한국정보통신학회논문지 (Journal of the Korea Institute of Information and Communication Engineering)

  • 제21권7호
  • /
  • Pages.1276-1284
  • /
  • 2017
  • /
  • 2234-4772(pISSN)
  • /
  • 2288-4165(eISSN)
한국정보통신학회 (The Korea Institute of Information and Commucation Engineering)
권호 표지
DOI QR코드

DOI QR Code

경량 블록암호 LEA에 대한 상관관계 전력분석 공격 및 마스킹 대응 기법

Correlation Power Analysis Attack on Lightweight Block Cipher LEA and Countermeasures by Masking

  • An, Hyo-Sik (School of Electronic Engineering, Kumoh National Institute of Technology) ;
  • Shin, Kyung-Wook (School of Electronic Engineering, Kumoh National Institute of Technology)
  • 투고 : 2017.02.20
  • 심사 : 2017.03.09
  • 발행 : 2017.07.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

우리나라 경량 블록암호 표준인 LEA 알고리듬을 8-비트 데이터 패스의 하드웨어로 구현하고, 구현된 LEA-128 암호 프로세서에 대해 상관관계 전력분석 공격의 취약성을 분석하였다. 본 논문에서 적용된 CPA는 공격을 위해 가정된 라운드키 값으로 계산된 데이터의 해밍 거리와 LEA 암호 프로세서의 전력 소모량 사이의 상관 계수를 분석함으로써 올바른 라운드키 값을 검출한다. CPA 공격 결과로, 최대 상관계수가 0.6937, 0.5507인 올바른 라운드키 값이 검출되었으며, 블록암호 LEA가 전력분석 공격에 취약함이 확인되었다. CPA 공격에 대한 대응 방안으로 TRNG(True Random Number Generator) 기반의 매스킹 방법을 제안하였다. TRNG에서 생성되는 난수를 암호화 연산 중간 값에 더하는 마스킹 기법을 적용한 결과, 최대 상관계수가 0.1293와 0.1190로 매우 작아 잘못된 라운드키 값이 분석되었으며, 따라서 제안된 마스킹 방법이 CPA 공격에 강인함을 확인하였다.

Lightweight Encryption Algorithm (LEA) that was standardized as a lightweight block cipher was implemented with 8-bit data path, and the vulnerability of LEA encryption processor to correlation power analysis (CPA) attack was analyzed. The CPA used in this paper detects correct round keys by analyzing correlation coefficient between the Hamming distance of the computed data by applying hypothesized keys and the power dissipated in LEA crypto-processor. As a result of CPA attack, correct round keys were detected, which have maximum correlation coefficients of 0.6937, 0.5507, and this experimental result shows that block cipher LEA is vulnerable to power analysis attacks. A masking method based on TRNG was proposed as a countermeasure to CPA attack. By applying masking method that adds random values obtained from TRNG to the intermediate data of encryption, incorrect round keys having maximum correlation coefficients of 0.1293, 0.1190 were analyzed. It means that the proposed masking method is an effective countermeasure to CPA attack.

키워드

참고문헌

  1. J. Ambareen, P. G. Shah and M. Prabhakar, "A Survey of Security in Internet of Things-Importance and Solutions," Indian Journal of Science and Technology, vol. 9, no. 45, pp. 1-7, Dec. 2016.
  2. IoT Information Security Roadmap, Ministry of Science, ICT and Future Planning, Oct. 2014.
  3. M. J. Sung and. K. W. Shin, "An Efficient Hardware Implementation of Lightweight Block Cipher LEA-128/ 192/ 256 for IoT Security Applications," Journal of the Korea Institute of Information and Communication Engineering, vol. 19, no. 7, pp. 1608-1616, Jul. 2015. https://doi.org/10.6109/jkiice.2015.19.7.1608
  4. TTAK.KO-12.0223, 128-bit Block Cipher LEA, Telecommunications Technology Association (TTA), 2013.
  5. W. L. Cho, K. B. Kim and K. W. Shin, "A Hardware Design of Ultra-Lightweight Block Cipher Algorithm PRESENT for IoT Applications," Journal of the Korea Institute of Information and Communication Engineering, vol. 20, no. 7, pp. 1296-1302 Jul. 2016. https://doi.org/10.6109/jkiice.2016.20.7.1296
  6. H. A. Selma and H. M'hamed, "Elliptic curve cryptographic processor design using FPGAs," Proceedings of the IEEE 2015 International Conference on Control, Engineering & Information Technology (CEIT), Univ. of Tlemcen Tlemcen, Algeria, pp. 1-6, 2015.
  7. P. Kocher, "Timing attacks on implementations of Diffie- Hellmann," Proceedings of the 16th Annual International Cryptology Conference (CRYTO'96), Santa Barbara, California, USA, pp. 104-113, 1996.
  8. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," Proceedings of the 19th Annual International Cryptology Conference (CRYPTO'99), Santa Barbara, California, USA, pp. 388-397, 1999.
  9. K. Gandolfi, C. Mourtel, and F. Olivier, "Electromagnetic analysis: Concrete results," Proceedings of the Cryptographic Hardware and Embedded Systems (CHES 2001), Paris, France, pp. 251- 261, 2001.
  10. E. Biham, A. Shamir, "Differential fault analysis of secret key cryptosystems," Proceedings of the 17th Annual International Cryptology Conference (CRYPTO'97), Santa Barbara, California, pp. 513-525, 1997.
  11. M. Masoumi, P. Habibi and M. Jadidi, "Efficient Implementation of Masked AES on Side-Channel Attack Standard Evaluation Board," Proceedings of the International Conference on Information Society (i-Society 2015), London, England, pp. 151-156, 2015.
  12. J. Choi and Y. Kim, "An improved LEA block encryption algorithm to prevent side-channel attack in the IoT system," Proceedings of the 2016 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA), Jeju, Korea, pp. 1-4, 2016.
  13. X. Duan, Q. Cui, S. Wang, H. Fang and G. She, "Differential Power Analysis Attack and Efficient Countermeasures on PRESENT," Proceedings of the 2016 8th IEEE International Conference on Communication Software and Networks, Beijing, China, pp. 8-12, 2016.
  14. E. Brier, C. Clavier, and F. Oliver, "Correlation Power Analysis with a Leakage Model", Proceedings of the Cryptographic Hardware and Embedded Systems (CHES 2004), MA, USA, pp. 16-29, 2004.
  15. B. Sunar, W. J. Martin and D. R. Stinson, "A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks," IEEE Transactions on Computers, vol. 56, no. 1, pp. 109-119, Jan. 2007. https://doi.org/10.1109/TC.2007.250627
  16. FIPS PUB 140-2, security requirements for cryptographic modules, National Institute of Standard and Technology (NIST), 2001.