• Title/Summary/Keyword: masking Countermeasure

Search Result 30, Processing Time 0.027 seconds

A Secure Masking-based ARIA Countermeasure for Low Memory Environment Resistant to Differential Power Attack (저메모리 환경에 적합한 마스킹기반의 ARIA 구현)

  • Yoo Hyung-So;Kim Chang-Kyun;Park Il-Hwan;Moon Sang-Jae;Ha Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.3
    • /
    • pp.143-155
    • /
    • 2006
  • ARIA is a 128-bit block cipher, which became a Korean Standard in 2004. According to recent research, this cipher is attacked by first order DPA attack. In this paper, we propose a new masking technique as a countermeasure against first order DPA attack and apply it to the ARIA. The proposed method is suitable for low memory environment. By using this countermeasure, we verified that it is secure against first order DPA attack. In addition, our method based on precomputation of inverse table can reduce the computational cost as increasing the number of S-BOX masking.

Side Channel Attack on Block Cipher SM4 and Analysis of Masking-Based Countermeasure (블록 암호 SM4에 대한 부채널 공격 및 마스킹 기반 대응기법 분석)

  • Bae, Daehyeon;Nam, Seunghyun;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.39-49
    • /
    • 2020
  • In this paper, we show that the Chinese standard block cipher SM4 is vulnerable to the side channel attacks and present a countermeasure to resist them. We firstly validate that the secret key of SM4 can be recovered by differential power analysis(DPA) and correlation power analysis(CPA) attacks. Therefore we analyze the vulnerable element caused by power attack and propose a first order masking-based countermeasure to defeat DPA and CPA attacks. Although the proposed countermeasure unfortunately is still vulnerable to the profiling power attacks such as deep learning-based multi layer perceptron(MLP), it can sufficiently overcome the non-profiling attacks such as DPA and CPA.

An Algorithm for Switching from Arithmetic to Boolean Masking with Low Memory (저메모리 기반의 산술 마스킹에서 불 마스킹 변환 알고리즘)

  • Kim, HanBit;Kim, HeeSeok;Kim, TaeWon;Hong, SeokHie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.5-15
    • /
    • 2016
  • Power analysis attacks are techniques to analyze power signals to find out the secrets when cryptographic algorithm is performed. One of the most famous countermeasure against power analysis attacks is masking methods. Masking types are largely classified into two types which are boolean masking and arithmetic masking. For the cryptographic algorithm to be used with boolean and arithmetic masking at the same time, the converting algorithm can switch between boolean and arithmetic masking. In this paper we propose an algorithm for switching from boolean to arithmetic masking using storage size at less cost than ones. The proposed algorithm is configured to convert using the look-up table without the least significant bit(LSB), because of equal the bit of boolean and arithmetic masking. This makes it possible to design a converting algorithm compared to the previous algorithm at a lower cost without sacrificing performance. In addition, by applying the technique at the LEA it showed up to 26 percent performance improvement over existing techniques.

A Power Analysis Attack Countermeasure Not Using Masked Table for S-box of AES, ARIA and SEED (마스킹 테이블을 사용하지 않는 AES, ARIA, SEED S-box의 전력 분석 대응 기법)

  • Han, Dong-Guk;Kim, Hee-Seok;Song, Ho-Geun;Lee, Ho-Sang;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.149-156
    • /
    • 2011
  • In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate values in the en/decryption computations are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the countermeasure for S-box must be efficiently constructed in the case of AES, ARIA and SEED. Existing countermeasures for S-box use the masked S-box table to require 256 bytes RAM corresponding to one S-box. But, the usage of the these countermeasures is not adequate in the lightweight security devices having the small size of RAM. In this paper, we propose the new countermeasure not using the masked S-box table to make up for this weak point. Also, the new countermeasure reduces time-complexity as well as the usage of RAM because this does not consume the time for generating masked S-box table.

Correlation Power Analysis Attack on Lightweight Block Cipher LEA and Countermeasures by Masking (경량 블록암호 LEA에 대한 상관관계 전력분석 공격 및 마스킹 대응 기법)

  • An, Hyo-Sik;Shin, Kyung-Wook
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.7
    • /
    • pp.1276-1284
    • /
    • 2017
  • Lightweight Encryption Algorithm (LEA) that was standardized as a lightweight block cipher was implemented with 8-bit data path, and the vulnerability of LEA encryption processor to correlation power analysis (CPA) attack was analyzed. The CPA used in this paper detects correct round keys by analyzing correlation coefficient between the Hamming distance of the computed data by applying hypothesized keys and the power dissipated in LEA crypto-processor. As a result of CPA attack, correct round keys were detected, which have maximum correlation coefficients of 0.6937, 0.5507, and this experimental result shows that block cipher LEA is vulnerable to power analysis attacks. A masking method based on TRNG was proposed as a countermeasure to CPA attack. By applying masking method that adds random values obtained from TRNG to the intermediate data of encryption, incorrect round keys having maximum correlation coefficients of 0.1293, 0.1190 were analyzed. It means that the proposed masking method is an effective countermeasure to CPA attack.

Practical Biasing Power Analysis breaking Side Channel Attack Countermeasures based on Masking-Shuffling techniques (마스킹-셔플링 부채널 대응법을 해독하는 실용적인 편중전력분석)

  • Cho, Jong-Won;Han, Dong-Guk
    • Journal of the Institute of Electronics and Information Engineers
    • /
    • v.49 no.9
    • /
    • pp.55-64
    • /
    • 2012
  • Until now, Side Channel Attack has been known to be effective to crack decrypt key such as smart cards, electronic passports and e-ID card based on Chip. Combination of Masking and shuffling methods have been proposed practical countermeasure. Newly, S.Tillich suggests biased-mask using template attack(TA) to attack AES with masking and shuffling. However, an additional assumption that is acquired template information previously for masking value is necessary in order to apply this method. Moreover, this method needs to know exact time position of the target masking value for higher probability of success. In this paper, we suggest new practical method called Biasing Power Analysis(BPA) to find a secret key of AES based on masking-shuffling method. In BPA, we don't use time position and template information from masking value. Actually, we do experimental works of BPA attack to 128bit secret key of AES based on masking-shuffling method performed MSP430 Chip and we succeed in finding whole secret key. The results of this study will be utilized for next-generation ID cards to verify physical safety.

Efficient Masked Implementation for SEED Based on Combined Masking

  • Kim, Hee-Seok;Cho, Young-In;Choi, Doo-Ho;Han, Dong-Guk;Hong, Seok-Hie
    • ETRI Journal
    • /
    • v.33 no.2
    • /
    • pp.267-274
    • /
    • 2011
  • This paper proposes an efficient masking method for the block cipher SEED that is standardized in Korea. The nonlinear parts of SEED consist of two S-boxes and modular additions. However, the masked version of these nonlinear parts requires excessive RAM usage and a large number of operations. Protecting SEED by the general masking method requires 512 bytes of RAM corresponding to masked S-boxes and a large number of operations corresponding to the masked addition. This paper proposes a new-style masked S-box which can reduce the amount of operations of the masking addition process as well as the RAM usage. The proposed masked SEED, equipped with the new-style masked S-box, reduces the RAM requirements to 288 bytes, and it also reduces the processing time by 38% compared with the masked SEED using the general masked S-box. The proposed method also applies to other block ciphers with the same nonlinear operations.

Application and Analysis of Masking Method to Implement Secure Lightweight Block Cipher CHAM Against Side-Channel Attack Attacks (부채널 공격에 대응하는 경량 블록 암호 CHAM 구현을 위한 마스킹 기법 적용 및 분석)

  • Kwon, Hongpil;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.4
    • /
    • pp.709-718
    • /
    • 2019
  • A lightweight block cipher CHAM designed for suitability in resource-constrained environment has reasonable security level and high computational performance. Since this cipher may contain intrinsic weakness on side channel attack, it should adopt a countermeasure such as masking method. In this paper, we implement the masked CHAM cipher on 32-bit microprosessor Cortex-M3 platform to resist against side channel attack and analyze their computational performance. Based on the shortcoming of having many round functions, we apply reduced masking method to the implementation of CHAM cipher. As a result, we show that the CHAM-128/128 algorithm applied reduced masking technique requires additional operations about four times.

Investigation of Masking Based Side Channel Countermeasures for LEA (LEA에 대한 마스킹 기반 부채널분석 대응기법에 관한 분석)

  • Kim, ChangKyun;Park, JaeHoon;Han, Daewan;Lee, Dong Hoon
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.6
    • /
    • pp.1431-1441
    • /
    • 2016
  • In case of ARX based block cipher algorithms with masking countermeasures, there is a need for a method to convert between Boolean masking and arithmetic masking. However, to apply masking countermeasures to ARX based algorithms is less efficient compared to masked AES with single masking method because converting between Boolean and arithmetic masking has high computation time. This paper shows performance results on 32-bit platform implementations of LEA with various masking conversion countermeasures against first order side channel attacks. In the implementation point of view, this paper presents computation time comparison between actual measurement value and theoretical one. This paper also confirms that the masked implementations of LEA are secure against first order side channel attacks by using a T-test.

A Secure ARIA implementation resistant to Differential Power Attack using Random Masking Method (랜덤 마스킹 기법을 이용한 DPA 공격에 안전한 ARIA 구현)

  • Yoo Hyung-So;Kim Chang-Kyun;Park Il-Hwan;Moon Sang-Jae;Ha Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.2
    • /
    • pp.129-139
    • /
    • 2006
  • ARIA is a 128-bit block cipher, which became a Korean Standard in 2004. According to recent research this cipher is attacked by first order DPA attack In this paper, we explain a masking technique that is a countermeasure against first order DPA attack and apply it to the ARIA. And we implemented a masked ARIA for the 8 bit microprocessor based on AVR in software. By using this countermeasure, we verified that it is secure against first order DPA attack.