• Title/Summary/Keyword: Implementation Attack

Search Result 313, Processing Time 0.012 seconds

Power-based Side-Channel Analysis Against AES Implementations: Evaluation and Comparison

  • Benhadjyoussef, Noura;Karmani, Mouna;Machhout, Mohsen
    • International Journal of Computer Science & Network Security
    • /
    • v.21 no.4
    • /
    • pp.264-271
    • /
    • 2021
  • From an information security perspective, protecting sensitive data requires utilizing algorithms which resist theoretical attacks. However, treating an algorithm in a purely mathematical fashion or in other words abstracting away from its physical (hardware or software) implementation opens the door to various real-world security threats. In the modern age of electronics, cryptanalysis attempts to reveal secret information based on cryptosystem physical properties, rather than exploiting the theoretical weaknesses in the implemented cryptographic algorithm. The correlation power attack (CPA) is a Side-Channel Analysis attack used to reveal sensitive information based on the power leakages of a device. In this paper, we present a power Hacking technique to demonstrate how a power analysis can be exploited to reveal the secret information in AES crypto-core. In the proposed case study, we explain the main techniques that can break the security of the considered crypto-core by using CPA attack. Using two cryptographic devices, FPGA and 8051 microcontrollers, the experimental attack procedure shows that the AES hardware implementation has better resistance against power attack compared to the software one. On the other hand, we remark that the efficiency of CPA attack depends statistically on the implementation and the power model used for the power prediction.

Double Sieve Collision Attack Based on Bitwise Detection

  • Ren, Yanting;Wu, Liji;Wang, An
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.1
    • /
    • pp.296-308
    • /
    • 2015
  • Advanced Encryption Standard (AES) is widely used for protecting wireless sensor network (WSN). At the Workshop on Cryptographic Hardware and Embedded Systems (CHES) 2012, G$\acute{e}$rard et al. proposed an optimized collision attack and break a practical implementation of AES. However, the attack needs at least 256 averaged power traces and has a high computational complexity because of its byte wise operation. In this paper, we propose a novel double sieve collision attack based on bitwise collision detection, and an improved version with an error-tolerant mechanism. Practical attacks are successfully conducted on a software implementation of AES in a low-power chip which can be used in wireless sensor node. Simulation results show that our attack needs 90% less time than the work published by G$\acute{e}$rard et al. to reach a success rate of 0.9.

Implementation of Attack Generation Test-Suite for Security System Testing (보안 시스템 테스트를 위한 공격 발생 테스트슈트 구현)

  • 김환국;서동일;이상호
    • Proceedings of the Korea Information Assurance Society Conference
    • /
    • 2004.05a
    • /
    • pp.51-55
    • /
    • 2004
  • Currently, internet is deeply rooted in everyday life and many things are performed using internet in real-world, increased internet user because convenience. But then, internet accident is on the increase rapidly. Therefore, it is necessary that testing system generate automatically various attack patterns and traffic. In this paper, we describe method of design and implementation about AGT(attack generation test suite : simulator) system which generate various attack patterns using multiple agents.

  • PDF

Design and Implementation of ATP(Advanced Persistent Threat) Attack Tool Using HTTP Get Flooding Technology (HTTP Get Flooding 기술을 이용한 APT(지능적 지속 위협)공격 도구의 설계와 구현)

  • Cheon, Woo-Bong;Park, Won-Hyung;Chung, Tai-Myoung
    • The Journal of Korean Association of Computer Education
    • /
    • v.14 no.6
    • /
    • pp.65-73
    • /
    • 2011
  • As we can see from the recent cyber attack, APT(Advanced Persistent Threat) is trend of hacking attack in the World. Thus, HTTP Get Flooding attack is considered to be one of the most successful attacks in cyber attack method. In this paper, designs and implements new technique for the cyber attack using HTTP get flooding technology. also, I need a defence about DDoS attack through APT Tools.

  • PDF

A Secure AES Implementation Method Resistant to Fault Injection Attack Using Differential Property Between Input and Output (입.출력 차분 특성을 이용한 오류 주입 공격에 강인한 AES 구현 방안)

  • Park, Jeong-Soo;Choi, Yong-Je;Choi, Doo-Ho;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.22 no.5
    • /
    • pp.1009-1017
    • /
    • 2012
  • The fault injection attack has been developed to extract the secret key which is embedded in a crypto module by injecting errors during the encryption process. Especially, an attacker can find master key of AES using injection of just one byte. In this paper, we proposed a countermeasure resistant to the these fault attacks by checking the differences between input and output. Using computer simulation, we also verified that the proposed AES implementation resistant to fault attack shows better fault detection ratio than previous other methods and has small computational overheads.

A Study on the Implementation of Linearly Shift Knapsack Public Key Cryptosystem (선형 이동 Knapsack 공개키 암호화 시스템의 구현에 관한 연구)

  • 차균현;백경갑;백인천;박상봉
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.16 no.9
    • /
    • pp.883-892
    • /
    • 1991
  • In this thesis explanation of new knapsack algorithm for public key system difficulty test and parallel architecture for implementation are suggested. Past Merkle-Hellman’s knapsack is weak in Shamir or Brickell`s attack by the effects of mapping into other easy sequenoes. But linearly shift knapsack system compensates them.

  • PDF

A Study on the Design and Implementation of System for Predicting Attack Target Based on Attack Graph (공격 그래프 기반의 공격 대상 예측 시스템 설계 및 구현에 대한 연구)

  • Kauh, Janghyuk;Lee, Dongho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.16 no.1
    • /
    • pp.79-92
    • /
    • 2020
  • As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

A Study on Attack against NTRU Signature Implementation and Its Countermeasure (NTRU 서명 시스템 구현에 대한 오류 주입 공격 및 대응 방안 연구)

  • Jang, Hocheol;Oh, Soohyun;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.3
    • /
    • pp.551-561
    • /
    • 2018
  • As the computational technology using quantum computing has been developed, several threats on cryptographic systems are recently increasing. Therefore, many researches on post-quantum cryptosystems which can withstand the analysis attacks using quantum computers are actively underway. Nevertheless, the lattice-based NTRU system, one of the post-quantum cryptosystems, is pointed out that it may be vulnerable to the fault injection attack which uses the weakness of implementation of NTRU. In this paper, we investigate the fault injection attacks and their previous countermeasures on the NTRU signature system and propose a secure and efficient countermeasure to defeat it. As a simulation result, the proposed countermeasure has high fault detection ratio and low implementation costs.

The Implementation of monitoring system for the attack of network service denial (네트워크상의 서비스 거부 공격 감시 시스템 설계)

  • 최민석;이종민;김용득
    • Proceedings of the IEEK Conference
    • /
    • 2002.06e
    • /
    • pp.43-46
    • /
    • 2002
  • This paper deals with a denial of service is about without permission knocking off service, for example through crashing the whole system. Another definition is that denial of service is seeing to that someone don't get what they paid for. The Network Denial of service Attack Detection System designed and implemented through suggested algorithm can detect attacking from the outside among denial of service attacks. It shown that designed system gives the system administrator the opportunity to detect denial of service attack.

  • PDF

An implementation of the timing attack on OpenSSL-based RSAserver (OpenSSL 기반 RSA서버에 대한 Timing Attack 구현)

  • 홍정대;박근수
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2004.10a
    • /
    • pp.730-732
    • /
    • 2004
  • 1996년 P. Kocher에 의해 시차공격(Timing attack)이 제안된 후 일반적인 RSA구현 시 시간차를 줄이기 위해 중국인의 나머지 정리와 Montgomery 알고리즘과 같은 다양한 방법들이 적용되어왔다. 2003년 D. Brumley와 D. Boneh가 OpenSSL(2)에서 구현된 RSA 알고리즘을 분석하여 시차공격(3)이 가능함을 보였다. 본 논문은 이들의 방법을 OpenSSL을 기반으로 하는 서버를 대상으로 구현한 실험 결과를 보인다.

  • PDF