Jea-Hoon Park

Provably secure countermeasure resistant to several types of power attack for ECC

Recently, it has been shown that some cryptographic devices, such as smart card, RFID and USB token, are vulnerable to the power attacks if they have no defence against them. With the introduction of new types of power analysis attack on elliptic curve cryptosystem (ECC) which is implemented in these secure devices, most existing countermeasures against differential power analysis (DPA) are now vulnerable to new power attacks, such as a doubling attack (DA), refined power analysis attack (RPA), and zero-value point attack (ZPA). Mamiya et al. recently proposed a countermeasure (so-called BRIP) against the DPA, RPA, ZPA, and simple power analysis (SPA) by introducing a random initial value. Yet, the BRIP was also shown to be vulnerable to the address-bit DPA by Itoh et al. and the 2-torsion attack by Yen et al.. Accordingly, this paper proposes a secure countermeasure based on a message-blinding technique. A security analysis demonstrates that the proposed countermeasure is secure against most existing power attacks with just a few additional registers.

A New CRT-RSA Scheme Resistant to Power Analysis and Fault Attacks

This paper considers a secure and practical CRT-RSA signature implementation resistant to fault attacks (FA) and power attacks including simple power analysis (SPA) and differential power analysis (DPA). In 2005, Giraud proposed a CRT-RSA scheme secure against SPA and FA. Afterwards, Kim and Quisquater presented an efficient scheme which can prevent all SPA, DPA, and FA. In this paper, we point out that Girauds scheme can be broken by a relative doubling attack (RDA) and Kim and Quisquaters is vulnerable to (N-1) attack. We propose a new CRT-RSA scheme secure against all known power analysis and fault attacks by modifying a random message blinding exponentiation algorithm. Furthermore, since our scheme has no inverse operation, it is both practical and efficient due to the low computational load compared to other existing literatures.

A Differential Power Analysis Attack of Block Cipher based on the Hamming Weight of Internal Operation Unit

Power analysis attack, which was introduced by Kocher et al. in 1999, was known as the most threatening physical attack against low power device such as smart-card. The essential reason that allows an attacker to implement a power analysis attack on a cryptosystem is leakage information, which is leaked during the operation of the cryptosystems encryption/decryption process and related to internal secret information. The general and efficient power analysis attack method proposed in this paper is based on an internally divided operation unit. As such, the proposed power analysis attack is implemented to expose the weakness of the operation of a symmetric key encryption algorithm in a smart-card

Fault resistant CRT-RSA scheme adopting a small exponent

This paper considers a secure and efficient CRT-RSA scheme resistant to fault attacks. Recently, Boscher et al. proposed a secure CRT-RSA scheme by verifying signature using a public exponent. However, it is almost two times slower compared to the classical CRT-RSA signature when the exponent is expected to be a long number. We present a low-cost and secure CRT-RSA scheme by generating a small exponent for checking the correctness of signature. Furthermore, since our scheme can use fast double exponentiation algorithm based on right-to-left binary method having two exponents, it has low computational load compared to other existing schemes.

A new fault cryptanalysis on montgomery ladder exponentiation algorithm

The Montgomery ladder exponentiation algorithm is recognized as a very efficient countermeasure against Simple Power Analysis and C Safe-Error Attacks on RSA or elliptic curve cryptosystem. In this paper, we demonstrate the vulnerability of the Montgomery ladder algorithm to fault analysis attack when an error is injected during its operation in an embedded cryptographic chip. After injecting an error, we measure the power traced and compare it with an original correct trace. As a result, we can derive the secret key of the public-key cryptosystems such as RSA by computing the correlation coefficients of two power traces for correct and faulty cryptographic operations with same input.

HGLAP - Hierarchical group-index based lightweight authentication protocol for distributed RFID system

This paper presents a low-cost and secure authentication protocol to reduce the computational load on both the back-end database and the tags in a distributed RFID system. The proposed protocol is based on a hierarchical group-index to reduce the search time for a tag ID in the back-end database. Thus, when a tag is included in the k-th-level subgroup, the database system takes at most (k+1) ċ (k+1)√m hash operations to find the tag to be authenticated, where m is the number of tags. Furthermore, the proposed protocol also guarantees most security requirements, including robustness against replay and spoofing attacks, synchronization, and indistinguishability.

Fault attack for the iterative operation of AES S-Box

This paper presents a practical Differential Fault Analysis (DFA) method for the iterative operation on the SubBytes transformation AES. To inject a fault to the iterative operation, we conduct an experiment using a laser injection tool. And, then to deduce the last round key, we analyze the relationship between the input of S-Box and the output of S-Box. Based on a computer analysis, our proposal fault attack retrieves the AES 128-bit secret key with about 211 complexity in average using one pair of correct and faulty ciphertext.

Weakness of Andriod Smartphone Applications against Electromagnetic Analsysis

ABSTRACT With the growing use of smartphones, many secure applications are performed on smartphones such as banking, payment, authentication. To provide security services, cryptographic algorithms are performed on smartphones’ CPU. However, smartphone’s CPU has no considerations against side-channel attacks including Electromagnetic Analysis (EMA). In DesignCon 2012, G. Kenworthy introduced the risk of cryptographic algorit hms operated on smartphone against EMA. In this paper, using improved experimental setups, we performed EMA experiments on a ndroin smartphones’ commercial secure applications. As a result, we show that the weakness of real application. Accordin g to the experimental setups, we picked up the operation of w-NAF scalar multiplication from the operation of Google’s Play Store application using radiated EM signal. Also, we distinguished scalar values (0 or not) of w-NAF scalar multiplication.Keywords: Smartphone, Electromagnetic Analysis, SSL, ECC접수일(2013년 9월 9일), 수정일(2013년 10월 14일), 게재확정일(2013년 10월 14일)†주저자, jenoon65@ensec.re.kr‡교신저자, jenoon65@ensec.re.kr(Corresponding author)