• KIPS Transactions on Computer and Communication Systems
• /
• v.8 no.9
• /
• pp.225-230
• /
• 2019

Recently, with the development of Internet technology, various encryption algorithms have been adopted to protect the sensing data measured by hardware devices. The Advanced Encryption Standard (AES), the most widely used encryption algorithm in the world, is also used in many devices with strong security. However, it has been found that the AES algorithm is vulnerable to side channel analysis attacks such as Differential Power Analysis (DPA) and Correlation Power Analysis (CPA). In this paper, we present a software optimization implementation technique of the AES algorithm applying the most widely known masking technique among side channel analysis attack methods.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.35-43
• /
• 2003

The randomization of scalar multiplication in ECC is one of the fundamental concepts in defense methods against side-channel attacks. This paper proposes a countermeasure against simple and differential power analysis attacks through randomizing the transformed m-ary method based on a random m-ary receding algorithm. The proposed method requires an additional computational load compared to the standard m-ary method, yet the power consumption is independent of the secret key. Accordingly, since computational tracks using random window width can resist against SPA and DPA, the proposed countermeasure can improve the security for smart cards.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.340-344
• /
• 2008

In the block cipher, DPA-resistant masking methods make an appropriation of extremely high cost for the non-linear part. Block ciphers like AES and ARIA use the inversion operation as this non-linear part. This make various countermeasures be proposed for reducing the cost of masking inversion. In this paper, we propose the efficient masking inverter by rearranging the masking inversion operation over the composite field and finding duplicated multiplications.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.155-158
• /
• 2008

In 1989, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic computations even if these are executed inside tamper-resistant devices such as smart card. Since 1989, many papers were published to improve resistance of DPA. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods to protect iterated block ciphers such as DES against Differential Power Attack. The idea is to randomize the first few and last few rounds(3 $\sim$ 4 round) of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds. This paper show how to combine truncated differential cryptanalysis applied to the first few rounds of the cipher with power attacks to extract the secret key from intermediate unmasked values.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.221-223
• /
• 2014

Power analysis attack on cryptographic hardware device aims to study the power consumption while performing operations using secrets keys. Power analysis is a form of side channel attack which allow an attacker to compute the key encryption from algorithm using Simple Power Analysis (SPA), Differential Power Analysis (DPA) or Correlation Power Analysis (CPA). The theoretical weaknesses in algorithms or leaked informations from physical implementation of a cryptosystem are usually used to break the system. This paper describes how power analysis work and we provide an overview of countermeasures against power analysis attacks.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.27 no.6A
• /
• pp.540-548
• /
• 2002

Attacks have been proposed that use side information as timing measurements, power consumption, electromagnetic emissions and faulty hardware. Elimination side-channel information or prevention it from being used to attack a secure system is an tractive ares of research. In this paper, differential power analysis techniques to attack the DES are experimented and analyzed. And we propose the prevention of DPA attack by software implementation technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.15 no.1
• /
• pp.99-107
• /
• 2005

ARIA is a 128-bit block cipher having 128-bit, 192-bit, or 256-bit key length. The cipher is a substitution and permutation encryption network (SPN) and uses an involutional binary matrix. This structure was efficiently developed into light weight environments or hardware implementations. This paper shows that a careless implementation of an ARIA on smartcards is vulnerable to a differential power analysis attack This attack is realistic because we can measure power consumption signals at two kinds of S-boxes and two types of substitution layers. By using the two round key, we extracted the master key (MK).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1099-1103
• /
• 2016

The user's secret key can be retrieved by the leakage informations of power consumption occurred during the execution of scalar multiplication for elliptic curve cryptographic algorithm which can be embedded on a security device. Recently, a carry random recoding method is proposed to prevent simple power and differential power analysis attack by recoding the secret key. In this paper, we show that this recoding method is still vulnerable to the differential power analysis attack due to the limitation of the size of carry bits, which is a different from the original claim.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.4
• /
• pp.59-68
• /
• 2006

Although the cryptographic algorithms in IC chip such as smart card are secure against mathematical analysis attack, they are susceptible to side channel attacks in real implementation. In this paper, we analyze the security of smart card using a developed experimental tool which can perform power analysis attacks and fault insertion attacks. As a result, raw smart card implemented SEED and ARIA without any countermeasure is vulnerable against differential power analysis(DPA) attack. However, in fault attack about voltage and clock on RSA with CRT, the card is secure due to its physical countermeasures.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.2
• /
• pp.1100-1123
• /
• 2019

A code-based cryptosystem can resist quantum-computing attacks. However, an original system based on the Goppa code has a large key size, which makes it unpractical in embedded devices with limited sources. Many special error-correcting codes have recently been developed to reduce the key size, and yet these systems are easily broken through side channel attacks, particularly differential power analysis (DPA) attacks, when they are applied to hardware devices. To address this problem, a higher-order masking scheme for a McEliece cryptosystem based on the quasi-dyadic moderate density parity check (QD-MDPC) code has been proposed. The proposed scheme has a small key size and is able to resist DPA attacks. In this paper, a novel McEliece cryptosystem based on the QD-MDPC code is demonstrated. The key size of this novel cryptosystem is reduced by 78 times, which meets the requirements of embedded devices. Further, based on the novel cryptosystem, a higher-order masking scheme was developed by constructing an extension Ishai-Sahai-Wagne (ISW) masking scheme. The authenticity and integrity analysis verify that the proposed scheme has higher security than conventional approaches. Finally, a side channel attack experiment was also conducted to verify that the novel masking system is able to defend against high-order DPA attacks on hardware devices. Based on the experimental validation, it can be concluded that the proposed higher-order masking scheme can be applied as an advanced protection solution for devices with limited resources.