Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Study for improving attack Complexity against RSA Collision Analysis

RSA 충돌 분석 공격 복잡도 향상을 위한 연구

  • Received : 2015.01.09
  • Accepted : 2015.03.13
  • Published : 2015.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

In information security devices, such as Smart Cards, vulnerabilities of the RSA algorithm which is used to protect the data were found in the Side Channel Analysis. The RSA is especially vulnerable to Power Analysis which uses power consumption when the algorithm is working. Typically Power Analysis is divided into SPA(Simple Power Analysis) and DPA(Differential Power Analysis). On top of this, there is a CA(Collision Analysis) which is a very powerful attack. CA makes it possible to attack using a single waveform, even if the algorithm is designed to secure against SPA and DPA. So Message blinding, which applies the window method, was considered as a countermeasure. But, this method does not provide sufficient safety when the window size is small. Therefore, in this paper, we propose a new countermeasure that provides higher safety against CA. Our countermeasure is a combination of message and exponent blinding which is applied to the window method. In addition, through experiments, we have shown that our countermeasure provides approximately 124% higher attack complexity when the window size is small. Thus it can provide higher safety against CA.

스마트카드와 같은 정보보호 디바이스에서 데이터를 보호하기 위해 사용되는 RSA 암호 알고리즘은 부채널 분석에 취약함이 밝혀졌다. 특히 암호 알고리즘이 수행되는 동안 소비되는 전력 패턴을 관찰하여 분석에 활용하는 전력 분석공격에 취약하다. 전력 분석 공격은 대표적으로 단순 전력 분석과 차분 전력 분석이 있고, 이 외 충돌 분석 등이 있다. 그 중에서 충돌 분석은 단순 전력 분석 및 차분 전력 분석에 안전하게 설계된 RSA 암호 알고리즘이라도 단일 파형을 이용하여 비밀 키 값을 찾을 수 있는 매우 강력한 공격기법이다. 따라서 기존 메시지 블라인딩 기법에 윈도우 기법을 적용한 대응기법이 고려되었지만, 이는 윈도우 크기가 작은 환경에서 충분히 큰 안전도를 제공하지 못한다. 이에 본 논문에서는 메시지 블라인딩 기법과 윈도우 기법이 적용된 RSA 암호 알고리즘에 지수 분할 기법을 혼합 적용하여 충돌분석에 더 높은 안전도를 제공하는 대응기법을 제시한다. 실험을 통해 본 논문에서 제시하는 대응기법이 윈도우 크기가 작은 환경에서 메시지 블라인딩 기법과 윈도우 기법만 적용된 기존 RSA 암호 알고리즘 보다 공격 복잡도가 약 124% 향상되어 더 높은 안전도를 제공함을 보였다.

Keywords

Acknowledgement

Supported by : 한국연구재단

References

  1. P. Kocher, "Timing attacks on implementation of Diffie-Hellman, RSA, DSS, and other systems," CRYPTO'96, LNCS 1109, pp. 104-113, 1996.
  2. D. Boneh, R. Demillo, and R. Lipton, "On the importance of checking cryptographic protocols for faults," EUROCRYPTO'97, LNCS 1233, pp. 37-51, 1997.
  3. K. Gandolfi, C. Mourtel, and F. Olivier, "Electromagnetic analysis : concrete results," CHES 2001, LNCS 2162, pp. 251-261, 2001.
  4. P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," CRYPTO'99, LNCS 1666, pp. 388-397, 1999.
  5. T. Messerges, E. Dabbish, and R. Sloan, "Power analysis attacks of modular exponentiation in smartcard," CHES'99, LNCS 1717, pp. 144-157, 1999.
  6. K. Okeya and K. Sakurai, "A second-order DPA attack breaks a window-method based countermeasure against side channel attacks," ISC 2002, LNCS 2433 pp. 389-401, 2002.
  7. P.A. Fouque and F. Valette, "The doubling attack-why upwards is better than downwards," CHES 2003, LNCS 2779, pp. 269-280, 2003.
  8. N. Homma, A. Miyamoto, T. Aoki, A. Satoh, and A. Shamir, "Collision-based power analysis of modular exponentiation using chosen-message pairs," CHES 2008, LNCS 5154, pp. 15-29, 2008.
  9. HeeSeok Kim, Tae Hyun Kim, Joong Chul Yoon, and Seokhie Hong, "Practival second-order correlation power analysis on the message blinding method and its novel countermeasure for RSA," ETRI Journal, vol. 32, no. 1, pp. 102-111, Feb. 2010. https://doi.org/10.4218/etrij.10.0109.0249
  10. M.F. Witteman, J.G.J. Woudenberg, and F. Menarini, "Defeating RSA multiply-always and message blinding countermeasures," CT-RSA 2011, LNCS 6558, pp. 77-88, 2011.
  11. T. Sugawara, D. Suzuki, M. Saeki, "Internal collision attack on RSA under closed EM measurement," SCIS 2014, pp. 1-8, Jan. 2014.
  12. HeeSeok Kim, Dong-Guk Han, Seokhie Hong, and JaeCheol Ha, "Message blinding method requiring no multiplicative inversion for RSA," ACM Transactions on Embedded Computing Systems, vol. 9, no. 4, article 39, Mar. 2011.
  13. C. Clavier and M. Joye, "Universal exponentiation algorithm a first step towards provable SPA-resistance," CHES 2001, LNCS 2162, pp. 300-308, 2001.
  14. RSA Laboratories, "PKCS #1 v2.2 : RSA cryptography standard," Oct. 2012.
  15. Bo-Youn Sim, Yoo-Seung Won and Dong-Guk Han, "Study on the combination of message and exponent blinding for countermeasure against RSA power collision analysis," CISC-S'14, pp. 119, Jun. 2014.

Cited by

  1. Security Evaluation Against Collision-based Power Analysis on RSA Algorithm Adopted Exponent Splitting Method vol.25, pp.5, 2015, https://doi.org/10.13089/JKIISC.2015.25.5.985