• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.31-39
• /
• 2008

The development of next-generation resident registration cards, financial IC cards and administrative agency IC cards based on a smart card is currently coming out in Korea. However, the low-price IC cards without countermeasures against side channel analysis attacks are expected to be used fer cost reduction. This paper has investigated the side channel resistance of financial IC cards that are currently in use and have performed DPA attacks on the financial IC cards. We have been able to perform successful DPA attacks on these cards by using only 100 power measurement traces. From our experiment results, we have been able to extract the master key used for encryption of a count PIN number.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.585-591
• /
• 2013

Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

• ETRI Journal
• /
• v.37 no.3
• /
• pp.584-594
• /
• 2015

To date, many different kinds of logic styles for hardware countermeasures have been developed; for example, SABL, TDPL, and DyCML. Current mode-based logic styles are useful as they consume less power compared to voltage mode-based logic styles such as SABL and TDPL. Although we developed TPDyCML in 2012 and presented it at the WISA 2012 conference, we have further optimized it in this paper using a binary decision diagram algorithm and confirmed its properties through a practical implementation of the AES S-box. In this paper, we will explain the outcome of HSPICE simulations, which included correlation power attacks, on AES S-boxes configured using a compact NMOS tree constructed from either SABL, CMOS, TDPL, DyCML, or TPDyCML. In addition, to compare the performance of each logic style in greater detail, we will carry out a mutual information analysis (MIA). Our results confirm that our logic style has good properties as a hardware countermeasure and 15% less information leakage than those secure logic styles used in our MIA.

• Journal of the Institute of Electronics Engineers of Korea CI
• /
• v.48 no.2
• /
• pp.117-126
• /
• 2011

RSA-CRT algorithm is widely used to improve the performance of RSA algorithm. However, it is also vulnerable to side channel attacks like as general RSA. One of the power attacks on RSA-CRT, proposed by Boer et al., is a power analysis which utilizes reduction steps of RSA-CRT algorithm with equidistant chosen messages, called as ECMPA(Equidistant Chosen Messages Power Analysis) or MRED(Modular Reduction on Equidistant Data) analysis. This method is to find reduction output value r=xmodp which has the same equidistant patterns as equidistant messages. One can easily compute secret prime p from exposure of r. However, the result of analysis from a reduction step in [5] is remarkably different in our experiment from what Boer expected in [5]. Especially, we found that there are Ghost key patterns depending on the selection of attack bits and selected reduction algorithms. Thus, in this paper we propose several Ghost key patterns unknown to us until now, then we suggest enhanced and detailed analyzing methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.3
• /
• pp.27-35
• /
• 2011

Design of Sensor nodes in Wireless Sensor Network(WSN) should be considered some properties as electricity consumption, transmission speed, range, etc., and also be needed the protection against various attacks (e.g., eavesdropping, hacking, leakage of customer's secret data, and denial of services). The stream cipher Rabbit, selected for the final eSTREAM portfolio organized by EU ECRYPT and selected as algorithm in part of ISO/IEC 18033-4 Stream Ciphers on ISO Security Standardization recently, is a high speed stream cipher suitable for WSN. Since the stream cipher Rabbit was evaluated the complexity of side-channel analysis attack as 'Medium' in a theoretical approach, thus the method of power analysis attack to the stream cipher Rabbit and the verification of our method by practical experiments were described in this paper. We implemented the stream cipher Rabbit without countermeasures of power analysis attack on IEEE 802.15.4/ZigBee board with 8-bit RISC AVR microprocessor ATmega128L chip, and performed the experiments of power analysis based on difference of means and template using a Hamming weight model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.35-45
• /
• 2011

The Salsa20/12 stream cipher selected for the final eSTREAM portfolio has a better performance than software implementation of AES using an 8-bit microprocessor with restricted memory space, In the theoretical approach, the evaluation of exploitable timing vulnerability was 'none' and the complexity of side-channel analysis was 'low', but there is no literature of the practical result of power analysis attack. Thus we propose the correlation power analysis attack method and prove the feasibility of our proposed method by practical experiments, We used an 8-bit RISC AVR microprocessor (ATmegal128L chip) to implement Salsa20/12 stream cipher without any countermeasures, and performed the experiments of power analysis based on Hamming weight model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.5
• /
• pp.761-773
• /
• 2023

This paper proposes a method to increase the power-analysis resistance of the neural network model's feedforward process by replacing the exponential-based activation function, used in the deep-learning field, with an approximated function especially at the multi-layer perceptron model. Due to its nature, the feedforward process of neural networks calculates secret weight and bias, which already trained, so it has risk of exposure of internal information by side-channel attacks. However, various functions are used as the activation function in neural network, so it's difficult to apply conventional side-channel countermeasure techniques, such as masking, to activation function(especially, to exponential-based activation functions). Therefore, this paper shows that even if an exponential-based activation function is replaced with approximated function of simple form, there is no fatal performance degradation of the model, and than suggests a power-analysis resistant feedforward neural network with exponential-based activation function, by masking approximated function and whole network.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.261-269
• /
• 2014

There are many researches on fast exponentiation algorithm which is used to implement a public key cryptosystem such as RSA. On the other hand, the malicious attacker has tried various side-channel attacks to extract the secret key. In these attacks, an attacker uses the power consumption or electromagnetic radiation of cryptographic devices which is measured during computation of exponentiation algorithm. In this paper, we propose a novel simple power analysis attack on m-ary exponentiation implementation. The core idea of our attack on m-ary exponentiation with pre-computation process is that an attacker controls the input message to identify the power consumption patterns which are related with secret key. Furthermore, we implement the m-ary exponentiation on evaluation board and apply our simple power analysis attack to it. As a result, we verify that the secret key can be revealed in experimental environment.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.2
• /
• pp.83-92
• /
• 2013

RSA-CRT is a widely used algorithm that provides high performance implementation of the RSA-signature algorithm. Many previous studies on each operation step have been published to verify the physical leakages of RSA-CRT when used in smart devices. This paper proposes SAED (subtraction algorithm analysis on equidistant data), which extracts sensitive information using the event information of the subtraction operation in a reduction algorithm. SAED is an attack method that uses algorithm-dependent power signal changes. An adversary can extract a key using differential power analysis (DPA) of the subtraction operation. This paper indicates the theoretical rationality of SAED, and shows that its results are better than those of other methods. According to our experiments, only 256 power traces are sufficient to acquire one block of data. We verify that this method is more efficient than those proposed in previously published studies.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.6A
• /
• pp.540-548
• /
• 2002

Attacks have been proposed that use side information as timing measurements, power consumption, electromagnetic emissions and faulty hardware. Elimination side-channel information or prevention it from being used to attack a secure system is an tractive ares of research. In this paper, differential power analysis techniques to attack the DES are experimented and analyzed. And we propose the prevention of DPA attack by software implementation technique.