• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.33-41
• /
• 2010

Many experimental results shows that RSA-CRT algorithm can be broken by fault analysis attacks. We analyzed the previous fault attacks and their countermeasures on RSA-CRT algorithm and found an weakness of the countermeasure proposed by Abid and Wang. Based on these analyses, we propose a new countermeasure which uses both double exponentiation and fault infective computation method. The proposed method efficiently computes a fault verification information using double exponentiation. And, it is designed to resist simple power analysis attack and (N-1) attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.585-591
• /
• 2013

Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.6
• /
• pp.63-70
• /
• 2009

Many research results show that RSA system mounted using conventional binary exponentiation algorithm is vulnerable to some physical attacks. Recently, Schmidt and Hurbst demonstrated experimentally that an attacker can exploit secret key using faulty signatures which are obtained by skipping the squaring operations. Based on similar assumption of Schmidt and Hurbst's fault attack, we proposed new fault analysis attacks which can be made by skipping the multiplication operations or computations in looping control statement. Furthermore, we applied our attack to Montgomery ladder exponentiation algorithm which was proposed to defeat simple power attack. As a result, our fault attack can extract secret key used in Montgomery ladder exponentiation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.11-25
• /
• 2011

The Miller algorithm is employed in the typical pairing computation such as Weil, Tate and Ate for implementing ID based cryptosystem. By analyzing the Mrabet's attack that is one of fault attacks against the Miller algorithm, this paper presents au efficient fault attack in Affine coordinate system, it is the most basic coordinates for construction of elliptic curve. The proposed attack is the effective model of a count check fault attack, it is verified to work well by practical fault injection experiments and can omit the probabilistic analysis that is required in the previous counter fault model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.3-10
• /
• 2012

In this paper, we propose a fault injection attack on stream cipher A5/3 used in GSM. The fault assumption of this attack is based on that of fault injection attacks proposed in FDTC'05 and CISC-W'10. This attack is applicable to A5/3 supporting 64/128-bit session key, respectively, and can recover the session key by using a small number of fault injections. These works are the first known key recovery attack results on A5/3.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1009-1017
• /
• 2012

The fault injection attack has been developed to extract the secret key which is embedded in a crypto module by injecting errors during the encryption process. Especially, an attacker can find master key of AES using injection of just one byte. In this paper, we proposed a countermeasure resistant to the these fault attacks by checking the differences between input and output. Using computer simulation, we also verified that the proposed AES implementation resistant to fault attack shows better fault detection ratio than previous other methods and has small computational overheads.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.965-973
• /
• 2022

As IoT(Internet of Things) devices become common, many algorithms have been developed to protect users' personal information. The laser fault injection attack that threatens those algorithms is a side-channel analysis that intentionally injects a laser beam to the outside of a device to acquire confidential information or abnormal privileges of the system. There are many studies to determine the timing of fault injection to reduce the number of necessary fault injections, but the location to inject faults is only repeatedly searched for the entire area of the device. However, when fault injection is performed in an algorithm-independent area, the attacker cannot obtain the intended faulted statement or attempt to bypass authentication, so finding areas vulnerable to fault injection and performing an attack is an important consideration in achieving a high attack success rate. In this paper, we show that a 100% attack success rate can be achieved by determining the vulnerable areas for fault injection by using electromagnetic and thermal information generated from the device's chip. Based on this, we propose an efficient fault injection attack system.

• Journal of Advanced Navigation Technology
• /
• v.16 no.2
• /
• pp.211-218
• /
• 2012

In this paper, we propose a fault injection attack on AES-CMAC, which is defined by IETF. The fault assumption used in this attack is based on that introduced at FDTC'05. This attack can recover the 128-bit secret key of AES-CMAC by using only small number of fault injections. This result is the first known key recovery attack result on AES-CMAC.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.91-100
• /
• 2011

The Triple Data Encryption Algorithm (Triple DES) is an international standard of block cipher, which composed of two encryption processes and one decryption process of DES to increase security level. In this paper, we proposed a Differential Fault Analysis (DFA) attack to retrieve secret keys using reduction of last round execution for each DES process in the Triple DES by fault injections. From the simulation result for the proposed attack method, we could extract three 56-bit secret keys using exhaustive search attack for $2^{24}$ candidate keys which are refined from about 9 faulty-correct cipher text pairs. Using laser fault injection experiment, we also verified that the proposed DFA attack could be applied to a pure microprocessor ATmega 128 chip in which the Triple DES algorithm was implemented.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.51-59
• /
• 2009

The CRT-RSA cryptosystem is very vulnerable to fault insertion attacks in which an attacker can extract the secret prime factors p, q of modulus N by inserting an error during the computational operation on the cryptographic chip. In this paper, after implementing the CRT-RSA cryptosystem, we try to extract the secret key embedded in commercial microcontroller using optical injection tools such as laser beam or camera flash. As a result, we make sure that the commercial microcontroller is very vulnerable to fault insertion attacks using laser beam and camera flash, and can apply the prime factorization attack on CRT-RSA Cryptosystem.