KR20160114252A - Method for processing side channel analysis - Google Patents

Method for processing side channel analysis Download PDF

Info

Publication number
KR20160114252A
KR20160114252A KR1020150040316A KR20150040316A KR20160114252A KR 20160114252 A KR20160114252 A KR 20160114252A KR 1020150040316 A KR1020150040316 A KR 1020150040316A KR 20150040316 A KR20150040316 A KR 20150040316A KR 20160114252 A KR20160114252 A KR 20160114252A
Authority
KR
South Korea
Prior art keywords
analysis
memory capacity
waveform data
subchannel
present
Prior art date
Application number
KR1020150040316A
Other languages
Korean (ko)
Inventor
오경희
김태성
최두호
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020150040316A priority Critical patent/KR20160114252A/en
Publication of KR20160114252A publication Critical patent/KR20160114252A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • H04L9/003Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Embodiments of the present invention relate to a subchannel analysis computation method for stability analysis of an encryption algorithm, and a subchannel analysis computation method according to an embodiment of the present invention includes: Collecting waveform data; Calculating a memory capacity necessary for storing an intermediate data variable value based on the number of points included in one waveform data, the number of cipher key bytes to be analyzed, and the number of guess keys; Comparing the calculated memory capacity with an available memory capacity; And starting analysis of the collected waveform data if the available memory capacity is greater than the calculated memory capacity. According to the embodiments of the present invention, it is possible to prevent occurrence of an error in advance by checking whether or not a memory capacity required in advance is secured before performing a subchannel analysis operation.

Description

[0001] The present invention relates to a method for processing side channel analysis,

Embodiments of the present invention relate to a subchannel analysis computation method for stability analysis of an encryption algorithm.

A cryptanalysis method has been developed that measures secret information such as a secret key by measuring the power consumption generated in the operation of the cryptographic algorithm or measuring the execution time of the operation. Leakage of secret information about the encryption algorithm is called a side channel.

A subchannel analysis technique that finds important data such as cryptographic keys using timing information, power consumption, and electromagnetic signals leaked during the algorithm process is recognized as the most powerful analysis technique of cryptographic algorithm stability analysis.

In general, the subchannel analysis collects a plurality of waveform data in a repeated cryptographic calculation process, processes the collected waveform data to enable subchannel analysis, and performs subchannel analysis using the processed data to generate secret information .

Differential power analysis is a sub-channel analysis method that utilizes the fact that the power consumed during encryption operation in electronic equipment is correlated with the encryption key. The differential power analysis statistically analyzes the amount of power consumed in the process of encrypting arbitrary plaintext with the same encryption key to estimate the encryption key. Specifically, the power consumption waveform is collected in a plurality of cryptographic operation processes, and then the correlation between the amount of power consumed by each time and the estimated power consumption by all possible cryptographic partial keys is calculated. These calculations are performed on a large amount of data, and a memory capacity in the computer for storing the variable data generated in the calculation process is sufficiently required. If there is not enough memory storage space in a computing device such as a computer, errors may occur in the analysis over a long period of time.

Embodiments of the present invention provide a method for preventing an error from occurring due to insufficient memory capacity in a sub-channel analysis calculation process.

A subchannel analysis operation method according to an embodiment of the present invention includes collecting waveform data generated in a cryptographic operation process of a subchannel analysis target device; Calculating a memory capacity necessary for storing an intermediate data variable value based on the number of points included in one waveform data, the number of cipher key bytes to be analyzed, and the number of guess keys; Comparing the calculated memory capacity with an available memory capacity; And starting analysis of the collected waveform data if the available memory capacity is greater than the calculated memory capacity.

According to the embodiments of the present invention, it is possible to prevent occurrence of an error in advance by checking whether or not a memory capacity required in advance is secured before performing a subchannel analysis operation.

According to the embodiments of the present invention, it is not necessary for the system user to continuously check whether an error has occurred, and it is possible to prevent a delay from occurring in the entire process for the subchannel analysis.

FIG. 1 is a block diagram for explaining a subchannel analyzer according to an embodiment of the present invention. FIG.
FIG. 2 is a flowchart illustrating a sub-channel analysis computation method according to an embodiment of the present invention; FIG.

In the following description of the embodiments of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

The data used for the differential power analysis is waveform data, which is subchannel information generated in the cryptographic computation process of the analysis object apparatus, in which one waveform data composed of L points is generated in one cryptographic computation process. Also, the differential power analysis process includes a process of obtaining correlation values for a plurality of waveform data for L points, K analyzed cipher key byte counts, and GK guessed key counts, respectively.

The intermediate data variable values stored and used in the memory during the differential power analysis process can be defined as follows.

s [L]: Sum at each point of waveform data consisting of L points.

s 2 [L]: Sum of squares at each point in waveform data consisting of L points.

d [K, GK]: Sum of power dissipation theoretical values for each K, GK value.

d 2 [K, GK]: Sum of squares of the power consumption theoretical values for each K, GK value.

sd [L, K, GK]: The product of the waveform data value and the power consumption theoretical value at each point and K, GK values.

Therefore, in order to store the intermediate data variable value, the memory must be able to store (2 · L + 2 · K · GK + L · K · GK) variables. On the other hand, in general, L is sufficiently larger than 2 · K · GK, and K · GK is sufficiently larger than 2. Therefore, the number of intermediate data variables required in general is close to the value of L · K · GK.

1 is a block diagram illustrating a subchannel analyzer according to an embodiment of the present invention.

1, the sub-channel analysis and operation apparatus according to an embodiment of the present invention includes an analysis control unit 110, an analysis operation unit 120, a waveform data storage unit 130, and a memory 140. Depending on the embodiment, at least some of the aforementioned components may be omitted.

The analysis control unit 110 can collect waveform data generated during the cryptographic computation process of the analysis object apparatus through a waveform measurement device such as an oscilloscope. The analysis control unit 110 outputs the number of points L included in one waveform data, the number K of encrypted bytes to be analyzed and the number GK of guessing keys from the waveform data storage unit 130 Can be obtained. The analysis control unit 110 can check whether there is sufficient memory space to store the intermediate data variable value generated during the subchannel analysis operation by using the obtained L, K, and GK values. For example, the analysis control unit 110 may calculate the memory required capacity used to store intermediate data variable values using the obtained L, K, and GK values. Then, the analysis control unit 110 may compare the calculated required memory capacity with the available capacity of the memory 140 to determine whether to start the analysis operation.

The analysis operation unit 120 acquires waveform data from the waveform data storage unit 130 under the control of the analysis control unit 110 to perform analysis operation and stores the intermediate data variable value used in the analysis operation process in the memory 140 ). ≪ / RTI >

The waveform data storage unit 130 may store the value of the waveform data and may transmit the value of the waveform data to the analysis and operation unit 120. The waveform data storage unit 130 stores the number of points L included in one waveform data, the number K of encrypted bytes to be analyzed and the number GK of guessing keys in the analysis control unit 110 .

The memory 140 may calculate the size of the available capacity and provide the calculated size of the available capacity to the analysis control unit 110. The memory 140 may store intermediate data variable values received from the analysis operation unit 120. [

2 is a flowchart illustrating a sub-channel analysis computation method according to an embodiment of the present invention. Depending on the embodiment, at least one of the steps shown in Fig. 2 may be omitted.

In step 201, the subchannel analysis associating apparatus collects waveform data of the subchannel analysis target apparatus. The waveform data can be collected through a waveform measuring device such as an oscilloscope.

In step 203, the subchannel analyzer obtains the number of points (L) included in one waveform data, the number of analyzed cipher key bytes K and the number of guessed keys GK.

In step 205, the subchannel analyzer calculates the memory capacity required for storing intermediate data variable values from the L, K, and GK values. The necessary memory capacity A can be obtained by Equation (1).

Figure pat00001

In step 207, the subchannel analyzer compares the required memory capacity with the available capacity of the memory, and determines whether the memory space is sufficient. If the memory free space is sufficient, the process proceeds to step 209; otherwise, the process proceeds to step 211.

In step 209, the subchannel analysis computation device starts the subchannel analysis computation operation.

In step 211, the subchannel analyzer can inform the user that the memory free space is insufficient.

The embodiments of the invention described above may be implemented in any of a variety of ways. For example, embodiments of the present invention may be implemented using hardware, software, or a combination thereof. When implemented in software, it may be implemented as software running on one or more processors using various operating systems or platforms. Additionally, such software may be written using any of a number of suitable programming languages, and may also be compiled into machine code or intermediate code executable in a framework or virtual machine.

Also, when embodiments of the present invention are implemented on one or more processors, one or more programs for carrying out the methods of implementing the various embodiments of the invention discussed above may be stored on a processor readable medium (e.g., memory, A floppy disk, a hard disk, a compact disk, an optical disk, a magnetic tape, or the like).

Claims (1)

Collecting waveform data generated in a cryptographic computation process of a subchannel analysis target device;
Calculating a memory capacity necessary for storing an intermediate data variable value based on the number of points included in one waveform data, the number of cipher key bytes to be analyzed, and the number of guess keys;
Comparing the calculated memory capacity with an available memory capacity; And
If the available memory capacity is greater than the calculated memory capacity, starting analysis of the collected waveform data
/ RTI >
KR1020150040316A 2015-03-23 2015-03-23 Method for processing side channel analysis KR20160114252A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150040316A KR20160114252A (en) 2015-03-23 2015-03-23 Method for processing side channel analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150040316A KR20160114252A (en) 2015-03-23 2015-03-23 Method for processing side channel analysis

Publications (1)

Publication Number Publication Date
KR20160114252A true KR20160114252A (en) 2016-10-05

Family

ID=57153831

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150040316A KR20160114252A (en) 2015-03-23 2015-03-23 Method for processing side channel analysis

Country Status (1)

Country Link
KR (1) KR20160114252A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101876498B1 (en) * 2018-01-24 2018-08-09 국민대학교산학협력단 Codebreaking apparatus of disabling masking coutermeasure and method of the same, storage media storing the same
KR101879809B1 (en) 2017-09-19 2018-08-16 국민대학교산학협력단 Apparatus and Method of Secure Operation for Side-Channel Attacks
KR101941886B1 (en) * 2018-05-04 2019-01-24 국민대학교산학협력단 Apparatus and method of verifying the security of block cipher algorithm
CN109993195A (en) * 2017-12-31 2019-07-09 国民技术股份有限公司 A kind of side information processing method and device, terminal and computer readable storage medium

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101879809B1 (en) 2017-09-19 2018-08-16 국민대학교산학협력단 Apparatus and Method of Secure Operation for Side-Channel Attacks
CN109993195A (en) * 2017-12-31 2019-07-09 国民技术股份有限公司 A kind of side information processing method and device, terminal and computer readable storage medium
CN109993195B (en) * 2017-12-31 2024-04-12 国民技术股份有限公司 Side information processing method and device, terminal and computer readable storage medium
KR101876498B1 (en) * 2018-01-24 2018-08-09 국민대학교산학협력단 Codebreaking apparatus of disabling masking coutermeasure and method of the same, storage media storing the same
WO2019146885A1 (en) * 2018-01-24 2019-08-01 국민대학교산학협력단 Device and method for cipher decryption, and recording medium for recording same
CN111656425A (en) * 2018-01-24 2020-09-11 国民大学校产学协力团 Cryptographic decoding apparatus and method, and recording medium for recording the same
KR101941886B1 (en) * 2018-05-04 2019-01-24 국민대학교산학협력단 Apparatus and method of verifying the security of block cipher algorithm

Similar Documents

Publication Publication Date Title
EP3220305B1 (en) Method of testing the resistance of a circuit to a side channel analysis of second order or more
Yarom et al. Recovering OpenSSL ECDSA nonces using the FLUSH+ RELOAD cache side-channel attack
Alam et al. {One&Done}: A {Single-Decryption}{EM-Based} Attack on {OpenSSL’s}{Constant-Time} Blinded {RSA}
CN108604981B (en) Method and apparatus for estimating secret value
US20180018147A1 (en) Random number expanding device, random number expanding method, and non-transitory computer readable recording medium storing random number expanding program
US20100246808A1 (en) Side channel attack tolerance evaluation apparatus, method and program
US10628592B2 (en) Methods for recovering secret data of a cryptographic device and for evaluating the security of such a device
KR20160114252A (en) Method for processing side channel analysis
CN107577452B (en) Randomness detection method and device
D'Anvers et al. Higher-order masked ciphertext comparison for lattice-based cryptography
EP3040901A1 (en) System and method for aligning time-series data over a large range of time indices
KR101623493B1 (en) Appropriate Countermeasure against Side Channel Analysis on Cryptogram Generating Process of Financial IC Cards
KR101792650B1 (en) Process for testing the resistance of an integrated circuit to a side channel analysis
Steffen et al. In-depth analysis of side-channel countermeasures for crystals-kyber message encoding on arm cortex-m4
Varchola et al. Side channel attack on multiprecision multiplier used in protected ECDSA implementation
US20180157846A1 (en) Information processing method, electronic device and computer storage medium
Zhou et al. Analysis on the parameter selection method for FLUSH+ RELOAD based cache timing attack on RSA
Zhang et al. Statistical analysis for access-driven cache attacks against AES
WO2011071063A1 (en) Side channel attack resistance assessment device, side channel attack resistance assessment method, and program thereof
Ahmed et al. Design of Lightweight Cryptography based Deep Learning Model for Side Channel Attacks
US9239926B2 (en) Static analysis for discovery of timing attack vulnerabilities in a computer software application
KR101367174B1 (en) Method and apparatus for providing data arrangement for side channel analysis
Ghimire et al. Data integrity verification algorithms and performance evaluation for vehicle accident data recording system
KR20130022475A (en) Method of arranging data automatically for side channel analysis and side channel analysis apparatus performing the same
Bache et al. Multivariate TVLA-efficient side-channel evaluation using confidence intervals