• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.4
• /
• pp.17-24
• /
• 2010

A differential fault attack(DFA) is one of the most efficient side channel attacks on block ciphers. Almost all block ciphers, such as DES, AES, ARIA, SEED and so on., have been analysed by this attack. In the case of the known DFAs on SEED, the attacker induces permanent faults on a whole left register of round 16. In this paper, we analyse SEED against DFA with differential characteristics and addition-XOR characteristics of the round function of SEED. The fault assumption of our attack is that the attacker induces 1-bit faults on a particular register. By using our attack, we can recover last round keys and the master key with about $2^{32}$ simple arithmetic operations. It can be simulated on general PC within about a couple of second.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.21-28
• /
• 2009

In the recent years, power attacks were widely investigated, and so various countermeasures have been proposed, In the case of block ciphers, masking methods that blind the intermediate values in the algorithm computations(encryption, decryption, and key-schedule) are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the inversion of S-box is the most significant part in the case of AES. This fact make various countermeasures be proposed for reducing the cost of masking inversion and Zakeri's method using normal bases over the composite field is known to be most efficient algorithm among these masking method. We rearrange the masking inversion operation over the composite field and so can find duplicated multiplications. Because of these duplicated multiplications, our method can reduce about 10.5% gates in comparison with Zakeri's method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1263-1270
• /
• 2020

The differential fault attacks (DFA) are cryptoanalysis methods that reveal the secret key utilizing differences between the normal and faulty ciphertexts, which occurred when artificial faults are injected into an encryption device. The conventional DFA methods use faults to falsify intermediate values. Meanwhile, we propose the novel DFA method that uses a fault to skip a function. The proposed method has a very low attack complexity that reveals the secret key using one fault injected ciphertext within seconds. Also, we proposed a method that filters out ciphertexts where the injected faults did not occur the function-skipping. It makes our method realistic. To demonstrate the proposed method, we performed fault injection on the Riscure's Piñata board. As a result, the proposed method can filter out and reveal the secret key within seconds on a real device.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.25 no.3
• /
• pp.419-426
• /
• 2021

A high-performance elliptic curve cryptography processor (HP-ECCP) was designed to support five field sizes of 192, 224, 256, 384 and 521 bits over GF(p) defined in NIST FIPS 186-2, and it provides eight modes of arithmetic operations including ECPSM, ECPA, ECPD, MA, MS, MM, MI and MD. In order to make the HP-ECCP resistant to side-channel attacks, a modified left-to-right binary algorithm was used, in which point addition and point doubling operations are uniformly performed regardless of the Hamming weight of private key used for ECPSM. In addition, Karatsuba-Ofman multiplication algorithm (KOMA), Lazy reduction and Nikhilam division algorithms were adopted for designing high-performance modular multiplier that is the core arithmetic block for elliptic curve point operations. The HP-ECCP synthesized using a 180-nm CMOS cell library occupied 620,846 gate equivalents with a clock frequency of 67 MHz, and it was evaluated that an ECPSM with a field size of 256 bits can be computed 2,200 times per second.

• Korean Journal of Clinical Laboratory Science
• /
• v.54 no.2
• /
• pp.157-162
• /
• 2022

The purpose of the direct cortical and subcortical stimulation technique is to prevent false positives caused by transcranial electrical motor evoked potentials (TceMEP) in surgery on patients with brain tumors that have occurred around the motor cortex and to preserve the correct mapping of motor areas during surgery and the corticospinal tract. In addition, it reduces the trial and error that occurs during the intraoperative neurophysiological monitoring (INM) process and minimizes the test time, so that accurate information is communicated to the surgeon with quick feedback on the test results. The most important factors of this technique are, first, examination at a stimulus threshold of a certain intensity, and second, maintaining anesthesia depth at an appropriate level to prevent false positives from occurring during surgery. The third is the installation of a multi-level channel recording electrode on the opposite side of the area of operation to measure the TceMEP waveform and the response to direct cortical and subcortical stimulation in as many muscles as possible. If these conditions are maintained, it is possible to predict causes that may occur in other factors, not false positives, from the INM test.

• Journal of Korea Port Economic Association
• /
• v.37 no.3
• /
• pp.75-91
• /
• 2021

Due to increased competition in supply side to reduce operational costs, port professionals have experienced extreme pressure, which demanded academicians to develop the model for efficient port operations from the industry perspective. Among many ports in the world, U.S. ports are our primary interest to analyze in our study for its high volume of cargoes transacted in the U.S. ports. We primarily employed DEA (Data Envelopment Analysis) technique to research the productivity of U.S. ports and applied the algorithm of double bootstrapped DEA proposed by Simar & Wilson (2007) to further investigate the driving forces of the performance of U.S. port operations. The external variables employed in our study comprise onDock Rail, Channel Depth, Location, Area, Acres, ForeignCargoRatio, and TEUChange, out of which onDock Rail, Acres, ForeignCargoRatio, and TEUChange were significant. In order to evaluate the effects of methodology selection, we conducted the same analysis applying the Censored model (Tobit) and contrasted the outcomes drawn from the two different techniques. Based on the findings from this work we proposed managerial implications and concluded.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.5
• /
• pp.965-973
• /
• 2022

As IoT(Internet of Things) devices become common, many algorithms have been developed to protect users' personal information. The laser fault injection attack that threatens those algorithms is a side-channel analysis that intentionally injects a laser beam to the outside of a device to acquire confidential information or abnormal privileges of the system. There are many studies to determine the timing of fault injection to reduce the number of necessary fault injections, but the location to inject faults is only repeatedly searched for the entire area of the device. However, when fault injection is performed in an algorithm-independent area, the attacker cannot obtain the intended faulted statement or attempt to bypass authentication, so finding areas vulnerable to fault injection and performing an attack is an important consideration in achieving a high attack success rate. In this paper, we show that a 100% attack success rate can be achieved by determining the vulnerable areas for fault injection by using electromagnetic and thermal information generated from the device's chip. Based on this, we propose an efficient fault injection attack system.

• Journal of the Korean Society of Industry Convergence
• /
• v.25 no.6_3
• /
• pp.1147-1154
• /
• 2022

Now that the development of autonomous driving is progressing, LiDAR has become an indispensable element. However, LiDAR is a device that uses lasers, and laser side effects may occur. One of them is the much-talked-about eye-safety, and developers have been satisfying this through laser characteristics and operation methods. But eye-safety is just one of the problems lasers pose. For example, irradiating a laser with a specific energy level or higher in a dusty environment can cause deterioration of the dust particles, leading to a sudden explosion. For this reason, the dust ignition proof regulations clearly state that "a source with a pulse period of less than 5 seconds is considered a continuous light source, and the average energy does not exceed 5 mJ/mm 2 or 35 mW" [2]. Energy of output optical power is limited by the law. In this way, the manufacturer cannot define the usage environment of the LiDAR, and the development of a LiDAR that can be used in such an environment can increase the ripple effect in terms of use in application fields using the LiDAR. In this paper, we develop a LiDAR with low optical power that can be used in environments where high power lasers can cause problems, evaluate its performance. Also, we discuss and present one of the directions for the development of LiDAR with laser power limited by dust ignition proof regulations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.2
• /
• pp.151-164
• /
• 2023

Recently, the development of quantum computers means a great threat to existing public key system based on discrete algebra problems or factorization problems. Accordingly, NIST is currently in the process of contesting and screening PQC(Post Quantum Cryptography) that can be implemented in both the computing environment and the upcoming quantum computing environment. Among them, SIKE is the only Isogeny-based cipher and has the advantage of a shorter public key compared to other PQC with the same safety. However, like conventional cryptographic algorithms, all quantum-resistant ciphers must be safe for existing cryptanlysis. In this paper, we studied power analysis-based cryptographic analysis techniques for SIKE, and notably we analyzed SIKE through wavelet transformation and deep learning-based clustering power analysis. As a result, the analysis success rate was close to 100% even in SIKE with applied masking response techniques that defend the accuracy of existing clustering power analysis techniques to around 50%, and it was confirmed that was the strongest attack on SIKE.

• KSCE Journal of Civil and Environmental Engineering Research
• /
• v.26 no.6B
• /
• pp.623-631
• /
• 2006

A new model, the periodic transient storage zone model, is developed to describe solute transport mixing in natural streams and rivers with various bottom boundaries. To assess the effects of storage zones structure on transient storage exchange, we analyze data from salt and dye injection experiments in a recirculating laboratory flume with four spatially periodic pool-riffle sequences characteristic of natural river systems under low flow conditions. Dye injections show that solute transport mixing controlled by surface shapes of both the bed and the side in channels. As no existing transient storage model could represent these effects, we developed a new axially periodic transient storage zone model that better represent the effects of channel characteristics in natural river systems. The new model is also fitted to data from salt tracer injection experiments in four reaches of the upper Sabin River, Texas, USA. The proposed model is in good agreement with the field experimental data.