• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.3
• /
• pp.105-108
• /
• 2015

In this paper, we propose a differential fault analysis on symmetric SPN block cipher with bitslice involution S-box in 2011. The target block cipher was designed using AES block cipher and has advantage about restricted hardware and software environment using the same structure in encryption and decryption. Therefore, the target block cipher must be secure for the side-channel attacks. However, to recover the 128-bit secret key of the targer block cipher, this attack requires only one random byte fault and an exhausted search of $2^8$. This is the first known cryptanalytic result on the target block cipher.

• ETRI Journal
• /
• v.33 no.2
• /
• pp.267-274
• /
• 2011

This paper proposes an efficient masking method for the block cipher SEED that is standardized in Korea. The nonlinear parts of SEED consist of two S-boxes and modular additions. However, the masked version of these nonlinear parts requires excessive RAM usage and a large number of operations. Protecting SEED by the general masking method requires 512 bytes of RAM corresponding to masked S-boxes and a large number of operations corresponding to the masked addition. This paper proposes a new-style masked S-box which can reduce the amount of operations of the masking addition process as well as the RAM usage. The proposed masked SEED, equipped with the new-style masked S-box, reduces the RAM requirements to 288 bytes, and it also reduces the processing time by 38% compared with the masked SEED using the general masked S-box. The proposed method also applies to other block ciphers with the same nonlinear operations.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.6
• /
• pp.1117-1127
• /
• 2014

Differential Fault Analysis(DFA) is widely known for one of the most powerful method for analyzing block cipher. it is applicable to block cipher such as DES, AES, ARIA, SEED, and lightweight block cipher such as PRESENT, HIGHT. In this paper, we introduce a differential fault analysis on the lightweight block cipher LEA for the first time. we use 300 chosen fault injection ciphertexts to recover 128-bit master key. As a result of our attack, we found a full master key within an average of 40 minutes on a standard PC environment.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.221-223
• /
• 2014

Power analysis attack on cryptographic hardware device aims to study the power consumption while performing operations using secrets keys. Power analysis is a form of side channel attack which allow an attacker to compute the key encryption from algorithm using Simple Power Analysis (SPA), Differential Power Analysis (DPA) or Correlation Power Analysis (CPA). The theoretical weaknesses in algorithms or leaked informations from physical implementation of a cryptosystem are usually used to break the system. This paper describes how power analysis work and we provide an overview of countermeasures against power analysis attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.21 no.5
• /
• pp.27-33
• /
• 2011

At FDTC'05 and CISC-W'10, the authors showed that if they decrease the number of rounds of AES and Triple-DES by using the fault injections, it is possible to recover the secret key of the target algorithms, respectively. In this paper, we propose a key recovery attack on HMAC by using the main idea of these attacks. This attack is applicable to HMAC based on MD-family hash functions and can recover the secret key with the negligible computational complexity. Particularly, the attack result on HMAC-SHA-2 is the first known key recovery attack result on this algorithm.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.1
• /
• pp.3-10
• /
• 2012

In this paper, we propose a fault injection attack on stream cipher A5/3 used in GSM. The fault assumption of this attack is based on that of fault injection attacks proposed in FDTC'05 and CISC-W'10. This attack is applicable to A5/3 supporting 64/128-bit session key, respectively, and can recover the session key by using a small number of fault injections. These works are the first known key recovery attack results on A5/3.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.1
• /
• pp.43-51
• /
• 2009

In 1998, Kocher et al. introduced Differential Power Attack on block ciphers. This attack allows to extract secret key used in cryptographic primitives even if these are executed inside tamper-resistant devices such as smart card. At FSE 2003 and 2004, Akkar and Goubin presented several masking methods, randomizing the first few and last few($3{\sim}4$) rounds of the cipher with independent random masks at each round and thereby disabling power attacks on subsequent inner rounds, to protect iterated block ciphers such as DES against Differential Power Attack. Since then, Handschuh and Preneel have shown how to attack Akkar's masking method using Differential Cryptanalysis. This paper presents how to combine Truncated Differential Cryptanalysis and Power Attack to extract the secret key from intermediate unmasked values and shows how much more efficient our attacks are implemented than the Handschuh-Preneel method in term of reducing the number of required plaintexts, even if some errors of Hamming weights occur when they are measured.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.11-21
• /
• 2009

The NTRU cryptosystem proposed by Hoffstein et al. in 1990s is a public key cryptosystem based on hard lattice problems. NTRU has many advantages compared to other public key cryptosystems such as RSA and elliptic curve cryptosystems. For example, it guarantees high speed encryption and decryption with the same level of security, and there is no known quantum computing algorithm for speeding up attacks against NTRD. In this paper, we analyze the security of NTRU against the simple power analysis (SPA) attack and the statistical power analysis (STPA) attack such as the correlation power analysis (CPA) attack First, we implement NTRU operations using NesC on a Telos mote, and we show how to apply CPA to recover a private key from collected power traces. We also suggest countermeasures against these attacks. In order to prevent SPA, we propose to use a nonzero value to initialize the array which will store the result of a convolution operation. On the other hand, in order to prevent STPA, we propose two techniques to randomize power traces related to the same input. The first one is random ordering of the computation sequences in a convolution operation and the other is data randomization in convolution operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.179-187
• /
• 2020

The FBC(Fixed-Base Comb) is a method to efficiently operate scalar multiplication, a core operation for signature generations of the ECDSA(Elliptic Curve Digital Signature Algorithm), utilizing precomputed lookup tables. Since the FBC refers to the table depending on the secret information and the values of the table are publicly known, an adversary can perform HCA(Horizontal Correlation Analysis), one of the single trace side channel attacks, to reveal the secret. However, HCA is a statistical analysis that requires a sufficient number of unit operation traces extracted from one scalar multiplication trace for a successful attack. In the case of the scalar multiplication for signature generations of ECDSA, the number of unit operation traces available for HCA is significantly fewer than the case of the RSA exponentiation, possibly resulting in an unsuccessful attack. In this paper, we propose an improved HCA on lookup table based scalar multiplication algorithms such as FBC. The proposed attack improves HCA by increasing the number of unit operation traces by determining such traces for the same intermediate value through collision analysis. The performance of the proposed attack increases as more secure elliptic curve parameters are used.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.81-91
• /
• 2016

Nowadays, electronic device is in a close relationship with human life. Above all, the use of wireless electronic devices such as smart phone, tablet pc, and wireless keyboard is increasing owing to the high convenience and portability. Furthermore, according to the increasing use of sensitive personal and financial information from the electronic device, various attacks for stealing information are being reported. In this paper we do an analysis of 27MHz wireless keyboard vulnerability and set up an analysis environment. Moreover, we make an experiment and show that there are real vulnerabilities. An experimental result will be used for safety analysis and vulnerability verification of wireless electronic devices.