• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.99-107
• /
• 2005

ARIA is a 128-bit block cipher having 128-bit, 192-bit, or 256-bit key length. The cipher is a substitution and permutation encryption network (SPN) and uses an involutional binary matrix. This structure was efficiently developed into light weight environments or hardware implementations. This paper shows that a careless implementation of an ARIA on smartcards is vulnerable to a differential power analysis attack This attack is realistic because we can measure power consumption signals at two kinds of S-boxes and two types of substitution layers. By using the two round key, we extracted the master key (MK).

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.221-223
• /
• 2014

Power analysis attack on cryptographic hardware device aims to study the power consumption while performing operations using secrets keys. Power analysis is a form of side channel attack which allow an attacker to compute the key encryption from algorithm using Simple Power Analysis (SPA), Differential Power Analysis (DPA) or Correlation Power Analysis (CPA). The theoretical weaknesses in algorithms or leaked informations from physical implementation of a cryptosystem are usually used to break the system. This paper describes how power analysis work and we provide an overview of countermeasures against power analysis attacks.

• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.4
• /
• pp.9-16
• /
• 2013

Long term evolution (LTE) and LTE-Advanced (LTE-A) systems adopt closed-loop multiple-input multiple-output antenna techniques. Equal gain transmission which has equal gain property is the key factor in their codebook design. In this paper, a novel differential codebook structure which maintains the codebook design requirements of LTE or LTE-A systems. Especially, eight-phase shift keying (8-PSK) constellations are used as elements of codewords, which not only maintain equal gain property but also reduce the computation complexity of precoding and decoding function blocks. The equal gain property is very important to uplink because the performance of uplink is very sensitive to the peak-to-average power ratio (PAPR). Moreover, the operation of the proposed differential codebook is explained as a rotation-lock structure. As the results of computer simulations, the steady-state throughput performance of the proposed codebook shows at least 0.9dB of SNR better than those of the conventional LTE codebook with the same amount of feedback information.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.141-147
• /
• 2006

부채널 정보를 이용한 공격이 제안된 이후, 스마트카드와 RFID와 같은 저 전력 정보보호 장치 내부의 암호 프로세서에서 소비되는 전력을 분석하여 암호 연산에 사용된 비밀 정보를 알아내는 공격 방법은 가장 위협적인 물리적 공격 방법으로 알려져 있다. 하지만 측정된 소비 전력 신호를 시간 영역에서 분석하는 기존의 분석 기법들은 암호 연산 시점이 시간 축 상에서 동일하여야 된다는 단점을 가지고 있다. 제안하는 주파수 분석 공격 방법은 공격이 적용되는 장치에서 측정된 시간 영역에서 정렬되지 않는 신호를 Fourier 변환을 하여 주파수 영역에서 분석함으로써 기존 전력 분석 공격이 시간 영역에서 정렬된 소비 전력 신호를 필요로 하는 문제점을 해결하였다. UC Berkeley에서 제작된 능동형 RFID 모듈에 국내 표준인 ARIA 알고리즘을 응용프로그램으로 탑재하여 기존 전력 분석 공격과 제안하는 주파수 분석 공격을 적용하여 결과를 분석 하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.261-270
• /
• 2015

In information security devices, such as Smart Cards, vulnerabilities of the RSA algorithm which is used to protect the data were found in the Side Channel Analysis. The RSA is especially vulnerable to Power Analysis which uses power consumption when the algorithm is working. Typically Power Analysis is divided into SPA(Simple Power Analysis) and DPA(Differential Power Analysis). On top of this, there is a CA(Collision Analysis) which is a very powerful attack. CA makes it possible to attack using a single waveform, even if the algorithm is designed to secure against SPA and DPA. So Message blinding, which applies the window method, was considered as a countermeasure. But, this method does not provide sufficient safety when the window size is small. Therefore, in this paper, we propose a new countermeasure that provides higher safety against CA. Our countermeasure is a combination of message and exponent blinding which is applied to the window method. In addition, through experiments, we have shown that our countermeasure provides approximately 124% higher attack complexity when the window size is small. Thus it can provide higher safety against CA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.807-816
• /
• 2022

See-In-The-Middle (SITM) is an analysis technique that uses Side-Channel information for differential cryptanalysis. This attack collects unmasked middle-round power traces when implementing block ciphers to select plaintext pairs that satisfy the attacker's differential pattern and utilize them for differential cryptanalysis to recover the key. Romulus, one of the final candidates for the NIST Lightweight Cryptography standardization competition, is based on Tweakable block cipher Skinny-128-384+. In this paper, the SITM attack is applied to Skinny-128-384 implemented with 14-round partial masking. This attack not only increased depth by one round, but also significantly reduced the time/data complexity to 2^14.93/2^14.93. Depth refers to the round position of the block cipher that collects the power trace, and it is possible to measure the appropriate number of masking rounds required when applying the masking technique to counter this attack. Furthermore, we extend the attack to Romulus's Nonce-based AE mode Romulus-N, and Tweakey's structural features show that it can attack with less complexity than Skinny-128-384.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.12a
• /
• pp.274-280
• /
• 2003

최근 부채널 공격으로 스마트카드 같은 장치의 비밀키를 알아낼 수 있음이 알려지면서 많은 알고리즘에 대한 부채널 공격과 대응 방안이 연구되고 있다. DPA는 부채널 공격의 일종으로 암호화 연산 중 발생하는 전력 소모 곡선을 통계적으로 분석하여 키를 알아내는 공격이다. 한편 SEED가 국내 표준 블록 암호 알고리즘으로 널리 사용되고 있으나 SEED에 대한 DPA 연구 결과는 발표된 바가 없는 것 같다. 본 논문에서는 SEED에 DPA를 적용할 수 있음을 보이고 대응방안 예를 제시한다.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.6A
• /
• pp.540-548
• /
• 2002

Attacks have been proposed that use side information as timing measurements, power consumption, electromagnetic emissions and faulty hardware. Elimination side-channel information or prevention it from being used to attack a secure system is an tractive ares of research. In this paper, differential power analysis techniques to attack the DES are experimented and analyzed. And we propose the prevention of DPA attack by software implementation technique.

• Review of KIISC
• /
• v.15 no.2
• /
• pp.54-62
• /
• 2005

기존의 신용카드 등이 최근에는 암호 기능을 갖춘 스마트카드로 대체되고 있다 그러나 스마트카드의 제한적인 연산기능으로 인하여 탑재되는 암호 알고리즘을 고속화하여 탑재해야 하는데, 이렇게 고속화된 암호 알고리즘은 사이드 채널 공격(Side Channel analysis)에 취약점을 갖는다. 암호 알고리즘의 동작 중에 시간차, 전자파, 전력 등 부가적으로 얻어지는 정보를 분석하는 사이드 채널 공격은 이론적으로 안전성이 증명된 알고리즘에서도 구현상의 문제로 인하여 공격이 가능하기 때문에 그 위험성이 매우 높다. 본 고에서는 2003년 신규 정보보호제품 평가대상으로 확대된 스마트 카드의 안전성 평가방안에 대하여 설명하고 스마트카드 상에서 공격 가능한 사이드 채널 공격을 타이밍 공격, 오류삽입 공격, 단순/차분 전력분석 공격으로 나누어 기술하고 이러한 공격에 대한 대응기법을 소개한다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.727-738
• /
• 2015

Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.