• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.371-381
• /
• 2013

An encryption algorithm is executed to supply data confidentiality using a secret key which is embedded in a crypto device. However, the fault injection attack has been developed to extract the secret key by injecting errors during the encryption processes. Especially, an attacker can find the secret key of block cipher ARIA using about 33 faulty outputs. In this paper, we proposed a countermeasure resistant to the these fault injection attacks by checking the difference value between input and output informations. Using computer simulation, we also verified that the proposed countermeasure has excellent fault detection rate and negligible computational overhead.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.3
• /
• pp.551-561
• /
• 2018

As the computational technology using quantum computing has been developed, several threats on cryptographic systems are recently increasing. Therefore, many researches on post-quantum cryptosystems which can withstand the analysis attacks using quantum computers are actively underway. Nevertheless, the lattice-based NTRU system, one of the post-quantum cryptosystems, is pointed out that it may be vulnerable to the fault injection attack which uses the weakness of implementation of NTRU. In this paper, we investigate the fault injection attacks and their previous countermeasures on the NTRU signature system and propose a secure and efficient countermeasure to defeat it. As a simulation result, the proposed countermeasure has high fault detection ratio and low implementation costs.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1009-1017
• /
• 2012

The fault injection attack has been developed to extract the secret key which is embedded in a crypto module by injecting errors during the encryption process. Especially, an attacker can find master key of AES using injection of just one byte. In this paper, we proposed a countermeasure resistant to the these fault attacks by checking the differences between input and output. Using computer simulation, we also verified that the proposed AES implementation resistant to fault attack shows better fault detection ratio than previous other methods and has small computational overheads.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.5
• /
• pp.859-865
• /
• 2013

Esmbedded devices such as smart cards and electronic passports highly demand security of sensitive data. So, the secure implementation of the cryptographic system against various side-channel attacks are becoming more important. In particular, the fault injection attack is one of the threats to the cryptosystem and can destroy the whole system only with single pair of the plain and cipher texts. Therefore, the implementors must consider seriously the attack. Several techniques for preventing fault injection attacks were introduced to a variety of the cryptosystem, But the countermeasures are still inefficient to be applied to the classical RSA cryptosystem. This paper introduces an efficient countermeasure against the fault injection attack for the classical RSA cryptosystem, which is based on the famous Fermat's theorem. The proposed countermeasure has the advantage that it has less computational overhead, compared with the previous countermeasures.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.585-591
• /
• 2013

Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

• ETRI Journal
• /
• v.36 no.3
• /
• pp.469-478
• /
• 2014

RSA signature algorithms using the Chinese remainder theorem (CRT-RSA) are approximately four-times faster than straightforward implementations of an RSA cryptosystem. However, the CRT-RSA is known to be vulnerable to fault attacks; even one execution of the algorithm is sufficient to reveal the secret keys. Over the past few years, several countermeasures against CRT-RSA fault attacks have tended to involve additional exponentiations or inversions, and in most cases, they are also vulnerable to new variants of fault attacks. In this paper, we review how Shamir's countermeasure can be broken by fault attacks and improve the countermeasure to prevent future fault attacks, with the added benefit of low additional costs. In our experiment, we use the side-channel analysis resistance framework system, a fault injection testing and verification system, which enables us to inject a fault into the right position, even to within $1{\mu}s$. We also explain how to find the exact timing of the target operation using an Atmega128 software board.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.8
• /
• pp.3045-3052
• /
• 2010

The international standard signature algorithm DSA has been guaranteed its security based on discrete logarithm problem. Recently, the DSA was known to be vulnerable to some fault analysis attacks in which the secret key stored inside of the device can be extracted by occurring some faults when the device performs signature algorithm. After analyzing an existing fault attack presented by Bao et al., this paper proposed a new fault analysis attack by disturbing the random number. Furthermore, we presented a countermeasure to compute DSA signature that has its immunity in the two types of fault attacks. The security and efficiency of the proposed countermeasure were verified by computer simulations.