• Title/Summary/Keyword: profiling attack

Search Result 28, Processing Time 0.028 seconds

Power Trace Selection Method in Template Profiling Phase for Improvements of Template Attack (프로파일링 단계에서 파형 선별을 통한 템플릿 공격의 성능 향상)

  • Jin, Sunghyun;Kim, Taewon;Kim, HeeSeok;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.27 no.1
    • /
    • pp.15-23
    • /
    • 2017
  • Template attack is a powerful side-channel analysis technique which can be performed by an attacker who has a test device that is identical to target device. Template attack is consisted of building template in profiling phase and matching the target device using template that were calculated in profiling phase. One methods to improve the success rate of template attack is to better estimate template which is consisted sample mean and sample covariance matrix of gaussian distribution in template profiling. However restriction of power trace in profiling phase led to poor template estimation. In this paper, we propose new method to select noisy power trace in profiling phase. By eliminating noisy power trace in profiling phase, we can construct more advanced mean and covariance matrix which relates to better performance in template attack. We proved that the proposed method is valid through experiments.

Novel Deep Learning-Based Profiling Side-Channel Analysis on the Different-Device (이종 디바이스 환경에 효과적인 신규 딥러닝 기반 프로파일링 부채널 분석)

  • Woo, Ji-Eun;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.5
    • /
    • pp.987-995
    • /
    • 2022
  • Deep learning-based profiling side-channel analysis has been many proposed. Deep learning-based profiling analysis is a technique that trains the relationship between the side-channel information and the intermediate values to the neural network, then finds the secret key of the attack device using the trained neural network. Recently, cross-device profiling side channel analysis was proposed to consider the realistic deep learning-based profiling side channel analysis scenarios. However, it has a limitation in that attack performance is lowered if the profiling device and the attack device have not the same chips. In this paper, an environment in which the profiling device and the attack device have not the same chips is defined as the different-device, and a novel deep learning-based profiling side-channel analysis on different-device is proposed. Also, MCNN is used to well extract the characteristic of each data. We experimented with the six different boards to verify the attack performance of the proposed method; as a result, when the proposed method was used, the minimum number of attack traces was reduced by up to 25 times compared to without the proposed method.

A Profiling Case Study to Phishing Mail Attack Group (피싱 메일 공격조직에 대한 프로파일링 사례 연구)

  • Lee, Jae-il;Lee, Yong-joon;Kwon, Hyuk-jin
    • Journal of Internet Computing and Services
    • /
    • v.21 no.2
    • /
    • pp.91-97
    • /
    • 2020
  • Recently, phishing attacks targeting those involved in defense, security and unification have been on the rise. In particular, hacking attack organization Kimsuky has been engaged in activities to collect important information from public organizations through phishing attacks since 2013. In this paper, profiling analysis of phishing mail attack organization was performed. Through this process, we estimated the purpose of the attack group and suggested countermeasures.

The Bayesian Framework based on Graphics for the Behavior Profiling (행위 프로파일링을 위한 그래픽 기반의 베이지안 프레임워크)

  • 차병래
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.14 no.5
    • /
    • pp.69-78
    • /
    • 2004
  • The change of attack techniques paradigm was begun by fast extension of the latest Internet and new attack form appearing. But, Most intrusion detection systems detect only known attack type as IDS is doing based on misuse detection, and active correspondence is difficult in new attack. Therefore, to heighten detection rate for new attack pattern, the experiments to apply various techniques of anomaly detection are appearing. In this paper, we propose an behavior profiling method using Bayesian framework based on graphics from audit data and visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate host/network audit data into BF-XML which is behavior profile of semi-structured data type for anomaly detection and to visualize BF-XML as SVG.

Side Channel Attack on Block Cipher SM4 and Analysis of Masking-Based Countermeasure (블록 암호 SM4에 대한 부채널 공격 및 마스킹 기반 대응기법 분석)

  • Bae, Daehyeon;Nam, Seunghyun;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.39-49
    • /
    • 2020
  • In this paper, we show that the Chinese standard block cipher SM4 is vulnerable to the side channel attacks and present a countermeasure to resist them. We firstly validate that the secret key of SM4 can be recovered by differential power analysis(DPA) and correlation power analysis(CPA) attacks. Therefore we analyze the vulnerable element caused by power attack and propose a first order masking-based countermeasure to defeat DPA and CPA attacks. Although the proposed countermeasure unfortunately is still vulnerable to the profiling power attacks such as deep learning-based multi layer perceptron(MLP), it can sufficiently overcome the non-profiling attacks such as DPA and CPA.

Recent advances in deep learning-based side-channel analysis

  • Jin, Sunghyun;Kim, Suhri;Kim, HeeSeok;Hong, Seokhie
    • ETRI Journal
    • /
    • v.42 no.2
    • /
    • pp.292-304
    • /
    • 2020
  • As side-channel analysis and machine learning algorithms share the same objective of classifying data, numerous studies have been proposed for adapting machine learning to side-channel analysis. However, a drawback of machine learning algorithms is that their performance depends on human engineering. Therefore, recent studies in the field focus on exploiting deep learning algorithms, which can extract features automatically from data. In this study, we survey recent advances in deep learning-based side-channel analysis. In particular, we outline how deep learning is applied to side-channel analysis, based on deep learning architectures and application methods. Furthermore, we describe its properties when using different architectures and application methods. Finally, we discuss our perspective on future research directions in this field.

Non-Profiling Analysis Attacks on PQC Standardization Algorithm CRYSTALS-KYBER and Countermeasures (PQC 표준화 알고리즘 CRYSTALS-KYBER에 대한 비프로파일링 분석 공격 및 대응 방안)

  • Jang, Sechang;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1045-1057
    • /
    • 2022
  • Recently, the National Institute of Standards and Technology (NIST) announced four cryptographic algorithms as a standard candidates of Post-Quantum Cryptography (PQC). In this paper, we show that private key can be exposed by a non-profiling-based power analysis attack such as Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) on CRYSTALS-KYBER algorithm, which is decided as a standard in the PKE/KEM field. As a result of experiments, it was successful in recovering the linear polynomial coefficient of the private key. Furthermore, the private key can be sufficiently recovered with a 13.0 Normalized Maximum Margin (NMM) value when Hamming Weight of intermediate values is used as a label in DDLA. In addition, these non-profiling attacks can be prevented by applying countermeasures that randomly divides the ciphertext during the decryption process and randomizes the starting point of the coefficient-wise multiplication operation.

Early Alert System of Vespa Attack to Honeybee Hive: Prototype Design and Testing in the Laboratory Condition (장수말벌 공격 조기 경보 시스템 프로토타입 설계 및 실내 시연)

  • Kim, Byungsoon;Jeong, Seongmin;Kim, Goeun;Jung, Chuleui
    • Journal of Apiculture
    • /
    • v.32 no.3
    • /
    • pp.191-198
    • /
    • 2017
  • Vespa hornets are notorious predators of honeybees in Korean beekeeping. Detection of vespa hornet attacking on honeybee colony was tried through analysis of wing beat frequency profiling from Vespa mandarinia. Wing beat profiles of V. mandarinia during active flight and resting were distinctively different. From the wing beat profiling, algorithm of automated detection of vespa attack was encoded, and alert system was developed using Teensy 3.2 and Raspberry pi 3. From the laboratory testing, the prototype system successfully detected vespa wing beats and delivered the vespa attack information to the user wirelessly. Further development of the system could help precision alert system of the vespa attack to apiary.

Designing SMS Phishing Profiling Model (스미싱 범죄 프로파일링 모델 설계)

  • Jeong, Youngho;Lee, Kukheon;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.2
    • /
    • pp.293-302
    • /
    • 2015
  • With the attack information collected during SMS phishing investigation, this paper will propose SMS phishing profiling model applying criminal profiling. Law enforcement agencies have used signature analysis by apk file hash and analysis of C&C IP address inserted in the malware. However, recently law enforcement agencies are facing the challenges such as signature diversification or code obfuscation. In order to overcome these problems, this paper examined 169 criminal cases and found out that 89% of serial number in cert.rsa and 80% of permission file was reused in different cases. Therefore, the proposed SMS phishing profiling model is mainly based on signature serial number and permission file hash. In addition, this model complements the conventional file hash clustering method and uses code similarity verification to ensure reliability.

Anomaly Detection for IEC 61850 Substation Network (IEC 61850 변전소 네트워크에서의 이상 징후 탐지 연구)

  • Lim, Yong-Hun;Yoo, Hyunguk;Shon, Taeshik
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.5
    • /
    • pp.939-946
    • /
    • 2013
  • This paper proposes normal behavior profiling methods for anomaly detection in IEC 61850 based substation network. Signature based security solutions, currently used primarily, are inadequate for APT attack using zero-day vulnerabilities. Recently, some researches about anomaly detection in control network are ongoing. However, there are no published result for IEC 61850 substation network. Our proposed methods includes 3-phase preprocessing for MMS/GOOSE packets and normal behavior profiling using one-class SVM algorithm. These approaches are beneficial to detect APT attacks on IEC 61850 substation network.