• 제목/요약/키워드: Side-channel attack

Search Result 166, Processing Time 0.023 seconds

Enhanced and Practical Alignment Method for Differential Power Analysis (차분 전력 분석 공격을 위한 향상되고 실제적인 신호 정렬 방법)

  • Park, Jea-Hoon;Moon, Sang-Jae;Ha, Jae-Cheol;Lee, Hoon-Jae
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.5
    • /
    • pp.93-101
    • /
    • 2008
  • Side channel attacks are well known as one of the most powerful physical attacks against low-power cryptographic devices and do not take into account of the target's theoretical security. As an important succeeding factor in side channel attacks (specifically in DPAs), exact time-axis alignment methods are used to overcome misalignments caused by trigger jittering, noise and even some countermeasures intentionally applied to defend against side channel attacks such as random clock generation. However, the currently existing alignment methods consider only on the position of signals on time-axis, which is ineffective for certain countermeasures based on time-axis misalignments. This paper proposes a new signal alignment method based on interpolation and decimation techniques. Our proposal can align the size as well as the signals' position on time-axis. The validity of our proposed method is then evaluated experimentally with a smart card chip, and the results demonstrated that the proposed method is more efficient than the existing alignment methods.

Countermeasure against Chosen Ciphertext Spa Attack of the Public-Key Cryptosystem Based on Ring-Lwe Problem (Ring-LWE 기반 공개키 암호시스템의 선택 암호문 단순전력분석 공격 대응법)

  • Park, Aesun;Won, Yoo-Seung;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.5
    • /
    • pp.1001-1011
    • /
    • 2017
  • A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

Side channel attack on the Randomized Addition-Subtraction Chains (랜덤한 덧셈-뺄셈 체인에 대한 부채널 공격)

  • 한동국;장남수;장상운;임종인
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.121-133
    • /
    • 2004
  • In [15,16], Okeya and Sakurai showed that the randomized addition-subtraction chains countermeasures [18] are vulnerable to SPA attack. In this paper, we show that Okeya and Sakurai's attack algorithm [15,16] has two latent problems which need to be considered. We further propose new powerful concrete attack algorithms which are different from [15,16,19]. From our implementation results for standard 163-bit keys, the success probability for the simple version with 20 AD sequences is about 94% and with 30 AD sequences is about 99%. Also, the success probability for the complex version with 40 AD sequences is about 94% and with 70 AD sequences is about 99%.

Partial Key Exposure Attack on Unbalanced RSA with small CRT exponent (작은 CRT 지수를 사용한 RSA에서의 일부 키 노출 공격)

  • 이희정
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.135-140
    • /
    • 2004
  • In Crypto 2002 May analyzed the relation between the size of two primes and private key in unbalanced RSA with small CRT exponent. Also in Crypto 2003 he showed that if $N^{1}$4/ amount of most significant bits(least significant bits) of $d_{p}$ is exposed in balanced RSA with CRT, N can be factored. To prove this he used Howgrave-Graham's Theorem. In this paper we show that if $N^{1}$4/ amount of $d_{p}$ , p is smaller than q, and bigger than $N^{0.382}$ to avoid May's attack, is exposed in unbalanced RSA with small CRT exponent, it is enough to expose $d_{p}$ . We use Coppersmith's theorem with unbalanced primes.

Novel Differential Fault Attack Using Function-Skipping on AES (함수 생략 오류를 이용하는 AES에 대한 신규 차분 오류 공격)

  • Kim, Ju-Hwan;Lee, JongHyeok;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.6
    • /
    • pp.1263-1270
    • /
    • 2020
  • The differential fault attacks (DFA) are cryptoanalysis methods that reveal the secret key utilizing differences between the normal and faulty ciphertexts, which occurred when artificial faults are injected into an encryption device. The conventional DFA methods use faults to falsify intermediate values. Meanwhile, we propose the novel DFA method that uses a fault to skip a function. The proposed method has a very low attack complexity that reveals the secret key using one fault injected ciphertext within seconds. Also, we proposed a method that filters out ciphertexts where the injected faults did not occur the function-skipping. It makes our method realistic. To demonstrate the proposed method, we performed fault injection on the Riscure's Piñata board. As a result, the proposed method can filter out and reveal the secret key within seconds on a real device.

Multi-Round CPA on Hardware DES Implementation (하드웨어 DES에 적용한 다중라운드 CPA 분석)

  • Kim, Min-Ku;Han, Dong-Guk;Yi, Ok-Yeon
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.49 no.3
    • /
    • pp.74-80
    • /
    • 2012
  • Recently at SCIS2011, Nakatsu et. al. proposed multi-round Correlation Power Analysis(CPA) on Hardware Advanced Encryption Standard(AES) to improve the performance of CPA with limited number of traces. In this paper, we propose, Multi-Round CPA to retrieve master key using CPA of 1round and 2round on Hardware DES. From the simulation result for the proposed attack method, we could extract 56-bit master key using the 300 power traces of Hardware DES in DPA contes. And it was proved that we can search more master key using multi-round CPA than using single round CPA in limited environments.

Differential Fault Attack on SSB Cipher (SSB 암호 알고리즘에 대한 차분 오류 공격)

  • Kang, HyungChul;Lee, Changhoon
    • Journal of Advanced Navigation Technology
    • /
    • v.19 no.1
    • /
    • pp.48-52
    • /
    • 2015
  • In this paper, we propose a differential fault analysis on SSB having same structure in encryption and decryption proposed in 2011. The target algorithm was designed using advanced encryption standard and has advantage about hardware implementations. The differential fault analysis is one of side channel attacks, combination of the fault injection attacks with the differential cryptanalysis. Because SSB is suitable for hardware, it must be secure for the differential fault analysis. However, using proposed differential fault attack in this paper, we can recover the 128 bit secret key of SSB through only one random byte fault injection and an exhausted search of $2^8$. This is the first cryptanalytic result on SSB having same structure in encryption and decryption.

Practical Second-Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

  • Kim, Hee-Seok;Kim, Tae-Hyun;Yoon, Joong-Chul;Hong, Seok-Hie
    • ETRI Journal
    • /
    • v.32 no.1
    • /
    • pp.102-111
    • /
    • 2010
  • Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary-with-random-initial-point algorithm on elliptical curve cryptosystems. It is known to be secure against first-order differential power analysis (DPA); however, it is susceptible to second-order DPA. Although second-order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second-order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.

Key Recovery Attacks on Fantomas and Robin Using Related-Key Differentials (연관키 차분 특성을 이용한 Fantomas와 Robin의 키 복구 공격)

  • Kim, Hangi;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.28 no.4
    • /
    • pp.803-807
    • /
    • 2018
  • The Fantomas and the Robin are the block ciphers included in the LS-designs, the family of block ciphers. They are designed to efficiently apply the masking technique, which is a side-channel analysis countermeasure technique, using L-boxes and S-boxes capable of bit slice implementation. In this paper, we show that the key recovery attacks of Fantomas and Robin through the related-key differential analysis are possible with $2^{56}$ and $2^{72}$ time complexity, $2^{56}$ and $2^{69}$ chosen plaintext respectively.

An Enhanced Mutual Key Agreement Protocol for Mobile RFID-enabled Devices

  • Mtoga, Kambombo;Yoon, Eun-Jun
    • IEIE Transactions on Smart Processing and Computing
    • /
    • v.1 no.1
    • /
    • pp.65-71
    • /
    • 2012
  • Mobile RFID is a new application that uses a mobile phone as an RFID reader with wireless technology and provides a new valuable service to users by integrating RFID and ubiquitous sensor network infrastructures with mobile communication and wireless Internet. Whereas the mobile RFID system has many advantages, privacy violation problems on the reader side are very concerning to individuals and researchers. Unlike in regular RFID environments, where the communication channel between the server and reader is assumed to be secure, the communication channel between the backend server and the RFID reader in the mobile RFID system is not assumed to be safe. Therefore it has become necessary to devise a new communication protocol that secures the privacy of mobile RFID-enabled devices. Recently, Lo et al. proposed a mutual key agreement protocol that secures the authenticity and privacy of engaged mobile RFID readers by constructing a secure session key between the reader and server. However, this paper shows that this protocol does not meet all of the necessary security requirements. Therefore we developed an enhanced mutual key agreement protocol for mobile RFID-enabled devices that alleviates these concerns. We further show that our protocol can enhance data security and provide privacy protection for the reader in an unsecured mobile RFID environment, even in the presence of an active adversary.

  • PDF