• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.25-29
• /
• 2020

The elliptic curve crypto-algorithm is widely used in authentication for IoT environment, since it has small key size and low communication overhead compare to the RSA public key algorithm. If the scalar multiplication, a core operation of the elliptic curve crypto-algorithm, is not implemented securely, attackers can find the secret key to use simple power analysis or differential power analysis. In this paper, an elliptic curve scalar multiplication algorithm using a randomized scalar and an elliptic curve point blinding is suggested. It is resistant to power analysis but does not significantly reduce efficiency. Given a random r and an elliptic curve random point R, the elliptic scalar multiplication kP = u(P+R)-vR is calculated by using the regular variant Shamir's double ladder algorithm, where l+20-bit u≡rn+k(modn) and v≡rn-k(modn) using 2^lP=∓cP for the case of the order n=2^l±c.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.961-970
• /
• 2017

The differential power analysis calculates the intermediate value related to sensitive information and substitute into the power model to obtain (hypothesized) power consumption. After analyzing the calculated power consumption and measuring power consumption, the secret information value can be obtained. Hamming weight and hamming distance models are most commonly used power consumption model, and the power consumption model is obtained through the modeling technique. If the power consumption model assumed by the actual equipment differs from the power consumption of the actual equipment, the side channel analysis performance is declined. In this paper, we propose a method that records measured power consumption and exploits as power consumption model. The proposed method uses the power consumption at the time when the information (plain text, cipher text, etc.) available in the encryption process. The proposed method does not need template in advance and uses the power consumption measured by the actual equipment, so it accurately reflects the power consumption model of the equipment.. Simulation and experiments show that by using our proposed method, side channel analysis is improved on the existing power modeling method.

• Review of KIISC
• /
• v.30 no.1
• /
• pp.55-60
• /
• 2020

2018년 1월, Meltdown, Spectre와 같은 마이크로아키텍처의 취약점을 이용하는 부채널 공격이 등장하면서 전 세계적으로 부채널 공격에 관한 관심이 증가하였다. 또한, 소모 전력 분석, 전파 분석 등 전통적 부채널 공격과는 달리 캐시의 상태변화를 이용하는 공격인 캐시 부채널 공격이 Meltdown, Spectre에 이용되면서 이에 관한 다양한 연구가 진행되고 있다. 이러한 유형의 공격은 완벽하게 방어할 수 있는 대응 패치가 존재하지 않고 일부 공격에 대응할 수 있는 대응 패치도 모든 시스템에 적용할 수 없은 경우가 많으므로 완벽한 대응이 매우 힘든 실정이다. 특히 캐시 부채널 공격을 이용하여 SGX와 같은 TEE(Trusted Execution Environment)를 공격할 수 있다는 것이 드러나면서 TEE를 공격하기 위한 다양한 공격 도구로 이용되고 있다. 본 논문에서는 Meltdown과 Spectre 및 다양한 캐시 부채널 공격에 대한 동향을 살펴보고자 한다.

• Review of KIISC
• /
• v.30 no.1
• /
• pp.43-53
• /
• 2020

딥러닝 기술의 발달로 인해 다양한 응용 분야에서 해당 기술 활용 시 좋은 성능을 보임에 따라 부채널 분석 분야에서도 딥러닝 기술을 적용하는 연구들이 활발히 진행되고 있다. 초기 딥러닝 기술은 데이터 분류 문제를 해결해야 하는 템플릿 공격과 같은 프로파일링 기반의 부채널 공격에 집중되어 적용되었지만 최근에는 프로파일링 기반의 부채널 분석 뿐만 아니라 상관 전력 분석 등과 같은 논프로파일링 기반 부채널 공격, 파형 인코딩 및 전처리, 부채널 누출신호 탐색 등으로 연구범위가 확대되어지고 있다. 본 논문에서는 딥러닝을 이용한 부채널 분석 기술의 최신 연구 동향을 분야별로 체계적으로 정리 및 분석하고자 한다.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.70-71
• /
• 2016

General Power Analysis Attack has been investigated by high cost measurement tools and required long term computation process to estimate secrete key. In this paper, effective signal processing technique will be considered by using GNU Radio which can be used to be telecommunication system easily.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.43-51
• /
• 2009

In 1998, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic primitives even if these are executed inside tamper-resistant devices such as smart card. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods, randomizing the first few and last few($3{\sim}4$) rounds of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds, to protect iterated block ciphers such as DES against Differential Power Attack. Since then, Handschuh and Preneel have shown how to attack Akkar's masking method using Differential Cryptanalysis. This paper presents how to combine Truncated Differential Cryptanalysis and Power Attack to extract the secret key from intermediate unmasked values and shows how much more efficient our attacks are implemented than the Handschuh-Preneel method in term of reducing the number of required plaintexts, even if some errors of Hamming weights occur when they are measured.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2017.11a
• /
• pp.1318-1321
• /
• 2017

스마트 그리드는 노후화된 전력망에 정보통신 기술을 융합하여 지능화시킴으로써, 전력 사용을 가능한 효율적으로 만들기 위한 기술이다. 대표적인 융합 기술이기 때문에, 시스템의 보안 취약점이 많아질 수 밖에 없다. 이러한 이유로 보안 기술에 대한 관심이 많아지고 있으며, 개별 어플리케이션 도메인에서 발생할 수 있는 사이버 보안 실패 시나리오에 대한 분석이 활발히 이루어지고 있다. 본 논문에서는 어플리케이션 도메인내 실패 시나리오의 공격 트리를 분석하여 공통적으로 발생하는 있는 8개의 공격 모델에 대한 공격 트리를 정리하고 이를 도식화한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.739-747
• /
• 2015

Masking technique that is most widely known as countermeasure against power analysis attack prevents leakage for sensitive information during the implementations of cryptography algorithm. it have been studied extensively until now applied on block cipher algorithms. Masking countermeasure have been applied to international standard SEED algorithm. Masked SEED algorithm proposed by Cho et al, not only protects against first order power analysis attacks but also efficient by reducing the execution of Arithmetic to Boolean converting function. In this paper, we analyze the vulnerability of Cho's algorithm against first order power analysis attacks. We targeted additional pre-computation to improve the efficiency in order to recover the random mask value being exploited in first order power analysis attacks. We describe weakness by considering both theoretical and practical aspects and are expecting to apply on every device equipped with cho's algorithm using the proposed attack method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.1
• /
• pp.15-23
• /
• 2017

Template attack is a powerful side-channel analysis technique which can be performed by an attacker who has a test device that is identical to target device. Template attack is consisted of building template in profiling phase and matching the target device using template that were calculated in profiling phase. One methods to improve the success rate of template attack is to better estimate template which is consisted sample mean and sample covariance matrix of gaussian distribution in template profiling. However restriction of power trace in profiling phase led to poor template estimation. In this paper, we propose new method to select noisy power trace in profiling phase. By eliminating noisy power trace in profiling phase, we can construct more advanced mean and covariance matrix which relates to better performance in template attack. We proved that the proposed method is valid through experiments.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1099-1103
• /
• 2016

The user's secret key can be retrieved by the leakage informations of power consumption occurred during the execution of scalar multiplication for elliptic curve cryptographic algorithm which can be embedded on a security device. Recently, a carry random recoding method is proposed to prevent simple power and differential power analysis attack by recoding the secret key. In this paper, we show that this recoding method is still vulnerable to the differential power analysis attack due to the limitation of the size of carry bits, which is a different from the original claim.