124, 1997
  6. National institute of standards and technology. Digital Signature Standard, NIST FIPS PUB 186-2, 2000.
  7. M. Nikodem, "Error Prevention, Detection and Diffusion Algorithms for Cryptographic Hardware", International Conference on Dependability of Computer System (DepCos-RELCOMEX'07), pp. 127-134, IEEE-CS, 2007.
  8. M. Nikodem, "DSA Signature Scheme Immune to the Fault Cryptanalysis", CARDIS-2008, LNCS, vol. 5189. pp. 61-73, 2008
  9. C. Giraud and E. Knudsen, "Fault Attacks on Signature Schemes," ACISP-2004, LNCS vol. 3108, pp. 478-491, 2004.
  10. D. Naccache, P. Nguyen, M. Tunstall and C. Whelan, "Experimenting with Faults, Lattices and the DSA," PKC-2005, LNCS vol. 3386, pp. 16-28, 2005. https://doi.org/10.1007/978-3-540-30580-4_3
  11. J. Schmidt, M. Medwed, "A Fault Attack on ECDSA", Fault Diagnosis and Tolerance in Cryptography, FDTC-2007, pp. 93-99, 2009.
  12. N. Howgrave-Graham and N. P. Smart. "Lattice Attacks on Digital Signature Schemes", Designs, Codes and Cryptography, vol. 23, no. 3, pp. 283-290, 2001. https://doi.org/10.1023/A:1011214926272
  13. T. Romer and J. P. Serfert, " Information Leakage Attack against Smart Card Implementation of the Elliptic Curve Digital Signature Algorithm," International Conference on Research in Smart Cards, E-smart-2001, LNCS vol. 2140, pp. 211-219, 2001.