Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ÄÄÇ»ÅÍ ¹× Åë½Å½Ã½ºÅÛ
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
»¬¼À¿¬»êÀÇ À̺¥Æ® Á¤º¸¸¦ È°¿ëÇÑ Çâ»óµÈ RSA-CRT ºÎä³ÎºÐ¼®°ø°Ý ¹æ¹ý |
| ¿µ¹®Á¦¸ñ(English Title) |
An Improved Side Channel Attack Using Event Information of Subtraction |
| ÀúÀÚ(Author) |
¹ÚÁ¾¿¬
Çѵ¿±¹
ÀÌ¿Á¿¬
±èÁ¤³à
Jong-Yeon Park
Dong-Guk Han
Okyeon Yi
Jung-Nyeo Kim
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 02 NO. 02 PP. 0083 ~ 0092 (2013. 02) |
Çѱ۳»¿ë
(Korean Abstract) |
RSA-CRT´Â RSAÀüÀÚ¼¸í ¾Ë°í¸®ÁòÀÇ °í¼ÓÈ ±¸ÇöÀ» À§ÇØ °¡Àå ¸¹ÀÌ »ç¿ëµÇ°í ÀÖ´Â ¾Ë°í¸®ÁòÀ¸·Î, ½º¸¶Æ®µð¹ÙÀ̽º¿¡ »ç¿ëµÇ´Â RSA-CRT ¾Ë°í¸®ÁòÀÇ ¹°¸®Àû Ãë¾à¼º °ËÁõÀ» À§ÇØ CRTÀÇ °¢ ´Ü°è ¿¬»ê¿¡¼ ´Ù¾çÇÑ ºÎä³Î ºÐ¼® ÀÌ·ÐÀÌ ¹ßÇ¥µÇ¾î ¿Ô´Ù. º» ³í¹®¿¡¼´Â RSA-CRT ±¸Çö¿¡ »ç¿ëµÇ´Â »¬¼À¿¬»êÀÇ À̺¥Æ® Á¤º¸¸¦ È°¿ëÇÏ¿© RSA-CRTÀÇ reduction ¾Ë°í¸®ÁòÀ» ºÐ¼®ÇÏ´Â »õ·Î¿î SAED(Subtraction algorithm Analysis on Equidistant Data)ºÐ¼® ¹æ¹ýÀ» Á¦¾ÈÇÑ´Ù. SAEDºÐ¼® ¹æ¹ýÀº ¾Ë°í¸®Áò¿¡ ÀÇÁ¸ÇÑ Àü·Â º¯È¸¦ ÀÌ¿ëÇÑ ºÐ¼® ¹æ¹ýÀ̸ç, »¬¼À ¿¬»êÀ» Â÷ºÐÀü·ÂºÐ¼® ¹æ¹ýÀ¸·Î ºÐ¼®ÇÏ¿© Å°¸¦ ã¾Æ³½´Ù. º» ³í¹®Àº SAEDºÐ¼® ¹æ¹ýÀÇ ÀÌ·ÐÀûÀÎ ÇÕ¸®¼ºÀ» Áõ¸íÇÏ°í, ½ÇÇèÀûÀ¸·Î ±âÁ¸ÀÇ ºÐ¼® ¹æ¹ýº¸´Ù Çâ»óµÈ °á°ú¸¦ °¡ÁüÀ» º¸ÀδÙ. ½ÇÇè °á°ú 256°³ÀÇ ÆÄÇü¸¸À¸·Î ÇϳªÀÇ ¹ÙÀÌÆ®¸¦ ºÐ¼®ÇØ ³¾ ¼ö ÀÖ¾î, ±âÁ¸ ³í¹®º¸´Ù È¿À²ÀûÀÎ ºÐ¼® ¹æ¹ýÀÓÀ» È®ÀÎ ÇÒ ¼ö ÀÖ¾ú´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
RSA-CRT is a widely used algorithm that provides high performance implementation of the RSA-signature algorithm. Many previous studies on each operation step have been published to verify the physical leakages of RSA-CRT when used in smart devices. This paper proposes SAED (subtraction algorithm analysis on equidistant data), which extracts sensitive information using the event information of the subtraction operation in a reduction algorithm. SAED is an attack method that uses algorithm-dependent power signal changes. An adversary can extract a key using differential power analysis (DPA) of the subtraction operation. This paper indicates the theoretical rationality of SAED, and shows that its results are better than those of other methods. According to our experiments, only 256 power traces are sufficient to acquire one block of data. We verify that this method is more efficient than those proposed in previously published studies.
|
| Å°¿öµå(Keyword) |
RSA-CRT
ºÎä³Î ºÐ¼®
µî°£°Ý Æò¹® Àü·Â ºÐ¼®
»ó°ü°ü°èÀü·ÂºÐ¼®¹æ¹ý
Side Channel Attack
Equidistant Message Power Analysis
Correlation Power Analysis
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
