• Review of KIISC
• /
• v.31 no.1
• /
• pp.51-56
• /
• 2021

암호화 알고리즘은 수학적 안전성 확보가 중요하기 때문에 이론적인 측면에서의 정보 유출은 불가능에 가깝도록 설계된다. 하지만 암호화 알고리즘을 수행하는 컴퓨터 상에서 발생하는 부가적인 정보를 수집 및 분석하게 될 경우 안전한 암호화 알고리즘을 사용한 경우라 할지라도 비밀 정보가 쉽게 유출될 수 있는 가능성을 가지고 있다. 많은 부가적인 정보 중에서도 보다 직관적인 정보에 해당하는 시간 정보는 암호화 해킹 분야에서 많이 활용되고 있다. 본 고에서는 시간 정보를 활용한 부채널 공격기법에 대해 확인해 보며 이를 방어하기 위한 일정시간 암호화 구현 기법 동향에 대해 확인해 보도록 한다.

• Review of KIISC
• /
• v.30 no.6
• /
• pp.57-66
• /
• 2020

세계적으로 저명한 학회인 Cryptogrpahic Hardware and Embedded Systems(CHES)에서는 매년 부채널 공격, 암호 S/W, H/W 구현을 포함하는 정보 보안 분야에서의 화제가 되는 분야를 연구하고 공유한다. CHES 2020의 경우 부채널 공격, 양자 내성 암호, 머신 러닝과 같이 최근에 제시되어 활발하게 연구가 진행되고 있는 주제뿐만 아니라 역공학, 하드웨어 구현, 타원 곡선 암호, 화이트 박스 등의 다양한 결과들이 발표되었다. 본 논문에서는 CHES 2020을 통해 암호화 소프트웨어/하드웨어 및 임베디드 시스템에서의 보안 기술 개발 및 연구 동향을 살펴보며, 이에 따른 향후 연구 전망을 제시한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1271-1278
• /
• 2020

Deep learning-based profiling side-channel analysis is a powerful analysis method that utilizes the neural network to profile the relationship between the side-channel information and the intermediate value. Since the neural network interprets each point of the signal in a different dimension, jitter makes it much hard that the neural network with dimension-wise weights learns the relationship. This paper shows that replacing the fully-connected layer of the traditional CNN (Convolutional Neural Network) with global average pooling (GAP) allows us to design the inherently robust neural network inherently for jitter. We experimented with the ChipWhisperer-Lite board to demonstrate the proposed method: as a result, the validation accuracy of the CNN with a fully-connected layer was only up to 1.4%; contrastively, the validation accuracy of the CNN with GAP was very high at up to 41.7%.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.4
• /
• pp.607-615
• /
• 2022

The SITM (See-In-The-Middle) proposed in CHES 2020 is a methodology for side-channel assisted differential cryptanalysis. This technique analyzes the power traces of unmasked middle rounds in partial masked SPN block cipher implementation, and performs differential analysis with the side channel information. Blockcipher GIFT is a lightweight blockcipher proposed in CHES 2017, designed to correct the well-known weaknesses of block cipher PRESENT and provide the efficient implementation. In this paper, we propose SITM attacks on partial masked implementation of GIFT-128. This attack targets 4-round and 6-round masked implementation of GIFT-128 and time/data complexity is 2^14.01 /2^14.01, 2¹⁶ /2¹⁶. In this paper, we compare the masterkey recovery logic available in SITM attacks, establishing a criterion for selecting more efficient logic depending on the situation. Finally, We introduce how to apply the this attack to GIFT-COFB, one of the finalist candidates in NIST lightweight cryptography standardization process.

• The Journal of Korean Institute of Electromagnetic Engineering and Science
• /
• v.12 no.3
• /
• pp.391-400
• /
• 2001

In this paper, the performance of a multicarrier CDMA system applying M-ary orthogonal signaling and adaptive subchannel allocation scheme is analyzed for forward links in Rayleigh fading channel. Also, the effect of error caused by subchannel allocation is analyzed. In the proposed system, each DS waveform is transmitted over the subchannel having the biggest fading among L subchannels. Considering M-ary orthogonal signaling and 4 subchannels, the BER of $10^{-3}$ is satisfied if SNRs are 7.33 dB, 5.33 dB, and 4.47 dB for k = 1, 2, and 3, respectively. Therefore, SNR is decreased as k is increased. If the error of subchannels exists, the BER of $10^{-3}$ is met if SNR is 8.18 dB in the absence of M-ary orthogonal signaling. So, a required SNR is declined about 0.85 dB. Adding the M-ary orthogonal signaling with k = 4, it is observed that the multicarrier CDMA system has performance improvement because a required SNR is 5.44 dB.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.253-260
• /
• 2015

The side-channel attack is widely known as an attack on implementations of cryptographic algorithms using additional side-channel information such as power traces, electromagnetic waves and sounds. As a countermeasure of side channel attack, the masking method is usually used, however full-round masking makes the efficiency of ciphers dramatically decreased. In order to avoid such a loss of efficiency, one can use reduced-round masking. In this paper, we describe a side channel attack on the lightweight block cipher LEA with the first one~six rounds masked. Our attack is based on differentials and power traces which provide knowledge of Hamming weight for the intermediate data computed during the enciphering of plaintexts. According to our experimental result, it is possible to recover 25 bits of the first round key in LEA-128.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1255-1261
• /
• 2020

Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared cache resources in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud systems recently, many detection strategies have been proposed. Since the conventional cache side-channel attacks are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor mostly cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, attack detection mechanisms based on cache events may hardly detect the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.985-991
• /
• 2015

The user's secret key can be retrieved by various side channel leakage informations occurred during the execution of cryptographic RSA exponentiation algorithm which is embedded on a security device. The collision-based power analysis attack known as a serious side channel threat can be accomplished by finding some collision pairs on a RSA power consumption trace. Recently, an RSA exponentiation algorithm was proposed as a countermeasure which is based on the window method adopted combination of message blinding and exponent splitting. In this paper, we show that this countermeasure provides approximately $2^{53}$ attack complexity, much lower than $2^{98}$ insisted in the original article, when the window size is two.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1461-1470
• /
• 2016

In side channel analysis, signal processing techniques can be used as preprocessing to enhance the efficiency and performance of analysis by reducing the noise or compressing the dimension. As signal processing techiniques using singular value decomposition can increase the information of main signal and reduce the noise by using the variance and tendency of signal, it is a great help to improve the performance of analysis. Typical techniques of that are PCA(Principal Component Analysis), LDA(Linear Discriminant Analysis) and SSA(Singular Spectrum Analysis). PCA and LDA can compress the dimension with increasing the information of main signal, and SSA reduces the noise by decomposing the signal into main siganl and noise. When applying each one or combination of these techniques, it is necessary to compare the performance. Therefore, it needs to suggest methodology of that. In this paper, we compare the performance of the three technique and propose using Sinal-to-Noise Ratio(SNR) as the methodology. Through the proposed methodology and various experiments, we confirm the performance and efficiency of each technique. This will provide useful information to many researchers in the field of side channel analysis.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.3
• /
• pp.363-374
• /
• 2023

A white-box environment refers to a situation where the internal information of an algorithm is disclosed. The AES white-box encryption was first announced in 2002, and in 2016, a side-channel analysis for white-box encryption called Differential Computation Analysis (DCA) was proposed. DCA analysis is a powerful side-channel attack technique that uses the memory information of white-box encryption as side-channel information to find the key. Although various countermeasure studies against DCA have been published domestically and internationally, there were no evaluated or analyzed results from experiments applying the hiding technique using dummy operations to DCA analysis. Therefore, in this paper, we insert LU T-shaped dummy operations into the WBC-AES algorithm proposed by S. Chow in 2002 and quantitatively evaluate the degree of change in DCA analysis response depending on the size of the dummy. Compared to the DCA analysis proposed in 2016, which recovers a total of 16 bytes of the key, the countermeasure proposed in this paper was unable to recover up to 11 bytes of the key as the size of the dummy decreased, resulting in a maximum decrease in attack performance of about 68.8%, which is about 31.2% lower than the existing attack performance. The countermeasure proposed in this paper confirms that the attack performance significantly decreases as smaller dummy sizes are inserted and can be applied in various fields.