• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1263-1270
• /
• 2020

The differential fault attacks (DFA) are cryptoanalysis methods that reveal the secret key utilizing differences between the normal and faulty ciphertexts, which occurred when artificial faults are injected into an encryption device. The conventional DFA methods use faults to falsify intermediate values. Meanwhile, we propose the novel DFA method that uses a fault to skip a function. The proposed method has a very low attack complexity that reveals the secret key using one fault injected ciphertext within seconds. Also, we proposed a method that filters out ciphertexts where the injected faults did not occur the function-skipping. It makes our method realistic. To demonstrate the proposed method, we performed fault injection on the Riscure's Piñata board. As a result, the proposed method can filter out and reveal the secret key within seconds on a real device.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.3
• /
• pp.439-445
• /
• 2012

Since an attacker can extract secret key of cryptographic device by occurring an error during encryption operation, the fault injection attack have become a serious threat in cryptographic system. In this paper, we show that an attacker can retrieve the 128-bits secret key in AES implementation adopted iterative statement for round operations using fault injection attack. To verify the feasibility of our attack, we implement the AES algorithm on ATmega128 microcontroller and try to inject a fault using laser beam. As a result, we can extract 128-bits secret key by obtaining just two pairs of correct and faulty ciphertexts.

• The Journal of The Korea Institute of Intelligent Transport Systems
• /
• v.18 no.2
• /
• pp.129-143
• /
• 2019

As the importance of autonomous vehicle safety is emphasized, the application of ISO-26262, a development verification guideline for improving safety and reliability, and the safety verification of autonomous vehicles are becoming increasingly important, in particular, SAE standard level 3 or higher level autonomous vehicles detect and decision the surrounding environment instead of the human driver. Therefore, if there is and failure or malfunction in the autonomous driving function, safety may be seriously affected. So autonomous vehicles, it is essential to apply and verity the safety concept against failure and malfunctions. In this study, we study the fault injection scenarios for safety evaluation and verification of autonomous vehicles using ISO-26262 part3 process and STPA were studied and safety measures for safety concept design were studied through simulation bases fault injection test.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.9
• /
• pp.419-428
• /
• 2017

In an embedded system, modules exchange data by interacting among themselves. Exchanging erroneous resource data among modules may lead to execution errors. The interacting resources produce dependencies between the two modules where any change of the resources by one module affects the functionality of another module. Several investigations of the embedded systems show that interaction faults between the modules are one of the major cause of critical software failure. Therefore, interaction testing is an essential phase for reducing the interaction faults and minimizing the risk. The direct and indirect interactions between the modules generate interaction faults. The direct interaction is the explicit call relation between the modules, and the indirect interaction is the remaining relation that is made underneath the interface that possesses data dependence relationship with resources. In this paper, we investigate the errors that are based on the indirect interaction between modules and introduce a new test criterion for identifying the errors that are undetectable by existing approaches at the integration level. We propose a novel approach for generating the interaction model using the indirect interaction pattern and design test criteria that are based on different interaction errors to generate test cases. Finally, we use the fault injection technique to evaluate the feasibility and effectiveness of our approach.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.934-937
• /
• 2011

RSA는 인수분해의 어려움에 기반한 공개키 암호 시스템으로, 여러 분야에서 사용되고 있지만 연산속도가 느리다는 단점이 있다. 이를 개선하기 위해 RSA-CRT 기법이 제안되었다. 법의 크기를 줄여 연산 속도가 빠르다는 장점이 있는 반면 오류주입공격에 취약하다는 단점이 있다. 이를 보완 하기 위한 여러 기법들이 제안되었다. 하지만 제안된 기법들은 연산과정이 상대적으로 복잡하고 부가적인 연산에 따른 부담이 생겼다. 본 논문에서는 RSA-CRT 를 구현하여 사용되는 인자들의 크기에 따른 연산시간을 정량적으로 비교하고, 가상적으로 각 인자에 오류주입공격을 취해봄으로써 소수 추출에 약한 부분을 찾고 향후 연구 방향을 모색한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.585-591
• /
• 2013

Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.59-68
• /
• 2006

Although the cryptographic algorithms in IC chip such as smart card are secure against mathematical analysis attack, they are susceptible to side channel attacks in real implementation. In this paper, we analyze the security of smart card using a developed experimental tool which can perform power analysis attacks and fault insertion attacks. As a result, raw smart card implemented SEED and ARIA without any countermeasure is vulnerable against differential power analysis(DPA) attack. However, in fault attack about voltage and clock on RSA with CRT, the card is secure due to its physical countermeasures.

• Journal of Advanced Navigation Technology
• /
• v.16 no.3
• /
• pp.510-517
• /
• 2012

Piccolo-80 is a 64-bit ultra-light block cipher suitable for the constrained environments such as wireless sensor network environments. In this paper, we propose a differential fault analysis on Piccolo-80. Based on a random byte fault model, our attack can the secret key of Piccolo-80 by using the exhaustive search of $2^{24}$ and six random byte fault injections on average. It can be simulated on a general PC within a few seconds. This result is the first known side-channel attack result on Piccolo-80.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.7
• /
• pp.311-316
• /
• 2013

256-bit block cipher XSB(eXtended Spn Block cipher) was proposed in 2012 and has a symmetric strucrure in encryption and decryption process. In this paper, we propose a differential fault analysis on XSB. Based on a random byte fault model, our attack can recover the secret key of XSB by using only two random byte fault injection. This result is the first known cryptanalytic result on the target algorithm.

• Information and Communications Magazine
• /
• v.32 no.6
• /
• pp.30-38
• /
• 2015

오류정정부호는 정보를 부호화하여 데이터 전송 과정에서 발생하는 에러를 감소시킴으로써 통신 신뢰성을 향상시킨다. 이에 따라 에러를 효율적으로 검출 및 정정할 수 있는 부호(code)가 필수적이다. 반면 암호에서는 중요한 정보를 은닉하기 위한 목적으로 비밀정보에 인위적으로 오류를 주입한다. 따라서 기밀성을 유지하기 위해서는 위와는 반대로 오류정정이 어려운 부호를 필요로 한다. 본고에서는 오류정정의 어려움으로 메시지의 비밀성은 유지되고, 덧문(trapdoor)을 가지고 있어 비밀정보가 있을 때는 메시지가 복구되는 암호학적 응용이 가능한 랜덤선형부호의 복호화 문제와 그의 응용에 대해 살펴보고자 한다. 이 문제는 암호학에서 LPN/LWE 문제로 불리며, 최근 LPN문제의 일반화된 문제인 LWE문제가 Regev에 의해 소개되면서 동형암호, 기능암호 등에 광범위하게 응용되고 있다.