• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.848-850
• /
• 2011

모바일 환경의 발전 따라 어플리케이션의 수요 증가로 데이터 보안의 관심도가 높아지고 있다. 본 논문에서는 모바일 환경에서 시나리오에 따른 암호 알고리즘을 비교 분석하였다. 시나리오는 단말저장형 데이터, 단방향전송형 데이터, 실시간전송형 데이터로 정의하고 각각의 시나리오에 적합한 암호알고리즘을 분석하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.167-174
• /
• 2009

Recently, Li et al. proposed a new differential fault analysis(DFA) attack on the block cipher ARIA using about 45 ciphertexts. In this paper, we apply their DFA skill on AES and improve attack method and its analysis. The basic idea of our DFA method is that we recover intermediate ciphertexts in last round using final faulty ciphertexts and find out last round secret key. In addition, we present detail DFA procedure on AES and analysis of complexity. Furthermore computer simulation result shows that we can recover its 128-bit secret key by introducing a correct ciphertext and 2 faulty ciphertexts.

• Review of KIISC
• /
• v.5 no.1
• /
• pp.25-46
• /
• 1995

소프트웨어 개발에서, 사용자 요구 사항을 잘 표현하면 할수록 시스템은 오류가 적고, 사용자가 요구하는 시스템으로 만들어지며, 시스템 검증이 쉬워지는 것 같이, 정형적 사양(formal specification)은 시스템 개발 전반에 영향을 준다. 이 정형적 사양은 암호 프로토콜이 완전(completeness)하고 안전(soundness)한가를 검증하는 데에도 유용하게 사용될 수 있다. 암호 프로토콜을 사양하고 분석하는 방법은 크게 대수적, 논리적, 상태 변환적 접근 방법등과 통신 프로토콜의 검증에 쓰는 패트리넷을 이용한 방법등이 있다. 이들 방법중에는 프로그램으로 구현되어 자동 검증 tool로 개발된 사례도 있다. 본 고에서는 암호 프로토콜을 위한 사양 기법과 그에 따른 분석 기법을 알아보고 그것들을 비교, 분석하였다.

• Journal of Korea Society of Industrial Information Systems
• /
• v.7 no.4
• /
• pp.1-8
• /
• 2002

Attacks have been proposed that use side information as timing measurements, power consumption, electromagnetic emissions and faulty hardware. Elimination side-channel information of prevention it from being used to attack a secure system is an active ares of research. In this paper, differential power analysis techniques used to attack DES are compared and analyzed finally, we propose a software prevention idea of DPA attack for DES-like ciphers.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06c
• /
• pp.266-268
• /
• 2012

부채널 분석 공격은 하드웨어 또는 소프트웨어로 구성된 암호모듈이 동작 시에 발생되는 전력 또는 전자파 등의 부가 정보들을 수집하고 통계적으로 처리하여 해당 암호모듈의 키를 찾아내는 공격방법이다. 부채널 분석 공격을 막기 위해 암호모듈 개발자들은 부채널 분석 공격에 안전한지 미리 점검하고 시험할 수 있는 시스템이 필요하며, 부채널 안전성 평가 기관에서는 해당 암호모듈이 안전한지 평가하기 위한 시스템이 필요하다. 본 논문에서는 부채널 안전성 평가 및 시험을 하기 위해 개발한 부채널 안전성 검증 시스템인 SCARF를 소개한다.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.21 no.7
• /
• pp.1276-1284
• /
• 2017

Lightweight Encryption Algorithm (LEA) that was standardized as a lightweight block cipher was implemented with 8-bit data path, and the vulnerability of LEA encryption processor to correlation power analysis (CPA) attack was analyzed. The CPA used in this paper detects correct round keys by analyzing correlation coefficient between the Hamming distance of the computed data by applying hypothesized keys and the power dissipated in LEA crypto-processor. As a result of CPA attack, correct round keys were detected, which have maximum correlation coefficients of 0.6937, 0.5507, and this experimental result shows that block cipher LEA is vulnerable to power analysis attacks. A masking method based on TRNG was proposed as a countermeasure to CPA attack. By applying masking method that adds random values obtained from TRNG to the intermediate data of encryption, incorrect round keys having maximum correlation coefficients of 0.1293, 0.1190 were analyzed. It means that the proposed masking method is an effective countermeasure to CPA attack.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.13 no.4
• /
• pp.675-683
• /
• 2009

RC6 which has different algorithm of encryption and decryption has been proposed to have the same algorithm between encryption and decryption through inserting symmetry layer using simple rotate and logical operation. That means the half of whole RC6 round uses encryption algorithm and the rest of it uses decryption one and symmetry layer has been put into the middle of encryption and decryption. The proposed RC6 algorithm has no difference with the original one in the speed of process. However it is quite safe because by inserting symmetry layer the path of high probability which is needed for differential and linear analysis is cut off so that it is hard to be analyzed. The proposed symmetry layer algorithm can be easily applied to the algorithm which has different encryption and decryption and make it same, and it can be good idea to be used to design a new block cipher algorithm.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2008.10a
• /
• pp.247-250
• /
• 2008

RC6 which has different algorithm of encryption and decryption has been implemented to have the same algorithm between encryption' and decryption though inserting symmetry layer using simple rotate and logical operation. That means the half of whole RC6 round uses encryption algorithm and the rest of it uses decryption one and symmetry layer has been put into the middle of encryption and decryption. The proposed RC6 algorithm has no difference with the original one in the speed of process. However it is quite safe because by inserting symmetry layer the path of high probability which is needed for differential and linear analysis is cut oft so that it is hard to be analyzed. The proposed algorithm can be easily applied to the algorithm which has different encryption and decryption an make it same, and it can be good idea to be used to design a new block cipher algorithm.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.1
• /
• pp.143-152
• /
• 2012

In this paper hardware implementation of GF($2^{191}$) elliptic curve cryptographic coprocessor which supports 7 operations such as scalar multiplication(kP), Menezes-Vanstone(MV) elliptic curve cipher/decipher algorithms, point addition(P+Q), point doubling(2P), finite-field multiplication/division is described. To meet structure resistant against simple power analysis, the ECC processor adopts the Montgomery scalar multiplication scheme which main loop operation consists of the key-independent operations. It has operational characteristics that arithmetic units, such GF_ALU, GF_MUL, and GF_DIV, which have 1, (m/8), and (m-1) fixed operation cycles in GF($2^m$), respectively, can be executed in parallel. The processor has about 68,000 gates and its simulated worst case delay time is about 7.8 ns under 0.35um CMOS technology. Because it has about 320 kbps cipher and 640 kbps rate and supports 7 finite-field operations, it can be efficiently applied to the various cryptographic and communication applications.

• Journal of Korea Multimedia Society
• /
• v.11 no.8
• /
• pp.1111-1120
• /
• 2008

Cellular automata(CA) is often applied to design cryptosystems because it has good diffusion and local interaction effects. Recently, a 128-bit CA-based block cipher, called CAB1, and a 64-bit reversible CA-based block cipher, called CAB2, were proposed in KMMS'02 and CEC'04, respectively. In this paper, we introduce cryptanalytic results on CAB1 and CAB2. Firstly, we propose a differential attack on CAB1, which requires $2^{31.41}$ chosen plaintexts with about $2^{13.41}$ encryptions. Secondly, we show that CAB2 has a security of 184 bits using the statistical weakness. Note that the designers of CAB2 insist that it has a security of 224 bits. These are the first known cryptanalytic results on them.