• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.3-9
• /
• 2009

In this paper we introduce a new side-channel attack using block cipher cryptanalysis named meet-in-the middle attack. Using our new side-channel technique we introduce side-channel attacks on AES with reduced masked rounds. That is, we show that AES with reduced 10 masked rounds is vulnerable to side channel attacks based on an existing 4-round function. This shows that one has to mask the entire rounds of the 12-round 192-bit key AES to prevent our attacks. Our results are the first ones to analyze AES with reduced 10 masked rounds.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.149-156
• /
• 2011

In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate values in the en/decryption computations are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the countermeasure for S-box must be efficiently constructed in the case of AES, ARIA and SEED. Existing countermeasures for S-box use the masked S-box table to require 256 bytes RAM corresponding to one S-box. But, the usage of the these countermeasures is not adequate in the lightweight security devices having the small size of RAM. In this paper, we propose the new countermeasure not using the masked S-box table to make up for this weak point. Also, the new countermeasure reduces time-complexity as well as the usage of RAM because this does not consume the time for generating masked S-box table.

• ETRI Journal
• /
• v.32 no.3
• /
• pp.370-379
• /
• 2010

In this paper, we propose efficient masking methods for ARIA and AES. In general, a masked S-box (MS) block can be constructed in different ways depending on the implementation platform, such as hardware and software. However, the other components of ARIA and AES have less impact on the implementation cost. We first propose an efficient masking structure by minimizing the number of mask corrections under the assumption that we have an MS block. Second, to make a secure and efficient MS block for ARIA and AES, we propose novel methods to solve the table size problem for the MS block in a software implementation and to reduce the cost of a masked inversion which is the main part of the MS block in the hardware implementation.

• ETRI Journal
• /
• v.38 no.2
• /
• pp.387-396
• /
• 2016

This paper introduces a new type of collision attack on first-order masked Advanced Encryption Standards. This attack is a known-plaintext attack, while the existing collision attacks are chosen-plaintext attacks. In addition, our method requires significantly fewer power measurements than any second-order differential power analysis or existing collision attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.449-456
• /
• 2015

Recently, information security of IoT(Internet of Things) have been increasing to interest and many research groups have been studying for cryptographic algorithms, which are suitable for IoT environment. LEA(Lightweight Encryption Algorithm) developed by NSRI(National Security Research Institute) is commensurate with IoT. In this paper, we propose two first-order Correlation Power Analysis(CPA) attacks for LEA and experimentally demonstrate our attacks. Additionally, we suggest the mask countermeasure for LEA defeating our attacks. In order to estimate efficiency for the masked LEA, its operation cost is compared to operation time of masked AES.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.1-15
• /
• 2020

As differential computation analysis attack(DCA) which is context of side-channel analysis on white-box cryptography is proposed, masking white-box cryptography based on table encoding has been proposed by Lee et al. to counter DCA. Existing higher-order DCA for the masked white box cryptography did not consider the masking implementation structure based on table encoding, so it is impossible to apply this attack on the countermeasure suggested by Lee et al. In this paper, we propose a new higher-order DCA method that can be applied to the implementation of masking based on table encoding, and prove its effectiveness by finding secret key information of masking white-box cryptography suggested by Lee et al. in practice.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.9
• /
• pp.4487-4511
• /
• 2018

A fast image encryption system based on substitution and diffusion was proposed, which includes one covering process, one substitution process and two diffusion processes. At first, Chen's chaotic system together with an external 256-bit long secret key was used to generate the key streams for image encryption, in which the initial values of Chen's chaotic system were regarded as the public key. Then the plain image was masked by the covering process. After that the resulting image was substituted with the disturbed S-Box of AES. Finally, the substituted image was diffused twice with the add-modulo operations as the core to obtain the cipher image. Simulation analysis and comparison results with AES and some existing image cryptosystems show that the proposed image cryptosystem possesses the merits of fast encryption/decryption speed, good statistical characteristics, strong sensitivity and etc., and can be used as a candidate system of network security communication.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.9
• /
• pp.393-398
• /
• 2013

This paper introduces a new collision attack on first-order masked AES. This attack is a known plaintext attack, while the existing collision attacks are a chosen plaintext attack. In addition, our method is more efficient than the second-order power analysis and requires about 1/27.5 power measurements by comparison with the last collision attack. Some experiment results of this paper support this fact. In this paper, we also introduce a simple countermeasure, which can protect against our attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1431-1441
• /
• 2016

In case of ARX based block cipher algorithms with masking countermeasures, there is a need for a method to convert between Boolean masking and arithmetic masking. However, to apply masking countermeasures to ARX based algorithms is less efficient compared to masked AES with single masking method because converting between Boolean and arithmetic masking has high computation time. This paper shows performance results on 32-bit platform implementations of LEA with various masking conversion countermeasures against first order side channel attacks. In the implementation point of view, this paper presents computation time comparison between actual measurement value and theoretical one. This paper also confirms that the masked implementations of LEA are secure against first order side channel attacks by using a T-test.

• Journal of the Korean Vacuum Society
• /
• v.4 no.S2
• /
• pp.131-138
• /
• 1995

The broad beam ion sources of hot filament plasma type have widely used for modifications of materials and thin films, and the new type intensive current broad beam metal ion source including reactive gaseous ion beams is needed for preparing the hard coating films such as DLC, $\beta-C_3N_4$ Carbides, Nitrides, Borides etc. Now a electorn beam evaporation(EBE) broad beam metal ion source has been developed for this purpose in our lab. CN film has been formed by the EBE ion source. Study of the CN film shows that it has high hardness(HK=5800kgf/$\textrm {mm}^2$)and good adhesion. This method can widely changes the ratio of C/N atom's concentrations from 0.14 to 0.6 and has high coating rate. The low energy pocket ion source which was specially designed for surface texturing of medical silicon rubber was also developed. It has high efficiency and large uniform working zone. Both nature texturing and mesh masked texturing of silicon rubbers were performed. The biocompatibility was tested by culture of monocytes, and the results showed improved biocompatibility for the treated silicon rubbers. In addition, the TiB2 film synthesized by IBED is being studied recently in our lab. In this paper, the results which include the hardness, thickness of the films and the AES, XRD analysis as well as the tests of the oxidation of high temperature and erosion will be presented.