• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.20 no.2
• /
• pp.33-41
• /
• 2010

Many experimental results shows that RSA-CRT algorithm can be broken by fault analysis attacks. We analyzed the previous fault attacks and their countermeasures on RSA-CRT algorithm and found an weakness of the countermeasure proposed by Abid and Wang. Based on these analyses, we propose a new countermeasure which uses both double exponentiation and fault infective computation method. The proposed method efficiently computes a fault verification information using double exponentiation. And, it is designed to resist simple power analysis attack and (N-1) attack.

• Proceedings of the IEEK Conference
• /
• 2004.06b
• /
• pp.521-524
• /
• 2004

For implementation of Cryptographic algorithms, security against implementation attacks such as side-channel attacks as well as the speed and the size of the circuit is important. Power Analysis attacks are powerful techniques of side-channel attacks to exploit secret information of crypto-processors. In this thesis the FPGA implementation of versatile elliptic crypto-processor is described. Explain the analysis of power consumption of ALTERA FPGA(FLEX10KE) that is used in our hand made board. Conclusively this thesis presents clear proof that implementations of Elliptic Curve Crypto-systems are vulnerable to Differential Power Analysis attacks as well as Simple Power Analysis attacks.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2012.07a
• /
• pp.389-392
• /
• 2012

스마트폰의 USIM은 사용자가 별도로 인증정보를 입력할 필요가 없는 매우 편리한 인증 방법을 제공한다. 그러나 USIM에 저장된 정보가 외부로 유출될 경우 공격자가 손쉽게 정당한 사용자로 위장할 수 있는 문제점이 있다. 특히 USIM은 스마트카드에서 실행되는 어플리케이션이므로 기존에 스마트카드에 적용되었던 부채널 분석 공격 기법들이 USIM에도 적용 가능할 것으로 예상된다. 이에 본 논문에서는 스마트폰 USIM에 대한 부채널 분석 공격 가능성에 대해서 분석하고 스마트폰 USIM에 적용될 수 있는 부채널 분석 환경을 제안한다.

• ETRI Journal
• /
• v.43 no.4
• /
• pp.746-757
• /
• 2021

Side-channel attacks pose an inevitable challenge to the implementation of cryptographic algorithms, and it is important to mitigate them. This work identifies a novel data encoding technique based on 1-of-4 codes to resist differential power analysis attacks, which is the most investigated category of side-channel attacks. The four code words of the 1-of-4 codes, namely (0001, 0010, 1000, and 0100), are split into two sets: set-0 and set-1. Using a select signal, the data processed in hardware is switched between the two encoding sets alternately such that the Hamming weight and Hamming distance are equalized. As a case study, the proposed technique is validated for the NIST standard AES-128 cipher. The proposed technique resists differential power analysis performed using statistical methods, namely correlation, mutual information, difference of means, and Welch's t-test based on the Hamming weight and distance models. The experimental results show that the proposed countermeasure has an area overhead of 2.3× with no performance degradation comparatively.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2011.04a
• /
• pp.1016-1019
• /
• 2011

RSA-CRT 알고리즘은 RSA 의 지수승 연산의 효율성을 향상시키기 위해 널리 사용되고 있으며, CRT 를 적용한 알고리즘은 다양한 방법의 부채널 분석(Side Channel Analysis)으로부터 약점이 노출되어 왔다. 그 중 Boer 등에 의해 발표된 MRED 분석 방법은, 등 간격의 데이터(Equidistant Data)를 이용하여 CRT 의 모듈러 리덕션 연산(Modular Reduction)결과로부터의 약점을 활용하여 일반적인 DPA 분석 법을 적용시킨 방법이다. 우리는 리덕션 결과의 데이터에 의존한 분석에서 벗어나, 리덕션 알고리즘 중간 연산 과정을 공격하는 새로운 공격 방법을 개발하였으며, 새로운 공격은 오직 "$256{\times}n$개"의 파형만으로 키 공간을 상당히 줄일 수 있기 때문에, 제한된 평문 수에서 이전에 알려져 있던 일반적인 MRED 분석 방법보다 향상된 분석 성능을 제공한다. 본 논문은 리더션 연산과정을 이용한 새로운 전력 분석 방법을 실제 MCU Chip 을 이용한 분석 결과를 제안한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.2
• /
• pp.83-92
• /
• 2013

RSA-CRT is a widely used algorithm that provides high performance implementation of the RSA-signature algorithm. Many previous studies on each operation step have been published to verify the physical leakages of RSA-CRT when used in smart devices. This paper proposes SAED (subtraction algorithm analysis on equidistant data), which extracts sensitive information using the event information of the subtraction operation in a reduction algorithm. SAED is an attack method that uses algorithm-dependent power signal changes. An adversary can extract a key using differential power analysis (DPA) of the subtraction operation. This paper indicates the theoretical rationality of SAED, and shows that its results are better than those of other methods. According to our experiments, only 256 power traces are sufficient to acquire one block of data. We verify that this method is more efficient than those proposed in previously published studies.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1100-1123
• /
• 2019

A code-based cryptosystem can resist quantum-computing attacks. However, an original system based on the Goppa code has a large key size, which makes it unpractical in embedded devices with limited sources. Many special error-correcting codes have recently been developed to reduce the key size, and yet these systems are easily broken through side channel attacks, particularly differential power analysis (DPA) attacks, when they are applied to hardware devices. To address this problem, a higher-order masking scheme for a McEliece cryptosystem based on the quasi-dyadic moderate density parity check (QD-MDPC) code has been proposed. The proposed scheme has a small key size and is able to resist DPA attacks. In this paper, a novel McEliece cryptosystem based on the QD-MDPC code is demonstrated. The key size of this novel cryptosystem is reduced by 78 times, which meets the requirements of embedded devices. Further, based on the novel cryptosystem, a higher-order masking scheme was developed by constructing an extension Ishai-Sahai-Wagne (ISW) masking scheme. The authenticity and integrity analysis verify that the proposed scheme has higher security than conventional approaches. Finally, a side channel attack experiment was also conducted to verify that the novel masking system is able to defend against high-order DPA attacks on hardware devices. Based on the experimental validation, it can be concluded that the proposed higher-order masking scheme can be applied as an advanced protection solution for devices with limited resources.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.3
• /
• pp.27-35
• /
• 2009

Differential Power Analysis (DPA) based on the statistical characteristics of collected signals has been known as an efficient attack for uncovering secret key of crypto-systems. However, the attack performance of this method is affected very much by the temporal misalignment and the noise of collected side channel signals. In this paper, we propose a new method based on wavelet analysis to surmount the temporal misalignment and the noise problem simultaneously in DPA. The performance of the proposed method is then evaluated while analyzing the power consumption signals of Micro-controller chips during a DES operation. The experimental results show that our proposed method based on wavelet analysis requires only 25% traces compared with those of the previous preprocessing methods to uncover the secret key.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.27-35
• /
• 2011

Design of Sensor nodes in Wireless Sensor Network(WSN) should be considered some properties as electricity consumption, transmission speed, range, etc., and also be needed the protection against various attacks (e.g., eavesdropping, hacking, leakage of customer's secret data, and denial of services). The stream cipher Rabbit, selected for the final eSTREAM portfolio organized by EU ECRYPT and selected as algorithm in part of ISO/IEC 18033-4 Stream Ciphers on ISO Security Standardization recently, is a high speed stream cipher suitable for WSN. Since the stream cipher Rabbit was evaluated the complexity of side-channel analysis attack as 'Medium' in a theoretical approach, thus the method of power analysis attack to the stream cipher Rabbit and the verification of our method by practical experiments were described in this paper. We implemented the stream cipher Rabbit without countermeasures of power analysis attack on IEEE 802.15.4/ZigBee board with 8-bit RISC AVR microprocessor ATmega128L chip, and performed the experiments of power analysis based on difference of means and template using a Hamming weight model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.33-41
• /
• 2012

A differential fault analysis(DFA) is one of the most important side channel attacks on block ciphers. Most block ciphers, such as DES, AES, ARIA, SEED and so on., have been analysed by this attack. PRESENT is a 64-bit block cipher with 80/128-bit secret keys and has a 31-round SP-network. So far, several DFAs on PRESENT have been proposed. These attacks recovered 80, 128-bit secret keys of PRESENT with 8~64 fault injections. respectively. In this paper, we propose an improved DFA on PRESENT-80/128. Our attack can reduce the complexity of exhaustive search of PRESENT-80(resp. 128) to on average 1.7(resp. $2^{22.3}$) with 2(resp. 3) fault injections, From these results, our attack results are superior to known DFAs on PRESENT.