• Journal of Communications and Networks
• /
• v.10 no.4
• /
• pp.437-443
• /
• 2008

The randomized projective coordinate (RPC) method applied to a pairing computation algorithm is a good solution that provides an efficient countermeasure against side channel attacks. In this study, we investigate measures for increasing the efficiency of the RPC-based countermeasures and construct a method that provides an efficient RPC-based countermeasure against side channel attacks. We then apply our method to the well-known $\eta_T$ pairing algorithm over binary fields and obtain an RPC-based countermeasure for the $\eta_T$ pairing; our method is more efficient than the RPC method applied to the original $\eta_T$ pairing algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.99-114
• /
• 2002

Improved algorithms for elliptic scalar multiplication secure against side-channel attacks, such as timing and power analysis, are presented and analyzed. We first point out some potential security flaws often overlooked in most previous algorithms and then present a simple $\pm$1-signed encoding scheme that can be used to enhance the security and performance of existing algorithms. More specifically, we propose concrete signed binary and window algorithms based on the proposed $\pm$ 1-signed encoding and analyze their security and performance. The proposed algorithms are shown to be more robust and efficient than previous algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.1
• /
• pp.39-49
• /
• 2020

In this paper, we show that the Chinese standard block cipher SM4 is vulnerable to the side channel attacks and present a countermeasure to resist them. We firstly validate that the secret key of SM4 can be recovered by differential power analysis(DPA) and correlation power analysis(CPA) attacks. Therefore we analyze the vulnerable element caused by power attack and propose a first order masking-based countermeasure to defeat DPA and CPA attacks. Although the proposed countermeasure unfortunately is still vulnerable to the profiling power attacks such as deep learning-based multi layer perceptron(MLP), it can sufficiently overcome the non-profiling attacks such as DPA and CPA.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.55-63
• /
• 2007

This paper has investigated the susceptibility of an FPGA implementation of a block cipher against side channel analysis attacks. We have performed DPA attacks and DEMA attacks (in the nea. and far field) on an FPGA implementation of ARIA which has been implemented into two architectures of S-box. Although the number of needed traces for a successful attack is increased when compared with existing results on smart cards, we have shown that ARIA without countermeasures is indeed very susceptible to side channel analysis attacks regardless of an architecture of S-box.

• Proceedings of the IEEK Conference
• /
• 2004.06b
• /
• pp.521-524
• /
• 2004

For implementation of Cryptographic algorithms, security against implementation attacks such as side-channel attacks as well as the speed and the size of the circuit is important. Power Analysis attacks are powerful techniques of side-channel attacks to exploit secret information of crypto-processors. In this thesis the FPGA implementation of versatile elliptic crypto-processor is described. Explain the analysis of power consumption of ALTERA FPGA(FLEX10KE) that is used in our hand made board. Conclusively this thesis presents clear proof that implementations of Elliptic Curve Crypto-systems are vulnerable to Differential Power Analysis attacks as well as Simple Power Analysis attacks.

• ETRI Journal
• /
• v.43 no.2
• /
• pp.344-356
• /
• 2021

CRAFT is a tweakable block cipher introduced in 2019 that aims to provide strong protection against differential fault analysis. In this paper, we show that CRAFT is vulnerable to side-channel cube attacks. We apply side-channel cube attacks to CRAFT with the Hamming weight leakage assumption. We found that the first half of the secret key can be recovered from the Hamming weight leakage after the first round. Next, using the recovered key bits, we continue our attack to recover the second half of the secret key. We show that the set of equations that are solvable varies depending on the value of the key bits. Our result shows that 99.90% of the key space can be fully recovered within a practical time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.33 no.6
• /
• pp.919-928
• /
• 2023

Deep learning technology is used in various fields such as self-driving cars, image creation, and virtual voice implementation, and deep learning accelerators have been developed for high-speed operation in hardware devices. However, several side channel attacks that recover secret information inside the accelerator using side-channel information generated when the deep learning accelerator operates have been recently researched. In this paper, we implemented a DNN(Deep Neural Network)-based MNIST digit classifier on a microprocessor and attempted a correlation power analysis attack to confirm that the weights of deep learning accelerator could be sufficiently recovered. In addition, to counter these power analysis attacks, we proposed a Node-CUT shuffling method that applies the principle of misalignment at the time of power measurement. It was confirmed through experiments that the proposed countermeasure can effectively defend against side-channel attacks, and that the additional calculation amount is reduced by more than 1/3 compared to using the Fisher-Yates shuffling method.

• KIPS Transactions on Computer and Communication Systems
• /
• v.9 no.5
• /
• pp.101-106
• /
• 2020

Since computer became available, much effort has been made to achieve information security. Even though memory protection defense mechanisms were studied the most among of them, the problems of existing memory protection defense mechanisms were found due to improved performance of computer and new defense mechanisms were needed due to the advent of the side-channel attacks. In this paper, we propose JMP+RAND that embedding random values of 5 to 8 bytes per page to defend against memory sharing based side-channel attacks and bridging the gap of existing memory protection defense mechanism. Unlike the defense mechanism of the existing side-channel attacks, JMP+RAND uses static binary rewriting and continuous jmp instruction and random values to defend against the side-channel attacks in advance. We numerically calculated the time it takes for a memory sharing-based side-channel attack to binary adopted JMP+RAND technique and verified that the attacks are impossible in a realistic time. Modern architectures have very low overhead for JMP+RAND because of the very fast and accurate branching of jmp instruction using branch prediction. Since random value can be embedded only in specific programs using JMP+RAND, it is expected to be highly efficient when used with memory deduplication technique, especially in a cloud computing environment.

• Journal for History of Mathematics
• /
• v.16 no.3
• /
• pp.101-108
• /
• 2003

The RSA cryptosystem is most commonly used for providing privacy and ensuring authenticity of digital data. 1'his system is based on the difficulty of integer factoring. Many attacks had been done, but none of them devastating. They mostly illustrate the dangers of improper use of RSA. Improper use implies many aspects, but here we imply the misuse of the parameters of RSA. Specially, sizes of parameters give strong effects on the efficiency and the security of the system. Parameters are also related each other. We analyze the relation of them. Recently many researchers are interested in side-channel attacks. We also investigate partial key exposure attacks, which was motivated by side-channel attacks. If a fraction of tile secret key bits is revealed, the private key will be reconstructed. We also study mathematical background of these attacks, solving modular multivariate polynomial equations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1255-1261
• /
• 2020

Cache side-channel attack is a class of attacks to retrieve sensitive information from a system by exploiting shared cache resources in CPUs. As the attacks are delivered to wide range of environments from mobile systems to cloud systems recently, many detection strategies have been proposed. Since the conventional cache side-channel attacks are likely to incur tremendous number of cache events, most of the previous detection mechanisms were designed to carefully monitor mostly cache events. However, recently proposed attacks tend to incur less cache events during the attack. PRIME+ABORT attack, for example, leverages the Intel TSX instead of accessing cache to measure access time. Because of the characteristic, attack detection mechanisms based on cache events may hardly detect the attack. In this paper, we conduct an in-depth analysis of the PRIME+ABORT attack to identify the other useful hardware events for detection rather than cache events. Based on our finding, we present a novel mechanism called PRIME+ABORT Detector to detect the PRIME+ABORT attack and demonstrate that the detection mechanism can achieve 99.5% success rates with 0.3% performance overhead.