• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.457-465
• /
• 2015

Internet of Things(IoT) technologies should be able to communication with various embedded platforms. We will need to select an appropriate cryptographic algorithm in various embedded environments because we should consider security elements in IoT communications. Therefore the lightweight block cryptographic algorithm is essential for secure communication between these kinds of embedded platforms. However, the lightweight block cryptographic algorithm has a vulnerability which can be leaked in side channel analysis. Thus we also have to consider side channel countermeasure. In this paper, we will propose the scenario of side channel analysis and confirm the vulnerability for HIGHT algorithm which is composed of ARX structure. Additionally, we will suggest countermeasure for HIGHT against side channel analysis. Finally, we will explain how much the effectiveness can be provided through comparison between countermeasure for AES and HIGHT.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.9
• /
• pp.4727-4741
• /
• 2019

The lightweight block cipher Piccolo adopts Generalized Feistel Network structure with 64 bits of block size. Its key supports 80 bits or 128 bits, expressed by Piccolo-80 or Piccolo-128, respectively. In this paper, we exploit the security of reduced version of Piccolo from the first round with the pre-whitening layer, which shows the vulnerability of original Piccolo. As a matter of fact, we first study some linear relations among the round subkeys and the properties of linear layer. Based on them, we evaluate the security of Piccolo-80/128 against the meet-in-the-middle attack. Finally, we attack 13 rounds of Piccolo-80 by applying a 5-round distinguisher, which requires $2^{44}$ chosen plaintexts, $2^{67.39}$ encryptions and $2^{64.91}$ blocks, respectively. Moreover, we also attack 17 rounds of Piccolo-128 by using a 7-round distinguisher, which requires $2^{44}$ chosen plaintexts, $2^{126}$ encryptions and $2^{125.49}$ blocks, respectively. Compared with the previous cryptanalytic results, our results are the currently best ones if considering Piccolo from the first round with the pre-whitening layer.

• Journal of Korea Multimedia Society
• /
• v.21 no.8
• /
• pp.897-908
• /
• 2018

In this paper, we propose a security framework for a cluster drones network using the MAVLink (Micro Air Vehicle Link) application protocol based on FANET (Flying Ad-hoc Network), which is composed of ad-hoc networks with multiple drones for IoT services such as remote sensing or disaster monitoring. Here, the drones belonging to the cluster construct a FANET network acting as WTRP (Wireless Token Ring Protocol) MAC protocol. Under this network environment, we propose an efficient algorithm applying the Lightweight Encryption Algorithm (LEA) to the CTR (Counter) operation mode of WPA2 (WiFi Protected Access 2) to encrypt the transmitted data through the MAVLink application. And we study how to apply LEA based on CBC (Cipher Block Chaining) operation mode used in WPA2 for message security tag generation. In addition, a modified Diffie-Hellman key exchange method is approached to generate a new key used for encryption and security tag generation. The proposed method and similar methods are compared and analyzed in terms of efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1035-1043
• /
• 2022

With the spread of the Internet of Things (IoT), cloud computing, and big data, the need for high-speed encryption for applications is emerging. GPU optimization can be used to validate cryptographic analysis results or reduced versions theoretically obtained by the GPU in a reasonable time. In this paper, PIPO lightweight encryption implemented in various environments was implemented on GPU. Optimally implemented considering the brute force attack on PIPO. In particular, the optimization implementation applying the bit slicing technique and the GPU elements were used as much as possible. As a result, the implementation of the proposed method showed a throughput of about 19.5 billion per second in the RTX 3060 environment, achieving a throughput of about 122 times higher than that of the previous study.

• Journal of IKEEE
• /
• v.22 no.2
• /
• pp.233-241
• /
• 2018

This paper describes a lightweight implementation of a cryptographic processor supporting GCM (Galois/Counter Mode) authenticated encryption (AE) that is based on the two block cipher algorithms of ARIA and AES. It also provides five modes of operation (ECB, CBC, OFB, CFB, CTR) for confidentiality as well as the key lengths of 128-bit and 256-bit. The ARIA and AES are integrated into a single hardware structure, which is based on their algorithm characteristics, and a $128{\times}12-b$ partially parallel GF (Galois field) multiplier is adopted to efficiently perform concurrent processing of CTR encryption and GHASH operation to achieve overall performance optimization. The hardware operation of the ARIA/AES-GCM AE processor was verified by FPGA implementation, and it occupied 60,800 gate equivalents (GEs) with a 180 nm CMOS cell library. The estimated throughput with the maximum clock frequency of 95 MHz are 1,105 Mbps and 810 Mbps in AES mode, 935 Mbps and 715 Mbps in ARIA mode, and 138~184 Mbps in GCM AE mode according to the key length.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.24 no.11
• /
• pp.1470-1476
• /
• 2020

This paper describes a design of a lightweight security system-on-chip (SoC) suitable for the implementation of security protocols for IoT and mobile devices. The security SoC using Cortex-M0 as a CPU integrates hardware crypto engines including an elliptic curve cryptography (ECC) core, a SHA3 hash core, an ARIA-AES block cipher core and a true random number generator (TRNG) core. The ECC core was designed to support twenty elliptic curves over both prime field and binary field defined in the SEC2, and was based on a word-based Montgomery multiplier in which the partial product generations/additions and modular reductions are processed in a sub-pipelining manner. The H/W-S/W co-operation for elliptic curve digital signature algorithm (EC-DSA) protocol was demonstrated by implementing the security SoC on a Cyclone-5 FPGA device. The security SoC, synthesized with a 65-nm CMOS cell library, occupies 193,312 gate equivalents (GEs) and 84 kbytes of RAM.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.2
• /
• pp.155-162
• /
• 2022

The SITM (See-In-The-Middle) attack proposed in CHES 2020 is a type of analysis technique that combines differential cryptanalysis and side-channel analysis, and can be applied even in a harsh environment with a low SNR (Signal-to-Noise Ratio). This attack targets partial 1^st or higher order masked block cipher, and uses unmasked middle round weakness. PRESENT is a lightweight blockcipher proposed in CHES 2007, designed to be implemented efficiently in a low-power environment. In this paper, we propose SITM attacks on 14-round masked implementation of PRESENT while the previous attacks were applicable to 4-round masked implementation of PRESENT. This indicates that PRESENT has to be implemented with more than 16-round masking to be resistant to our attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.4
• /
• pp.569-575
• /
• 2024

The 64-bit block cipher IIoTBC is an encryption algorithm designed for the security of industrial IoT devices and uses an 128-bit secret key. The IIoTBC's encryption algorithm varies depending on whether the MCU size used in IoT is 8-bit or 16-bit. This paper deals with a differential attack on IIoTBC when the MCU size is 8-bit. It attacks 15-round out of the entire 32-round using IIoTBC's 14-round differential characteristic. At this time, the number of required plaintexts and encryption are 2⁵⁷ and 2^122.4, respectively. The differential characteristic presented in this paper has a longer round than the existing 13-round impossible differential characteristic, and the attack using this is the result of the first key recovery attack on IIoTBC.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.157-159
• /
• 2016

3가지 마스터키 길이 128/192/256 비트를 지원하는 파이프라인 LEA(Lightweight Encryption Algorithm) 크립토 프로세서를 설계하였다. 높은 처리율을 얻기 위해 16개의 라운드 스테이지가 파이프라인 방식으로 동작하며, 각 라운드 스테이지는 128비트 데이터패스를 갖도록 설계하였다. 설계된 LEA 프로세서는 FPGA 구현을 통해 하드웨어 동작을 검증하였다. Xilinx ISE로 합성한 결과, 최대 동작주파수 122MHz로 동작하여 7.8Gbps의 성능을 갖는 것으로 평가되었다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2022.11a
• /
• pp.72-74
• /
• 2022

사물인터넷에 성능이 향상됨에 따라 사물인터넷에 사용되는 저사양 프로세서들의 보안도 주목받고 있다. 이에 따라, 저사양 프로세서 상에서 안전하고 효율적으로 동작하는 경량 암호에 대한 개발과 최적연구가 활발히 진행되고 있다. 경량 블록 암호 중 하나인 SIMECK은 경량 블록 암호인 SPECK과 SIMON의 이점만을 결합한 암호 알고리즘이다. 본 논문에서는 저사양 프로세서 상에서의 경량 블록암호 SIMECK 최적 구현 동향에 대해 살펴본다.