• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.4
• /
• pp.923-941
• /
• 2017

A side-channel attack is a method of attacking a cipher based on physical information of a cryptographic device. The masking method, which is a typical method overcoming this attack, is a method of calculating an arbitrary masking value at the round intermediate value through rounds. Thus, it is difficult to guess the intermediate value by the side-channel attack, but if the masking operation is applied to all rounds of the encryption algorithm, the encryption process may become overloaded. Therefore, it is practical to use a reduced-round masking technique that applies a masking technique to only a part of the cipher for lightweight equipment such as Internet of Things(IoT) and wearable devices. In this paper, we describe a Hamming weight filtering for SIMON family with reduced-round masking technique and it is shown that first round key recovery is possible through actual programming.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.439-448
• /
• 2017

It is news from nowhere that post-quantum cryptography has side-channel analysis vulnerability. Side-channel analysis attack method and countermeasures for code-based McEliece cryptosystem and lattice-based NTRU cryptosystem have been investigated. Unfortunately, the investigation of the ring-LWE cryptosystem in terms of side-channel analysis is as yet insufficient. In this paper, we propose a chosen ciphertext simple power analysis attack that can be applied when ring-LWE cryptography operates on 8-bit devices. Our proposed attack can recover the key only with [$log_2q$] traces. q is a parameter related to the security level. It is used 7681 and 12289 to match the common 128 and 256-bit security levels, respectively. We identify the vulnerability through experiment that can reveal the secret key in modular add while the ring-LWE decryption performed on real 8-bit devices. We also discuss the attack that uses a similarity measurement method for two vectors to reduce attack time.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.8B
• /
• pp.939-946
• /
• 2011

The Internet banking service provides convenience than the traditional offline services. However, it still causes a number of security problems including hacking. In order to strengthen security, the financial institutions have provided such authentication methods as the official authentication certificate, the security token, the security card and OTP. However, the incidents related to hacking have continuously occurred. Especially, various weak points have been suggested for the authentication methods in regard to such types of hacking as the memory hacking or the MITM attack. So I needed was a new authentication method. In this study, the two-channel authentication method which provide two-way authentication on the user's PC and mobile device when executing the electronic financial transactions in the Internet banking environment is suggested. Also, by analyzing it in comparison with other existing methods, it is possible to check that the prospects of safety and credibility are strengthened.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1045-1053
• /
• 2014

In this paper, we assume that the information leakage through side-channel signal may occur from the card payment terminal and newly introduce a real application attack model. The attack model is a side channel attack based on vibration signals, which are detected by a small sensor attached on card terminal by attacker. This study is similar to some other studies regarding side channel attack. However, this paper is different in that it is based on the non-language model. Because the financial transaction information such as a card number, password, mobile phone number and etc cannot have a constant pattern. In addition, there was no study about card terminal. Therefore, this new study is meaningful. We collected vibration signals on card terminal with a small wireless sensor and analyzed signal data with statistical signal processing techniques using spectrum of frequency domain and principal component analysis and pattern recognition algorithms. Finally, we evaluated the performances by using real data from the sensor.

• Journal of Korean Society of Industrial and Systems Engineering
• /
• v.43 no.1
• /
• pp.50-60
• /
• 2020

The omni-channel customer system is the communication system between enterprise and customer via multiple channels such as mail, email, SMS, and mobile. The omni-channel customer system complements each other channel through the integration of each channel. The purpose of this research is to derive key factors and calculate the weights that a financial enterprise considers when adopting the omni-channel customer system. For this research, we analyzed the request for proposal documents used for the omni-channel customer system implementation projects in the financial enterprise. Also, we derived, classified, and stratified the key factors to be considered for the introduction of the omni-channel customer system in the financial enterprise. As a result of analyzing the key factors, customer experience, operations, and security were identified as the components of the top category in introducing the omni-channel customer system in the financial sector. Furthermore, the weight for each key factor was calculated by using ANP. As a result of ANP, operations, customer experience, and security were important in order. Also, the degree of easiness for connecting with other systems and the various abilities for representing the contents of the omni-channels were derived as the important key factors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.221-227
• /
• 2014

When implementing cryptographic algorithms in mobile devices like smart cards, the security against side-channel attacks should be considered. Side-channel attacks try to find critical information from the side-channel infromation obtained from the underlying cryptographic devices' execution. Especially, the power analysis attack uses the power consumption profile of the devices as the side-channel information. This paper proposes a new gate-level countermeasure against the power analysis attack and the glitch attack and suggests how to apply the measure to securely implement AES.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.961-971
• /
• 2019

Isolation between virtual machines in a cloud computing environment is an important security factor. The violation of isolation between virtual machines leads to interferences of shared resources and the implementation of covert channels. In this paper, the structure of Hyper-V hypervisor is analyzed to implement covert channels between virtual machines. Hyper-V uses a mutex technique for mutual exclusion between virtual machines. It indicates that isolation of virtual machines is violated and covert channels can be implemented due to mutex. We implemented several covert channels by designing a method for searching mutex resources applicable to Hyper-V with complex architectures. The mutex-based covert channel is not hardware dependent. If the covert channel is detected or defended, the defensive technique can be avoided by using the other covert channel among several covert channels.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2022.10a
• /
• pp.101-103
• /
• 2022

Elliptic curve cryptography (ECC) is widely used in hardware implementations of public-key crypto-systems for IoT devices and V2X communication because it is suitable for efficient hardware implementation and has high security strength. However, ECC-based public-key cryptography is known to have security vulnerabilities against side-channel attacks, so it is necessary to apply countermeasures against security attacks in designing ECC processor. This paper describes a survey on the side-channel attacks and countermeasures applicable to ECC processor design.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1271-1278
• /
• 2020

Deep learning-based profiling side-channel analysis is a powerful analysis method that utilizes the neural network to profile the relationship between the side-channel information and the intermediate value. Since the neural network interprets each point of the signal in a different dimension, jitter makes it much hard that the neural network with dimension-wise weights learns the relationship. This paper shows that replacing the fully-connected layer of the traditional CNN (Convolutional Neural Network) with global average pooling (GAP) allows us to design the inherently robust neural network inherently for jitter. We experimented with the ChipWhisperer-Lite board to demonstrate the proposed method: as a result, the validation accuracy of the CNN with a fully-connected layer was only up to 1.4%; contrastively, the validation accuracy of the CNN with GAP was very high at up to 41.7%.

• Journal of Communications and Networks
• /
• v.11 no.6
• /
• pp.538-543
• /
• 2009

A wiretap channel I is one of the channel models that was proved to achieve unconditional security. However, it has been an open problem in realizing such a channel model in a practical network environment. The paper is committed to solve the open problem by introducing a novel approach for building wiretap channel I in which the eavesdropper sees a binary symmetric channel (BSC) with error probability p while themain channel is error free. By taking advantage of the feedback and low density parity check (LDPC) codes, our scheme adds randomness to the feedback signals from the destination for keeping an eavesdropper ignorant; on the other hand, redundancy is added and encoded by the LDPC codes such that a legitimate receiver can correctly receive and decode the signals. With the proposed approach, unconditionallysecure communication can be achieved through interactive communications, in which the legitimate partner can realize the secret information transmission without a pre-shared secret key even if the eavesdropper has better channel from the beginning.