KR101665595B1 - Apparatus and Method for Protecting Side channel Attacks on - Google Patents

Apparatus and Method for Protecting Side channel Attacks on Download PDF

Info

Publication number
KR101665595B1
KR101665595B1 KR1020150045606A KR20150045606A KR101665595B1 KR 101665595 B1 KR101665595 B1 KR 101665595B1 KR 1020150045606 A KR1020150045606 A KR 1020150045606A KR 20150045606 A KR20150045606 A KR 20150045606A KR 101665595 B1 KR101665595 B1 KR 101665595B1
Authority
KR
South Korea
Prior art keywords
value
round function
function values
mask
masking
Prior art date
Application number
KR1020150045606A
Other languages
Korean (ko)
Other versions
KR20160117032A (en
Inventor
한동국
박진학
김태종
원유승
Original Assignee
국민대학교산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 국민대학교산학협력단 filed Critical 국민대학교산학협력단
Priority to KR1020150045606A priority Critical patent/KR101665595B1/en
Publication of KR20160117032A publication Critical patent/KR20160117032A/en
Application granted granted Critical
Publication of KR101665595B1 publication Critical patent/KR101665595B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • H04L2209/046Masking or blinding of operations, operands or results of the operations

Abstract

The present invention relates to an apparatus and method for generating a cipher text by calculating a mask value in a first round and removing a mask value in a final round to cope with an LEA subchannel analysis that is safe for LEA subchannel analysis, It is possible to solve the weakness of the intermediate value that can be guessed through the subchannel analysis by making the intermediate value unidentified by using the new value and it becomes impossible to statistically estimate the intermediate value through the new random value every time the algorithm operates. It is safe for channel analysis.

Description

[0001] Apparatus and Method for Protective Side Channel Attacks on LEA [

The present invention relates to a Lightweight Encryption Algorithm (LEA) masking counterpart. More specifically, a mask value is calculated in the first round and a mask value is removed in the last round. And an apparatus and method for responding to the analysis.

As the IT environment evolves, the security of the Internet of Things (IoT) becomes an issue, and studies on suitable encryption algorithms are actively being carried out.

Also, in this environment, studies are being actively carried out to optimize memory, CPU performance, and power. Therefore, there is a limit to use the existing Advanced Encryption Standard (AES), ARIA, SEED, and the like.

Therefore, a cryptosystem requiring high speed, light weight, and low power has been required, and accordingly, the Lightweight Encryption Algorithm (LEA) algorithm that is efficiently run on a 32 - bit platform has been proposed.

The LEA is designated as a standard of the Korea Information and Communications Technology Association (TTA) in December 2013. It can perform encryption and decryption in 128-bit block units and can use 128, 192, and 256-bit secret keys. , And XOR operations.

Therefore, the computation speed is faster than other block ciphers, the key scheduling process is simple, and S-boxes are not used, so it is suitable for environments requiring lightweight symmetric key cryptography.

Side Channel Analysis is an attack method that uses additional information such as power signal, electromagnetic wave, and sound generated when the encryption algorithm is activated in the equipment.

Typical subchannel analysis methods include Power Analysis, Timing Attack, and Fault Attack.

Therefore, there are various methods for this subchannel analysis, and it is possible to extract the secret key in the algorithm. In order to cope with such subchannel analysis, it is necessary to design a lightweight symmetric key cryptographic algorithm considering a countermeasure technique to be safe in analysis.

Korea Patent No. 10-1362675 Korean Patent No. 10-2012-0129045

An object of the present invention is to provide an apparatus and method for LEA (Lightweight Encryption Algorithm) masking in order to solve the problem of countermeasures against the subchannel analysis of the LEA of the related art.

The present invention provides an apparatus and method for generating a ciphertext by calculating a mask value in a first round and removing a mask value in a final round to cope with LEA subchannel analysis that is safe for LEA subchannel analysis. have.

The present invention relates to a radio frequency IDentification (RFID), a Zigbee, a CoAP (Constrained Application Protocol), a lwM2M (light weight M2M), a UDP (User) The present invention provides an apparatus and method for responding to LEA sub-channel analysis that can be applied to various network technologies such as an Ethernet, a Datagram Protocol (MQTT), and a Message Queuing Telemetry Transport (MQTT).

The objects of the present invention are not limited to the above-mentioned objects, and other objects not mentioned can be clearly understood by those skilled in the art from the following description.

In order to achieve the above object, an apparatus for responding to LEA subchannel analysis according to the present invention generates mask values m1, a mask value m2 calculated on a round key value, and mask values used for a shift operation correction A mask value m1 is applied to each input round function value X r [0], X r [1], X r [2], X r [ A round key applying unit for generating second masking round function values by applying round key values for which a mask value m2 is calculated to first masking round function values, A mask operation unit for generating third masking round function values by performing a mask addition operation on function values, a shift operation for generating fourth masking round function values by performing a shift operation on the third masking round function values, Number Unit; fourth round masking function to perform an operation using the mask values used for shift operation of the correction value for the output shift operation correction unit for generating a round function value; And a cipher text output unit for outputting a cipher text composed of output round function values.

A method for responding to LEA sub-channel analysis according to the present invention for achieving another object includes generating a mask value m1, a mask value m2 calculated on a round key value, and mask values used for a shift operation correction Mask value generating step for applying a mask value m1 to each input round function value Xr [0], Xr [1], Xr [2], and Xr [ A round key applying step of generating second masking round function values by applying round key values for which a mask value m2 is calculated to first masking round function values, Values of the third masking round function values to generate third masking round function values by performing a mask addition operation on the values of the third masking round function values to generate fourth masking round function values, A shift operation step of performing an arithmetic operation using mask values used for a shift operation correction on the fourth masking round function values to generate output round function values; And a ciphertext output step of outputting a ciphertext composed of output round function values.

The apparatus and method for responding to the LEA subchannel analysis according to the present invention have the following effects.

First, the mask value is calculated in the first round, and the mask value is removed in the last round.

Second, it makes it impossible to guess the intermediate value by using the random value, and it is possible to solve the vulnerability to the intermediate value that can be guessed through the subchannel analysis.

Third, it is safe to perform sub-channel analysis because it is impossible to statistically estimate intermediate values through new random values every time the algorithm operates.

Therefore, it is possible to protect weakness against subchannel analysis which can occur in various environments where LEA, a lightweight block cipher algorithm, is utilized.

1 is a block diagram of an apparatus for supporting LEA sub-channel analysis according to the present invention.
FIG. 2 is a block diagram showing a procedure for generating one round encrypted data of the 128-bit LEA algorithm
3 is a diagram showing a round key generation procedure used in the LEA algorithm
FIG. 4 is a block diagram illustrating an LEA algorithm to which the subchannel-
FIG. 5 is a diagram showing a masking addition operation used in the LEA algorithm to which the subchannel-

Hereinafter, a preferred embodiment of an apparatus and method for supporting LEA subchannel analysis according to the present invention will be described in detail.

The features and advantages of the apparatus and method for responding to the LEA subchannel analysis according to the present invention will be apparent from the following detailed description of each embodiment.

1 is a block diagram of an apparatus for supporting LEA subchannel analysis according to the present invention.

The present invention computes the mask value in the first round and removes the mask value in the last round to generate a cipher text and secure the LEA subchannel analysis.

The present invention relates to a radio frequency IDentification (RFID), a Zigbee, a CoAP (Constrained Application Protocol), a lwM2M (Light Weight M2M), a UDP (User Datagram Protocol), Message Queuing Telemetry Transport (MQTT), and the like.

In the apparatus and method for LEA subchannel analysis according to the present invention, four 8-bit random values are concatenated without using a 32-bit random value M.

This is to solve the problem that the masking value management is inefficient because the time required for extracting the 32-bit random value is large and the number of bits to be managed increases. In order to solve this problem, It is easier and more efficient to apply the operation unit.

Table 1 defines the parameters used in the apparatus and method for responding to the LEA subchannel analysis according to the present invention.

Figure 112015031703745-pat00001

The configuration of an apparatus for coping with the LEA subchannel analysis according to the present invention is the same as in FIG.

An apparatus for coping with LEA subchannel analysis according to the present invention includes a plain text input unit 11, a mask value generating unit 12, a mask value applying unit 13, a round key applying unit 14, a mask operation performing unit 15 ), A shift operation performing unit 16, a shift operation correcting unit 17, and a cipher text output unit 18.

The mask value generation unit 12 generates a mask value m2 that is calculated based on the round key value in addition to the mask value m1,

Figure 112015031703745-pat00002
ROR 3 (m 1), m 5 = m 1
Figure 112015031703745-pat00003
ROR 5 (m 1), m 6 = m 1
Figure 112015031703745-pat00004
ROL 9 (m1) is additionally generated.

This shift operation correction the correction value other than m1 When the operation directly from the state (17) (ROR 3 (m1 ), ROR 5 (m1), ROL 9 (m1)) is that the random value is applied when the first operation This is to prevent the intermediate value from being exposed as it is.

Also, the mask value is applied to the round key considering the vulnerability that may occur in the key schedule.

Specifically, the mask value m1, a mask value m2 calculated on the round key value, and m4 = m1

Figure 112016086888166-pat00115
ROR 3 (m 1), m 5 = m 1
Figure 112016086888166-pat00116
ROR 5 (m 1), m 6 = m 1
Figure 112016086888166-pat00117
A mask value generator 12 for generating ROR 9 (m1), an input round function value
Figure 112016086888166-pat00118
A mask value (m1) is applied to each of the first masking round function values
Figure 112016086888166-pat00119
A mask value application unit 13 for generating a mask value, Round key values RK r [0] where the mask value m2 is computed for the first masking round function values,
Figure 112016086888166-pat00012
(m2) 4 , RK r [1]
Figure 112016086888166-pat00013
(m2) 4 , RK r [2]
Figure 112016086888166-pat00014
(m2) 4 , RK r [3]
Figure 112016086888166-pat00015
(m2) 4 , RK r [4]
Figure 112016086888166-pat00016
(m2) 4 , RK r [5]
Figure 112016086888166-pat00017
(m2) a mask for generating the third masking round function values by performing the mask addition operations for the Round Key application unit 14 for generating a second masking round function value by applying a 4, a second masking round function values A shift operation performing unit 16 for performing ROL 9 and ROR 5 ROR 3 shift operations on the third masking round function values to generate fourth masking round function values, For the round function values, the mask value m4 = m1
Figure 112016086888166-pat00018
ROR 3 (m 1), m 5 = m 1
Figure 112016086888166-pat00019
ROR 5 (m 1), m 6 = m 1
Figure 112016086888166-pat00020
ROL 9 (m1) to calculate the output round function values X r + 1 [0]
Figure 112016086888166-pat00021
(m1) 4 , Xr + 1 [1]
Figure 112016086888166-pat00022
(m1) 4 , Xr + 1 [2]
Figure 112016086888166-pat00023
(m1) 4 , Xr + 1 [3]
Figure 112016086888166-pat00024
(m1) 4 , and a ciphertext output unit 18 for outputting a ciphertext composed of output round function values.

Here, the operation in the mask value application unit 13 is expressed by Equation (1).

Figure 112015031703745-pat00025

The operation in the round key application unit 14 is expressed by Equation (2).

Figure 112016086888166-pat00120

The operation in the mask operation performing unit 15 is expressed by Equation (3).

Figure 112016086888166-pat00121

The operation in the shift operation performing unit 16 is expressed by Equation (4).

Figure 112016086888166-pat00122

The operation in the shift operation correction unit 17 is expressed by Equation (5).

Figure 112016086888166-pat00123

Here, the Addition function is a function in which the mask value is calculated
Figure 112016086888166-pat00124
Are input into the input in Table 3 in order
Figure 112016086888166-pat00125
.
The output value for this is
Figure 112016086888166-pat00126
to be.

A method for responding to the LEA subchannel analysis according to the present invention is as follows.

First, the mask value m1, the mask value m2 calculated on the round key value, and m4 = m1

Figure 112016086888166-pat00127
ROR 3 (m 1), m 5 = m 1
Figure 112016086888166-pat00128
ROR 5 (m 1), m 6 = m 1
Figure 112016086888166-pat00129
ROR 9 (m1); and a step of generating an input round function value
Figure 112016086888166-pat00130
A mask value (m1) is applied to each of the first masking round function values
Figure 112016086888166-pat00131
Generating round key values, wherein mask value (m2) is computed for first masking round function values, RK r [0]
Figure 112016086888166-pat00037
(m2) 4 , RK r [1]
Figure 112016086888166-pat00038
(m2) 4 , RK r [2]
Figure 112016086888166-pat00039
(m2) 4 , RK r [3]
Figure 112016086888166-pat00040
(m2) 4 , RK r [4]
Figure 112016086888166-pat00041
(m2) 4 , RK r [5]
Figure 112016086888166-pat00042
(m2) 4 to generate second masking round function values, performing a mask addition operation on the second masking round function values to generate third masking round function values, Generating a fourth masking round function values by performing a ROL 9 , ROR 5 ROR 3 shift operation on the first to fourth masking round function values,
Figure 112016086888166-pat00043
ROR 3 (m 1), m 5 = m 1
Figure 112016086888166-pat00044
ROR 5 (m 1), m 6 = m 1
Figure 112016086888166-pat00045
ROL 9 (m1) to calculate the output round function values X r + 1 [0]
Figure 112016086888166-pat00046
(m1) 4 , Xr + 1 [1]
Figure 112016086888166-pat00047
(m1) 4 , Xr + 1 [2]
Figure 112016086888166-pat00048
(m1) 4 , Xr + 1 [3]
Figure 112016086888166-pat00049
(m1) < / RTI > 4 and outputting a cipher text consisting of output round function values.

A subchannel analysis for an LEA to which an apparatus and method for LEA subchannel analysis according to the present invention is applied will be described below.

FIG. 2 is a block diagram showing a round-robin encryption data generation procedure of the 128-bit LEA algorithm, and FIG. 3 is a configuration diagram illustrating a round key generation procedure used in the LEA algorithm.

Figure 2 shows an LEA primary subchannel analysis using a plain text.

The 128-bit input value is divided into four 32-bit blocks, and the corresponding 32-bit round key is used as the input value of the next round through the XOR operation and the addition operation and the rotation operation.

In the case of the first subchannel analysis using plaintext, the part that can be used as an attack point is the plaintext X 0 [ i ] { i ∈1,2,3,4} and the round key RK 0 [ j ] { j ∈ 1,2 , 3,4,5,6}

Figure 112015031703745-pat00050
You can select where the operation takes place, and if two keys are used
Figure 112015031703745-pat00051
You can select where the operation occurs.

Therefore,

Figure 112015031703745-pat00052
The most efficient method when estimating a portion in which an operation is used is 8 bits,
Figure 112015031703745-pat00053
After analyzing the point where the operation occurred,
Figure 112015031703745-pat00054
The analysis is performed with the intermediate value as the point at which the operation is performed.

FIG. 2 is a round key generation procedure used in the LEA algorithm. It generates 24 round keys of 192 bits used for encryption through 24 iterations.

In the 128-bit LEA algorithm, RK r [1], RK r [3], and RK r [5] use the same key.

If we know T i + 1 [ j ] we can infer T i [ j ] and vice versa. This feature allows j to infer all the same round keys.

A structure to which the subchannel correspondence technique according to the present invention is applied to correspond to the subchannel analysis for the LEA is as follows.

FIG. 4 is a block diagram illustrating an LEA algorithm to which a subchannel corresponding technique according to the present invention is applied, and FIG. 5 is a diagram illustrating a masking addition operation used in an LEA algorithm to which a subchannel corresponding technique is applied.

As shown in FIG. 4, the input mask of each round is m1, and the round key mask value is m2. Generates 128-bit ciphertexts by calculating the mask value in the first round and removing the mask value in the last round, since it takes the mask value consistently within the round.

The mask values used in this case are shown in Table 2.

In order to take the mask values consistently, the precomputed m4, m5, and m6 are additionally XORed.

That is, the masking round structure in the apparatus and method for responding to the LEA subchannel analysis according to the present invention is as follows.

Figure 112015031703745-pat00055

FIG. 5 shows a masking addition operation used in the LEA algorithm to which the subchannel correspondence technique is applied.

The addition operation is an operation belonging to nonlinear operation. If the first boiling masking technique is applied,

Figure 112015031703745-pat00056
'→' - ',' B 'to A (Boolean to Arithmetic) conversion method and' + '→'
Figure 112015031703745-pat00057
'To A to B (Arithmetic to Boolean) conversion method.

Figure 112015031703745-pat00058

An apparatus and method for responding to LEA subchannel analysis according to the present invention is to provide an apparatus and method for LEA (Lightweight Encryption Algorithm) masking correspondence, which calculates a mask value in the first round, To generate a cipher text and secure the LEA subchannel analysis.

The present invention relates to a radio frequency IDentification (RFID), a Zigbee, a CoAP (Constrained Application Protocol), a lwM2M (Light Weight M2M), a UDP (User Datagram Protocol), and MQTT (Message Queuing Telemetry Transport).

In particular, it is possible to solve the weakness of the intermediate value that can be guessed through the subchannel analysis by making the intermediate value invisible by using the random value, and statistically guessing the intermediate value through the new random value every time the algorithm operates It is safe for sub-channel analysis.

As described above, it will be understood that the present invention is implemented in a modified form without departing from the essential characteristics of the present invention.

It is therefore to be understood that the specified embodiments are to be considered in an illustrative rather than a restrictive sense and that the scope of the invention is indicated by the appended claims rather than by the foregoing description and that all such differences falling within the scope of equivalents thereof are intended to be embraced therein It should be interpreted.

11. Plain text input unit 12. Mask value generating unit
13. Mask value application part 14. Round key application part
15. Mask operation performing unit 16. Shift operation performing unit
17. Shift operation correction unit 18. The cipher text output unit

Claims (14)

A mask value generating unit for generating a mask value m1, a mask value m2 calculated on a round key value, and mask values used for a shift operation correction;
A mask for generating a first masking round function value by applying a mask value m1 to each of input round function values Xr [0], Xr [1], Xr [2], and Xr [3] Value application;
A round key applying unit for applying second rounding key values to the first masking round function values to generate second masking round function values;
A mask operation performing unit performing a mask addition operation on the second masking round function values to generate third masking round function values;
A shift operation performing unit for performing a shift operation on the third masking round function values to generate fourth masking round function values;
A shift operation correcting unit for performing an operation using mask values used for a shift operation correction on the fourth masking round function values to generate output round function values; And a cipher text output unit outputting a cipher text composed of output round function values. 2. The apparatus of claim 1,
The mask value m1, the mask value m2 calculated on the round key value, and m4 = m1
Figure 112015031703745-pat00059
ROR 3 (m 1), m 5 = m 1
Figure 112015031703745-pat00060
ROR 5 (m 1), m 6 = m 1
Figure 112015031703745-pat00061
ROL 9 < RTI ID = 0.0 > (m1). ≪ / RTI > The apparatus according to claim 1,
Figure 112016024754788-pat00062
To perform a first masking round function value X r [0]
Figure 112016024754788-pat00063
(m1) 4 , Xr [1]
Figure 112016024754788-pat00064
(m1) 4 , Xr [2]
Figure 112016024754788-pat00065
(m1) 4 , Xr [3]
Figure 112016024754788-pat00066
(m1) < RTI ID = 0.0 > 4. < / RTI > The apparatus of claim 1, wherein the round key application unit is configured to apply the round key values < RTI ID = 0.0 >
Figure 112016086888166-pat00132

Lt; / RTI >
Figure 112016086888166-pat00133

And performing an LEA sub-channel analysis. The apparatus of claim 1,
Figure 112016086888166-pat00134
To generate third masking round function values. ≪ Desc / Clms Page number 14 > 2. The shift register according to claim 1,
Figure 112016086888166-pat00135

And performing a ROL 9 and ROR 5 ROR 3 shift operation by applying the ROL 9 and ROR 5 sub-channel operations. 2. The shift register according to claim 1,
Figure 112016086888166-pat00136
By applying the operation,
For the fourth masking round function values, the mask value m4 = m1
Figure 112016086888166-pat00137
ROR 3 (m 1), m 5 = m 1
Figure 112016086888166-pat00138
ROR 5 (m 1), m 6 = m 1
Figure 112016086888166-pat00139
ROR 9 (m 1) to calculate the output round function values
Figure 112016086888166-pat00140
Wherein the LEA subchannel analysis is performed in a time domain. A mask value generation step of generating a mask value m1, a mask value m2 calculated on a round key value, and mask values used for a shift operation correction;
A mask for generating a first masking round function value by applying a mask value m1 to each of input round function values Xr [0], Xr [1], Xr [2], and Xr [3] A value application step;
A round key applying step of generating second masking round function values by applying round key values for which a mask value m2 is calculated to first masking round function values;
Performing a mask operation on the second masking round function values to generate third masking round function values;
A shift operation step of performing a shift operation on the third masking round function values to generate fourth masking round function values;
A shift operation correction step of performing an operation using mask values used for a shift operation correction on the fourth masking round function values to generate output round function values; And outputting a ciphertext composed of output round function values. 9. The method of claim 8,
The mask value m1, the mask value m2 calculated on the round key value, and m4 = m1
Figure 112015031703745-pat00084
ROR 3 (m 1), m 5 = m 1
Figure 112015031703745-pat00085
ROR 5 (m 1), m 6 = m 1
Figure 112015031703745-pat00086
ROL 9 < RTI ID = 0.0 > (m1). ≪ / RTI > 9. The method of claim 8,
Figure 112016024754788-pat00087
To perform a first masking round function value X r [0]
Figure 112016024754788-pat00088
(m1) 4 , Xr [1]
Figure 112016024754788-pat00089
(m1) 4 , Xr [2]
Figure 112016024754788-pat00090
(m1) 4 , Xr [3]
Figure 112016024754788-pat00091
(m1) < RTI ID = 0.0 > 4. < / RTI > 9. The method of claim 8, wherein the round key applying step comprises: round key values
Figure 112016086888166-pat00141

Lt; / RTI >
Figure 112016086888166-pat00142

And performing an LEA sub-channel analysis. 9. The method of claim 8,
Figure 112016086888166-pat00143
To generate third masking round function values. ≪ Desc / Clms Page number 20 > 9. The method according to claim 8,
Figure 112016086888166-pat00144

And performing a ROL 9 , ROR 5 ROR 3 shift operation by applying an operation to the LEA sub-channel analysis. 9. The method according to claim 8,
Figure 112016086888166-pat00145
By applying the operation,
For the fourth masking round function values, the mask value m4 = m1
Figure 112016086888166-pat00146
ROR 3 (m 1), m 5 = m 1
Figure 112016086888166-pat00147
ROR 5 (m 1), m 6 = m 1
Figure 112016086888166-pat00148
ROR 9 (m 1) to calculate the output round function values
Figure 112016086888166-pat00149
To generate ≪ / RTI > wherein the LEA subchannel analysis is performed in a time domain.







KR1020150045606A 2015-03-31 2015-03-31 Apparatus and Method for Protecting Side channel Attacks on KR101665595B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150045606A KR101665595B1 (en) 2015-03-31 2015-03-31 Apparatus and Method for Protecting Side channel Attacks on

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150045606A KR101665595B1 (en) 2015-03-31 2015-03-31 Apparatus and Method for Protecting Side channel Attacks on

Publications (2)

Publication Number Publication Date
KR20160117032A KR20160117032A (en) 2016-10-10
KR101665595B1 true KR101665595B1 (en) 2016-10-12

Family

ID=57146284

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150045606A KR101665595B1 (en) 2015-03-31 2015-03-31 Apparatus and Method for Protecting Side channel Attacks on

Country Status (1)

Country Link
KR (1) KR101665595B1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102109895B1 (en) * 2018-10-12 2020-05-12 유비벨록스(주) Block Encryption Method
KR102109902B1 (en) * 2018-10-12 2020-05-12 유비벨록스(주) Block Encryption Method
CN115664641B (en) * 2022-12-26 2023-03-14 飞腾信息技术有限公司 Method and device for verifying round key in encryption algorithm

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101601684B1 (en) 2011-05-18 2016-03-09 한국전자통신연구원 Method for implementing symmetric key encryption algorithm against power analysis attacks
KR101362675B1 (en) 2012-11-30 2014-02-12 한국전자통신연구원 Low power encryption apparatus and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Yongdae Kim et al., IACR Cryptology ePrint Archive 2014: 999 "First Experimental Result of Power Analysis Attacks on a FPGA Implementation of LEA" (2014.12. 공개)
박명서 외 1인, 정보보호학회논문지 제24권 제6호 "블록 암호 LEA에 대한 차분 오류 공격" (2014.12. 공개)

Also Published As

Publication number Publication date
KR20160117032A (en) 2016-10-10

Similar Documents

Publication Publication Date Title
US7899190B2 (en) Security countermeasures for power analysis attacks
Mitali et al. A survey on various cryptography techniques
Saraf et al. Text and image encryption decryption using advanced encryption standard
KR101586811B1 (en) Apparatus and method for protecting side channel attacks on hight
Christina et al. Optimized Blowfish encryption technique
KR101665595B1 (en) Apparatus and Method for Protecting Side channel Attacks on
Jeong et al. Differential fault analysis on block cipher SEED
KR101362675B1 (en) Low power encryption apparatus and method
KR20110120837A (en) A cryptosystem with a discretized chaotic map
Mahmoud et al. A hill cipher modification based on eigenvalues extension with dynamic key size hcm-exdks
Chuah et al. Key derivation function: the SCKDF scheme
Ali et al. Improved differential fault analysis of CLEFIA
KR20100079060A (en) Method for encrypting with seed applying mask
Vasudevan et al. Jigsaw-based secure data transfer over computer networks
Partheeban et al. Dynamic key dependent AES S-box generation with optimized quality analysis
Riyadi et al. The Dynamic Symmetric Four-Key-Generators System for Securing Data Transmission in the Industrial Control System.
WO2013039659A1 (en) Hybrid encryption schemes
Sharma et al. Cryptography Algorithms and approaches used for data security
KR102072335B1 (en) Power Analysis Attack Defense Technique Application Method for AES Encryption Algorithm Using Scrambler
Muthalagu et al. Modifying LFSR of ZUC to Reduce Time for Key-Stream Generation.
Chandrasekaran et al. Ensemble of blowfish with chaos based s box design for text and image encryption
Khan et al. Robust symmetric cryptography using plain–text variant session key
Thwe et al. Prevention of Man-In-The-Middle Attack in Diffie-Hellman Key Exchange Algorithm using Proposed Hash Function
KR20150103394A (en) Cryptography system and cryptographic communication method thereof
Rani et al. Security against timing analysis attack

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20190923

Year of fee payment: 4