• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.1
• /
• pp.143-152
• /
• 2012

In this paper hardware implementation of GF($2^{191}$) elliptic curve cryptographic coprocessor which supports 7 operations such as scalar multiplication(kP), Menezes-Vanstone(MV) elliptic curve cipher/decipher algorithms, point addition(P+Q), point doubling(2P), finite-field multiplication/division is described. To meet structure resistant against simple power analysis, the ECC processor adopts the Montgomery scalar multiplication scheme which main loop operation consists of the key-independent operations. It has operational characteristics that arithmetic units, such GF_ALU, GF_MUL, and GF_DIV, which have 1, (m/8), and (m-1) fixed operation cycles in GF($2^m$), respectively, can be executed in parallel. The processor has about 68,000 gates and its simulated worst case delay time is about 7.8 ns under 0.35um CMOS technology. Because it has about 320 kbps cipher and 640 kbps rate and supports 7 finite-field operations, it can be efficiently applied to the various cryptographic and communication applications.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.2
• /
• pp.149-156
• /
• 2011

In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate values in the en/decryption computations are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the countermeasure for S-box must be efficiently constructed in the case of AES, ARIA and SEED. Existing countermeasures for S-box use the masked S-box table to require 256 bytes RAM corresponding to one S-box. But, the usage of the these countermeasures is not adequate in the lightweight security devices having the small size of RAM. In this paper, we propose the new countermeasure not using the masked S-box table to make up for this weak point. Also, the new countermeasure reduces time-complexity as well as the usage of RAM because this does not consume the time for generating masked S-box table.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.4
• /
• pp.27-37
• /
• 2011

dth-order power analysis can safely be defended by dth-order masking method. However, as the degree of applied masking method increases, it can significantly decrease effectiveness of cryptosystem. The existing statistical analysis on high-order power analysis contains only analysis on second power analysis. However, this means absent of safety standards when crypto engineers apply 3rd or more order masking. this absent of standards can lead to insignificant usage of masking method which can significantly decrease effectiveness of cryptosystem. In this dissertation, we have generalize statistical values on high-order power analysis to establish these standards. In other words, we have generalized the value of a correlation coefficient when calculation of high-order power analysis methods are performed. That is to say, it can greatly be used to indicate a degrees that can be applied on further usage of masking method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.4
• /
• pp.727-738
• /
• 2015

Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

• The KIPS Transactions:PartC
• /
• v.18C no.1
• /
• pp.7-14
• /
• 2011

Power analysis attack on low-power consumed security devices such as smart cards is very powerful, but it is required that the correlation between the measured power signal and the mid-term estimated signal should be consistent in a time instant while running encryption algorithm. The power signals measured from the security device applying the random clock do not match the timing point of analysis, therefore random clock is used as counter measures against power analysis attacks. This paper propose a new constant pitch based time alignment for power analysis with random clock power trace. The proposed method neutralize the effects of random clock used to counter measure by aligning the irregular power signals with the time location and size using the constant pitch. Finally, we apply the proposed one to AES algorithm within randomly clocked environments to evaluate our method.

• Journal of the Society of Naval Architects of Korea
• /
• v.54 no.1
• /
• pp.18-25
• /
• 2017

This study deals with numerically comparing performance according to rudder shape called 'Twisted rudder and Wavy twisted rudder'. In comparison with conventional rudder, rudder with wavy shape has showed a better performance at high angles of attack($30^{\circ}{\sim}40^{\circ}$) due to delaying stall. But most of study concerned with wavy shape had been performed in uniform flow condition. In order to identify the characteristics behind a rotating propeller, the present study numerically carries out an analysis of resistance and self-propulsion for KCS with twisted rudder and wavy twisted rudder. The turbulence closure model, Realizable $k-{\epsilon}$, is employed to simulate three-dimensional unsteady incompressible viscous turbulent and separation flow around the rudder. The simulation of self-propulsion analysis is performed in two step, because of finding optimization case of wavy shape. The first step presents there are little difference between twisted rudder and case of H_0.65 wavy twisted rudder in delivered power. So two kind of rudders are employed from first step to compare lift-to-drag ratio and torque at high angles of attack. Consequently, the wavy twisted rudder is presented as a possible way of delaying stall, allowing a rudder to have a better performance containing superior lift-to-drag ratio and torque than twisted rudder at high angles of attack. Also, as we indicate the flow visualization, check the quantity of separation flow around the rudder.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1001-1011
• /
• 2017

A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1089-1098
• /
• 2018

As the development of quantum computers becomes visible, the researches on post-quantum cryptography to alternate the present cryptography system have actively pursued. To substitute RSA and Elliptic Curve Cryptosystem, post-quantum cryptography must also consider side channel resistance in implementation. In this paper, we propose a side channel analysis on NTRU, based on the implementation made public in the NIST standardization. Unlike the previous analysis which exploits a thousands of traces, the proposed attack can recover the private key using a single power consumption trace. Our attack not only reduces the complexity of the attack but also gives more possibility to analyze a practical public key cryptosystem. Furthermore, we suggested the countermeasure against our attacks. Our countermeasure is much more efficient than existing implementation.

• Journal of Electrical Engineering and Technology
• /
• v.7 no.3
• /
• pp.443-450
• /
• 2012

As power grids are integrated into one big umbrella (i.e., Smart Grid), communication network plays a key role in reliable and stable operation of power grids. For successful operation of smart grid, interoperability and security issues must be resolved. Security means providing network system integrity, authentication, and confidentiality service. For a cyber-attack to a power grid system, which may jeopardize the national security, vulnerability of communication infrastructure has a serious impact on the power grid network. While security aspects of power grid network have been studied much, security mechanisms are rarely adopted in power gird communication network. For security issues, strict timing requirements are defined in IEC 61850 for mission critical messages (i.e., GOOSE). In this paper, we apply security algorithms (i.e., MD-5, SHA-1, and RSA) and measure their processing time and transmission delay of secured mission critical messages. The results show the algorithms satisfying the timing requirements defined in IEC 61850 and we observer the algorithm that is optimal for secure communication of mission critical messages. Numerical analysis shows that SHA-1 is preferable for secure GOOSE message sending.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.35 no.9B
• /
• pp.1369-1380
• /
• 2010

In this paper, we propose the efficient Second-Order Differential Power Analysis attack, which has ability to find significant information such as secret key in the devices consisting IT convergence environment such as Smartgrid, Advanced Metering Infrastructure(AMI) and ZigBee-based home networking service. This method helps to find the secret key easily at a device, even though it uses a countermeasure like masking which makes First-Order DPA attack harder. First, we present the performance results of our implementation which implements practical Second-Order DPA attack using the existing preprocessing function, and analyze it. Then we propose a stronger preprocessing function which overcomes countermeasures like masking. Finally, we analyze the results of the Second-Order CPA attack using proposed preprocessing function and verify that proposed scheme is very threatening to the security fields of IT convergence technology through the experimental results.