• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.439-448
• /
• 2017

It is news from nowhere that post-quantum cryptography has side-channel analysis vulnerability. Side-channel analysis attack method and countermeasures for code-based McEliece cryptosystem and lattice-based NTRU cryptosystem have been investigated. Unfortunately, the investigation of the ring-LWE cryptosystem in terms of side-channel analysis is as yet insufficient. In this paper, we propose a chosen ciphertext simple power analysis attack that can be applied when ring-LWE cryptography operates on 8-bit devices. Our proposed attack can recover the key only with [$log_2q$] traces. q is a parameter related to the security level. It is used 7681 and 12289 to match the common 128 and 256-bit security levels, respectively. We identify the vulnerability through experiment that can reveal the secret key in modular add while the ring-LWE decryption performed on real 8-bit devices. We also discuss the attack that uses a similarity measurement method for two vectors to reduce attack time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.27-35
• /
• 2011

Design of Sensor nodes in Wireless Sensor Network(WSN) should be considered some properties as electricity consumption, transmission speed, range, etc., and also be needed the protection against various attacks (e.g., eavesdropping, hacking, leakage of customer's secret data, and denial of services). The stream cipher Rabbit, selected for the final eSTREAM portfolio organized by EU ECRYPT and selected as algorithm in part of ISO/IEC 18033-4 Stream Ciphers on ISO Security Standardization recently, is a high speed stream cipher suitable for WSN. Since the stream cipher Rabbit was evaluated the complexity of side-channel analysis attack as 'Medium' in a theoretical approach, thus the method of power analysis attack to the stream cipher Rabbit and the verification of our method by practical experiments were described in this paper. We implemented the stream cipher Rabbit without countermeasures of power analysis attack on IEEE 802.15.4/ZigBee board with 8-bit RISC AVR microprocessor ATmega128L chip, and performed the experiments of power analysis based on difference of means and template using a Hamming weight model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1045-1057
• /
• 2022

Recently, the National Institute of Standards and Technology (NIST) announced four cryptographic algorithms as a standard candidates of Post-Quantum Cryptography (PQC). In this paper, we show that private key can be exposed by a non-profiling-based power analysis attack such as Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) on CRYSTALS-KYBER algorithm, which is decided as a standard in the PKE/KEM field. As a result of experiments, it was successful in recovering the linear polynomial coefficient of the private key. Furthermore, the private key can be sufficiently recovered with a 13.0 Normalized Maximum Margin (NMM) value when Hamming Weight of intermediate values is used as a label in DDLA. In addition, these non-profiling attacks can be prevented by applying countermeasures that randomly divides the ciphertext during the decryption process and randomizes the starting point of the coefficient-wise multiplication operation.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.2
• /
• pp.83-92
• /
• 2013

RSA-CRT is a widely used algorithm that provides high performance implementation of the RSA-signature algorithm. Many previous studies on each operation step have been published to verify the physical leakages of RSA-CRT when used in smart devices. This paper proposes SAED (subtraction algorithm analysis on equidistant data), which extracts sensitive information using the event information of the subtraction operation in a reduction algorithm. SAED is an attack method that uses algorithm-dependent power signal changes. An adversary can extract a key using differential power analysis (DPA) of the subtraction operation. This paper indicates the theoretical rationality of SAED, and shows that its results are better than those of other methods. According to our experiments, only 256 power traces are sufficient to acquire one block of data. We verify that this method is more efficient than those proposed in previously published studies.

• ETRI Journal
• /
• v.29 no.5
• /
• pp.619-632
• /
• 2007

Side channel attacks are a very serious menace to embedded devices with cryptographic applications. To counteract such attacks many randomization techniques have been proposed. One efficient technique in elliptic curve cryptosystems randomizes addition chains with binary signed digit (BSD) representations of the secret key. However, when such countermeasures have been used alone, most of them have been broken by various simple power analysis attacks. In this paper, we consider combinations which can enhance the security of countermeasures using BSD representations by adding additional countermeasures. First, we propose several ways the improved countermeasures based on BSD representations can be attacked. In an actual statistical power analysis attack, the number of samples plays an important role. Therefore, we estimate the number of samples needed in the proposed attack.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.33-41
• /
• 2010

Many experimental results shows that RSA-CRT algorithm can be broken by fault analysis attacks. We analyzed the previous fault attacks and their countermeasures on RSA-CRT algorithm and found an weakness of the countermeasure proposed by Abid and Wang. Based on these analyses, we propose a new countermeasure which uses both double exponentiation and fault infective computation method. The proposed method efficiently computes a fault verification information using double exponentiation. And, it is designed to resist simple power analysis attack and (N-1) attack.

• ETRI Journal
• /
• v.32 no.1
• /
• pp.102-111
• /
• 2010

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary-with-random-initial-point algorithm on elliptical curve cryptosystems. It is known to be secure against first-order differential power analysis (DPA); however, it is susceptible to second-order DPA. Although second-order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second-order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.

• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.9
• /
• pp.225-230
• /
• 2019

Recently, with the development of Internet technology, various encryption algorithms have been adopted to protect the sensing data measured by hardware devices. The Advanced Encryption Standard (AES), the most widely used encryption algorithm in the world, is also used in many devices with strong security. However, it has been found that the AES algorithm is vulnerable to side channel analysis attacks such as Differential Power Analysis (DPA) and Correlation Power Analysis (CPA). In this paper, we present a software optimization implementation technique of the AES algorithm applying the most widely known masking technique among side channel analysis attack methods.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.556-563
• /
• 2009

A side channel analysis is a very efficient attack against small devices such as smart cards and wireless sensor nodes. In this paper, we propose an efficient key detection method using a peak selection algorithm in order to find the advanced encryption standard secret key from electromagnetic signals. The proposed method is applied to a correlation electromagnetic analysis (CEMA) attack against a wireless sensor node. Our approach results in increase in the correlation coefficient in comparison with the general CEMA. The experimental results show that the proposed method can efficiently and reliably uncover the entire 128-bit key with a small number of traces, whereas some extant methods can reveal only partial subkeys by using a large number of traces in the same conditions.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.6
• /
• pp.1689-1705
• /
• 2023

To deal with the potential XSS vulnerabilities in the source code of the power communication network, an XSS vulnerability detection method combining the static analysis method with the dynamic testing method is proposed. The static analysis method aims to analyze the structure and content of the source code. We construct a set of feature expressions to match malignant content and set a "variable conversion" method to analyze the data flow of the code that implements interactive functions. The static analysis method explores the vulnerabilities existing in the source code structure and code content. Dynamic testing aims to simulate network attacks to reflect whether there are vulnerabilities in web pages. We construct many attack vectors and implemented the test in the Selenium tool. Due to the combination of the two analysis methods, XSS vulnerability discovery research could be conducted from two aspects: "white-box testing" and "black-box testing". Tests show that this method can effectively detect XSS vulnerabilities in the source code of the power communication network.