• Title/Summary/Keyword: side-channel attacks

Search Result 125, Processing Time 0.032 seconds

Side-Channel Attacks on Homomorphic Encryption and Their Mitigation Methods (동형암호에 대한 부채널 공격과 대응에 관한 연구)

  • Kevin Nam;Youyeon Joo;Seungjin Ha;Yunheung Paek
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2023.05a
    • /
    • pp.212-214
    • /
    • 2023
  • 동형암호는 주목받는 차세대 프라이버시 보존 기술이다. 많은 기업들이 이를 활용한 서비스들을 제공하고 있다. 비록 동형암호가 수학적으로 안전성을 인정받았지만, 실행되는 프로그램으로써 동형암호는 부채널공격들에 취약하다는 연구 결과들이 보고되고 있다. 이 논문은 이런 부채널공격들에 대해 본석, 일반화하여 사용 가능한 gadget을 소개하며, 대응기법에 대한 가이드라인을 제안하고 그 효과와 한계에 대해 분석한다.

Power Analysis Attacks on Blinding Countermeasure against Horizontal CPA (수평적 상관관계 분석에 안전한 블라인딩 대응기법에 대한 전력 분석 공격)

  • Lee, Sangyub;Kim, Taewon;Kim, HeeSeok;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.727-738
    • /
    • 2015
  • Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

Chosen Plaintext Collision Attack Using the Blacklist (Blacklist를 활용한 선택적 평문 충돌 쌍 공격)

  • Kim, Eun-Hee;Kim, Tae-Won;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.6
    • /
    • pp.1103-1116
    • /
    • 2014
  • Collision attacks using side channel analysis confirm same intermediate value and restore sensitive data of algorithm using this point. In CHES 2011 Clavier and other authors implemented the improved attack using Blacklist so they carried out the attack successfully using less plaintext than before. However they did not refer the details of Blacklist method and just performed algorithms with the number of used plaintext. Therefore in this paper, we propose the specific method to carry out efficient collision attack. At first we define basic concepts, terms, and notations. And using these, we propose various methods. Also we describe facts that greatly influence on attack performance in priority, and then we try to improve the performance of this attack by analyzing the algorithm and structuring more efficient one.

Correlation Power Analysis Attacks on the Software based Salsa20/12 Stream Cipher (소프트웨어 기반 스트림 암호 Salsa20/12에 대한 상관도 전력분석 공격)

  • Park, Young-Goo;Bae, Ki-Seok;Moon, Sang-Jae;Lee, Hoon-Jae;Ha, Jae-Cheul;Ahn, Mahn-Ki
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.5
    • /
    • pp.35-45
    • /
    • 2011
  • The Salsa20/12 stream cipher selected for the final eSTREAM portfolio has a better performance than software implementation of AES using an 8-bit microprocessor with restricted memory space, In the theoretical approach, the evaluation of exploitable timing vulnerability was 'none' and the complexity of side-channel analysis was 'low', but there is no literature of the practical result of power analysis attack. Thus we propose the correlation power analysis attack method and prove the feasibility of our proposed method by practical experiments, We used an 8-bit RISC AVR microprocessor (ATmegal128L chip) to implement Salsa20/12 stream cipher without any countermeasures, and performed the experiments of power analysis based on Hamming weight model.

SITM Attacks on Skinny-128-384 and Romulus-N (Skinny-128-384와 Romulus-N의 SITM 공격)

  • Park, Jonghyun;Kim, Jongsung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.5
    • /
    • pp.807-816
    • /
    • 2022
  • See-In-The-Middle (SITM) is an analysis technique that uses Side-Channel information for differential cryptanalysis. This attack collects unmasked middle-round power traces when implementing block ciphers to select plaintext pairs that satisfy the attacker's differential pattern and utilize them for differential cryptanalysis to recover the key. Romulus, one of the final candidates for the NIST Lightweight Cryptography standardization competition, is based on Tweakable block cipher Skinny-128-384+. In this paper, the SITM attack is applied to Skinny-128-384 implemented with 14-round partial masking. This attack not only increased depth by one round, but also significantly reduced the time/data complexity to 214.93/214.93. Depth refers to the round position of the block cipher that collects the power trace, and it is possible to measure the appropriate number of masking rounds required when applying the masking technique to counter this attack. Furthermore, we extend the attack to Romulus's Nonce-based AE mode Romulus-N, and Tweakey's structural features show that it can attack with less complexity than Skinny-128-384.

An Algorithm for Switching from Arithmetic to Boolean Masking with Low Memory (저메모리 기반의 산술 마스킹에서 불 마스킹 변환 알고리즘)

  • Kim, HanBit;Kim, HeeSeok;Kim, TaeWon;Hong, SeokHie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.1
    • /
    • pp.5-15
    • /
    • 2016
  • Power analysis attacks are techniques to analyze power signals to find out the secrets when cryptographic algorithm is performed. One of the most famous countermeasure against power analysis attacks is masking methods. Masking types are largely classified into two types which are boolean masking and arithmetic masking. For the cryptographic algorithm to be used with boolean and arithmetic masking at the same time, the converting algorithm can switch between boolean and arithmetic masking. In this paper we propose an algorithm for switching from boolean to arithmetic masking using storage size at less cost than ones. The proposed algorithm is configured to convert using the look-up table without the least significant bit(LSB), because of equal the bit of boolean and arithmetic masking. This makes it possible to design a converting algorithm compared to the previous algorithm at a lower cost without sacrificing performance. In addition, by applying the technique at the LEA it showed up to 26 percent performance improvement over existing techniques.

New Power Analysis Attack on The Masking Type Conversion Algorithm (마스킹 형태 변환 알고리즘에 대한 새로운 전력 분석 공격)

  • Cho, Young-In;Kim, Hee-Seok;Han, Dong-Guk;Hong, Seok-Hie;Kang, Ju-Sung
    • Journal of the Institute of Electronics Engineers of Korea SP
    • /
    • v.47 no.1
    • /
    • pp.159-168
    • /
    • 2010
  • In the recent years, power analysis attacks were widely investigated, and so various countermeasures have been proposed. In the case of block ciphers, masking methods that blind the intermediate results in the algorithm computations(encryption, decryption, and key-schedule) are well-known. The type conversion of masking is unavoidable since Boolean operation and Arithmetic operation are performed together in block cipher. Messerges proposed a masking type conversion algorithm resistant general power analysis attack and then it's vulnerability was reported. We present that some of exiting attacks have some practical problems and propose a new power analysis attack on Messerges's algorithm. After we propose the strengthen DPA and CPA attack on the masking type conversion algorithm, we show that our proposed attack is a practical threat as the simulation results.

Secure classical RSA Cryptosystem against Fault Injection Attack based on Fermat's Theorem (페르마정리에 기반하는 오류 주입 공격에 안전한 classical RSA 암호시스템)

  • Seo, Gae Won;Baek, Yoo Jin;Kim, Sung Kyoung;Kim, Tae Won;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.5
    • /
    • pp.859-865
    • /
    • 2013
  • Esmbedded devices such as smart cards and electronic passports highly demand security of sensitive data. So, the secure implementation of the cryptographic system against various side-channel attacks are becoming more important. In particular, the fault injection attack is one of the threats to the cryptosystem and can destroy the whole system only with single pair of the plain and cipher texts. Therefore, the implementors must consider seriously the attack. Several techniques for preventing fault injection attacks were introduced to a variety of the cryptosystem, But the countermeasures are still inefficient to be applied to the classical RSA cryptosystem. This paper introduces an efficient countermeasure against the fault injection attack for the classical RSA cryptosystem, which is based on the famous Fermat's theorem. The proposed countermeasure has the advantage that it has less computational overhead, compared with the previous countermeasures.

New Simple Power Analysis on scalar multiplication based on sABS recoding (sABS 형태의 스칼라 곱셈 연산에 대한 새로운 단순전력 공격)

  • Kim, Hee-Seok;Kim, Sung-Kyoung;Kim, Tae-Hyun;Park, Young-Ho;Lim, Jong-In;Han, Dong-Guk
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.17 no.2
    • /
    • pp.115-123
    • /
    • 2007
  • In cryptographic devices like a smart-card whose computing ability and memory are limited, cryptographic algorithms should be performed efficiently. Scalar multiplication is very important operation in Elliptic Curve Cryptosystems, and so must be constructed in safety against side channel attack(SCA). But several countermeasures proposed against SCA are exposed weaknesses by new un-dreamed analysis. 'Double-and-add always scalar multiplication' algorithm adding dummy operation being known to secure against SPA is exposed weakness by Doubling Attack. But Doubling Attack cannot apply to sABS receding proposed by Hedabou, that is another countermeasure against SPA. Our paper proposes new strengthened Doubling Attacks that can break sABS receding SPA-countermeasure and a detailed method of our attacks through experimental result.

New Type of Collision Attack on Power-Analysis Resistant AES (전력 분석에 안전한 AES에 대한 새로운 종류의 충돌쌍 공격)

  • Kim, HeeSeok;Park, Hark-Soo;Hong, Seokhie
    • KIPS Transactions on Computer and Communication Systems
    • /
    • v.2 no.9
    • /
    • pp.393-398
    • /
    • 2013
  • This paper introduces a new collision attack on first-order masked AES. This attack is a known plaintext attack, while the existing collision attacks are a chosen plaintext attack. In addition, our method is more efficient than the second-order power analysis and requires about 1/27.5 power measurements by comparison with the last collision attack. Some experiment results of this paper support this fact. In this paper, we also introduce a simple countermeasure, which can protect against our attack.