• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.1
• /
• pp.31-39
• /
• 2008

The development of next-generation resident registration cards, financial IC cards and administrative agency IC cards based on a smart card is currently coming out in Korea. However, the low-price IC cards without countermeasures against side channel analysis attacks are expected to be used fer cost reduction. This paper has investigated the side channel resistance of financial IC cards that are currently in use and have performed DPA attacks on the financial IC cards. We have been able to perform successful DPA attacks on these cards by using only 100 power measurement traces. From our experiment results, we have been able to extract the master key used for encryption of a count PIN number.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.1
• /
• pp.221-227
• /
• 2014

When implementing cryptographic algorithms in mobile devices like smart cards, the security against side-channel attacks should be considered. Side-channel attacks try to find critical information from the side-channel infromation obtained from the underlying cryptographic devices' execution. Especially, the power analysis attack uses the power consumption profile of the devices as the side-channel information. This paper proposes a new gate-level countermeasure against the power analysis attack and the glitch attack and suggests how to apply the measure to securely implement AES.

• ETRI Journal
• /
• v.29 no.5
• /
• pp.619-632
• /
• 2007

Side channel attacks are a very serious menace to embedded devices with cryptographic applications. To counteract such attacks many randomization techniques have been proposed. One efficient technique in elliptic curve cryptosystems randomizes addition chains with binary signed digit (BSD) representations of the secret key. However, when such countermeasures have been used alone, most of them have been broken by various simple power analysis attacks. In this paper, we consider combinations which can enhance the security of countermeasures using BSD representations by adding additional countermeasures. First, we propose several ways the improved countermeasures based on BSD representations can be attacked. In an actual statistical power analysis attack, the number of samples plays an important role. Therefore, we estimate the number of samples needed in the proposed attack.

• Journal of information and communication convergence engineering
• /
• v.12 no.4
• /
• pp.237-245
• /
• 2014

In this study, software-based countermeasures against a side-channel cryptanalysis of the Rabbit stream cipher were developed using Moteiv's Tmote Sky, a popular wireless sensor mote based on the Berkeley TelosB, as the target platform. The countermeasures build upon previous work by improving mask generation, masking and hiding other components of the algorithm, and introducing a key refreshment scheme. Our contribution brings improvements to previous countermeasures making the implementation resistant to higher-order attacks. Four functional metrics, namely resiliency, robustness, resistance, and scalability, were used for the assessment. Finally, performance costs were measured using memory usage and execution time. In this work, it was demonstrated that although attacks can be feasibly carried out on unprotected systems, the proposed countermeasures can also be feasibly developed and deployed on resource-constrained devices, such as wireless sensors.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.561-566
• /
• 2013

We propose an efficient exponentiation method which is resistant against some side channel attacks in $T_2(p)$, Torus-Based-Cryptosystem. It is more efficient than the general exponentiation method in $T_2(p)$ and is resistant against SPA by using that the difference of squaring and multiplication costs is negligible. Moreover, we can randomize a message in exponentiation step using the characteristic of quotient group which naturally protects against the first DPA.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2013.05a
• /
• pp.219-222
• /
• 2013

The Side Channel attack methods proposed by P.Kocher are mainly used for cryptanalysis different cipher algorithms even though they are claimed to be strongly secured. Those kinds of attacks depend on environment implementation especially on the hardware implementation of the algorithm to the crypto module. side-channel attacks are a type of attack introduced by P.Kocher and is applicable according to each environment or method that is designed. This kind of attack can analyze and also extract important information by reading the binary code data via measurement of changes in electricity(voltage) consumption, running time, error output and sounds. Thus, in this paper, we discuss recent SPA and DPA attacks as well as recent countermeasure techniques.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.6
• /
• pp.1207-1216
• /
• 2020

Since the server system in the cloud environments can simultaneously operate multiple OS and commonly share the memory space between users, an adversary can recover some secret information using cache side-channel attacks. In this paper, the Flush+Reload attack, a kind of cache side-channel attacks, is applied to the optimized precomputation table implementation of Korea block cipher standard ARIA. As an experimental result of attack on ARIA-128 implemented in Ubuntu environment, we show that the adversary can extract the 16 bytes last round key through Flush+Reload attack. Furthermore, the master key of ARIA can be revealed from last and first round key used in an encryption processing.

• Journal of the Semiconductor & Display Technology
• /
• v.12 no.2
• /
• pp.51-56
• /
• 2013

Even if transmissions through normal channel between ubiquitous devices and terminal readers are encrypted, any extra sources of information retrieved from encrypting module can be exploited to figure out the key parameters, so called side channel attack. Since side channel attacks are based on statistical methods, making side channel signal weak or complex is the proper solution to prevent the attack. Among many countermeasures, shielding the electromagnetic signal and adding noise to the EM signal were examined by applying different thicknesses of thin films of ferroelectric (BTO) and conductors (copper and gold). As a test vehicle, chip antenna was utilized to see the change in radiation characteristics: return loss and gain. As a result, the ferroelectric BTO showed no recognizable effect on both shielding and adding noise. Cu thin film showed increasing shielding effect with thickness. Nanometer Au exhibited possibility in adding noise by widening of bandwidth and red shifting of resonating frequencies.

• ETRI Journal
• /
• v.30 no.1
• /
• pp.68-80
• /
• 2008

Since many efficient algorithms for implementing pairings have been proposed such as ${\eta}_T$ pairing and the Ate pairing, pairings could be used in constraint devices such as smart cards. However, the secure implementation of pairings has not been thoroughly investigated. In this paper, we investigate the security of ${\eta}_T$ pairing over binary fields in the context of side-channel attacks. We propose efficient and secure ${\eta}_T$ pairing algorithms using randomized projective coordinate systems for computing the pairing.

• ETRI Journal
• /
• v.43 no.4
• /
• pp.746-757
• /
• 2021

Side-channel attacks pose an inevitable challenge to the implementation of cryptographic algorithms, and it is important to mitigate them. This work identifies a novel data encoding technique based on 1-of-4 codes to resist differential power analysis attacks, which is the most investigated category of side-channel attacks. The four code words of the 1-of-4 codes, namely (0001, 0010, 1000, and 0100), are split into two sets: set-0 and set-1. Using a select signal, the data processed in hardware is switched between the two encoding sets alternately such that the Hamming weight and Hamming distance are equalized. As a case study, the proposed technique is validated for the NIST standard AES-128 cipher. The proposed technique resists differential power analysis performed using statistical methods, namely correlation, mutual information, difference of means, and Welch's t-test based on the Hamming weight and distance models. The experimental results show that the proposed countermeasure has an area overhead of 2.3× with no performance degradation comparatively.