You are on page 1of 9

*

신호 압신법을 이용한 차분전력분석 공격성능 향상

Performance Enhancement of Differential Power Analysis Attack


*
with Signal Companding Methods
JeongChoon Ryoo1 , Dong-Guk Han2, Sung-kyoung Kim1, HeeSeok Kim1, Tae Hyun Kim1, Sangjin Lee1
1
Graduate School of Information Management and Security, Korea University,
2
Electronics and Telecommunications Research Institute

(Side Channel Attack, SCA)


(Differential Power Analysis, DPA) . ,
. DPA
. DES
DPA .
,
33%, 50% .

ABSTRACT

Among previous Side Channel Analysis (SCA) methods, Differential Power Analysis (DPA) based on the statistical
characteristics of collected signals has been known as an efficient attack for uncovering secret key of cryptosystems.
However, the attack performance of this method is affected very much by the temporal misalignment and noise of
collected side channel signals. In this paper, we propose a new method to surmount the noise problem in DPA. The
performance of the proposed method is then evaluated while analyzing the power consumption signals of Micro-controller
chips during a DES operation. Its performance is then compared to that of the original DPA in the time and frequency
domains. When we compare the experimental results with respect to the needed number of traces to uncover the secret
key, our proposed method shows the performance enhancement 33% in the time domain and 50% in the frequency
domain.

Keywords Side-Channel Attack(SCA), Differential Power Analysis(DPA), Correlation Power Analysis(CPA),


Companding Method, Signaling Processing Gain

: 2007 11 2 ; : 2007 12 28
*" IT
" (IITA-2008- (C1090-0801-0025))
jcwillow@naver.com
sangjin@korea.ac.kr
40

,
.
(Simple Power
Analysis, SPA), (DPA)[1,2]
(Correlation Power Analysis, CPA)[3]
.
(Simple ElectroMagnetic Analysis,
SEMA), (Differential ElectroMagnetic , DPA “1”
Analysis, DEMA) [4,5]. “0”

. K
. DPA P bi[2]
D(P, bi, K) .
, Gobotys[6] [ 1] DPA .

2.1.
.
, DPA
P
. ,
DPA K
, D(P, bi, K) “1”
DPA D(P, bi, K) “0”
. D(bi) . K
. 2 DPA
, 3 “bi” τ D(bi) 0
, 4 DPA .
DPA .
5 D(bi) 0
. .

. DPA
τ DPA
DPA . DPA
. DPA Messerges[7]
Bevan[8] DPA
, DPA , DPA

. . [9]
(2008. 4) 41

2.2.

Gebotys

(Shift Property)
.
Gebotys

DPA .
DPA
P
DPA .
(Power Spectral Density) . (Power)
(Electromagnetic Energy)
K
, D(P, bi, K) “1” D(P, bi, (Peak)
K) “0” .
.
, (Weighting)
(Companding)[13]
. .

. A-law . [
, 2] A-law .
(Non-uniform)
A-law
.
A=1.0
.
A-law A [1.0
3.1. 87.6] . , A

.
. A-law
. DES

.
[ 3]
42

.
[14]
.
. A=87.6
(Gain)
“0” x(t)=1 .

. sgn( x (t )) Exp ( K ( x (t ) - 1))


Gain = 20 log( )
K
x (t )
3.2. A
A
= 20 log( ) = 20 log( 16 ) » 24 dB
K
DPA

A=87.6
.
24dB
A-law .
.

ì K 1
ï x(t ) ; x(t ) £ DPA
ï A K
y(t ) = í
ï 1 .
ïsgn(x(t ))Exp( K ( x(t ) - 1)) ; < x(t ) £ 1
î K
ì 1 : x(t ) ³ 0 .
Here K = 1 + loge ( A) and sgn(x(t )) = í
î- 1 : x(t ) < 0
4.1.

. , DES[11] Micro-Controller
.
.[ 4] PIC16F84A[12]
. 8
(2008. 4) 43

i=1,2,3,4 4
.
DES .

1,000
DPA .
DPA

.
, DES
. , DES PIC
4.2.1

.
[ 6]
DC Power Supply +5V
, Function Generator
.
1MHz Sine Wave .
[ 6]
Tektronix TDS3032B
(Amplitude) ( 0.15)
(CRO) .
.
[ 5] .
.
DES
. 1,000

DES 8 S-Box
. DPA

DPA .

4.2.

DPA S-box
DPA
. (Sum)
S-box
DPA
.
.

åD i
D (bi )

DES S-box
44

DPA
. [ 7]
(A) DPA
S-Box
.
[ 7] A=1 ,
600
, A=2.5
400
.
DPA
33%
.

4.2.2
.
[ 8]
. .
5,000 Zero Padding [ 9]
8,192 DPA S-Box
4,096 . .
[ 8] DPA 1, 2, 3, 4

[0..80] . [ 9]
A=1
. 500
[0..15] A=17.5
250
.
(2008. 4) 45

DPA .
50%
. DPA

4.3. .

.
A=2.0 A=17.5
DPA DPA
.
.
DPA
. ,
. DES
. .
[ 1] ,
, DPA
. CPA
. (Correlation Power Analysis)[3]
[ 1]
33%, 50% ,
17%, , DPA CPA
38% . .

.
DPA [1] P.Kocher, J.Jaffe, and B. Jun, “Introduction to
. differential power analysis and related attacks,”
1998, White Paper, Cryptography Research.
[2] P. Kocher, J. Jaffe, and B. Jun, ““Differential
power analysis,” CRYPTO 1999, LNCS 1666,
pp. 388-397, Springer-Verlag, 1999.
17% 58% . [3] E. Brier, C. Clavier, and F. Olivier, “Correlation
, power analysis with a leakage model,” CHES
600 2004. LNCS 3156, pp. 16-29, Springer-Verlag,
250 2004.
[4] K. Gandolfi, C. Mourtel, and F. Olivier, “Electro-
magnetic Analysis: Concrete Results,” CHES
2001, LNCS 2162, pp. 251-261, Springer-
600 500 17% Verlag, 2001.
400 250 38% [5] J.J Quisquater and D. Samyde, “Electromagnetic
33% 50% 58% Analysis(EMA): Measures and Countermeasures
46

for Smart Cards,” in In proceedings of e-Smart 2007, pp.257-260.


2001. [10] K. Tiri, I.Verbauwhede, “Simulation Models
[6] C. Gebotys, S. Ho, and A. Tiu, “EM Analysis for side-channel information leaks,” Annual
of Rijndael and ECC on a Wireless Java-Based ACM IEEE Design Automation Conference
PDA,” CHES 2005, LNCS 3659, pp. 250-264, 2005, pp. 228 - 233, 2005.
Springer-Verlag, 2005. [11] FIPS PUB 46-3, “Data Encryption Standard
[7] T. S. Messerges, E. A. Dabbish, and R. H. (DES),” National Institute of Standards and
Sloan, “Examining smart-card security under Technology, 1999.
the threat of power analysis attacks,” Journal [12] Microchip Technology Inc., PIC16F8X-18 pin
of IEEE Trans. on Computers, vol.51, Issue 5, Flash EEPROM 8-bit Microcontrollers, 1998.
pp.541-552, 2002. [13] N.S. Jayant, Peter Noll Digital Coding of
[8] R. Bevan and E. Knudsen, “Ways to Enhance Waveforms : Principles and Applications to
DPA,” ICISC 2002. LNCS 2587, pp. 327-342, Speech and Video, Prentice Hall, 1984.
Springer-Verlag, 2003. [14] Richard G. Lyons Understanding Digital
[9] T-H. Le, J. Clediere, C. Serviere, and J-L. Signal Processing Second Edition, Prentice
Lacoume, “Efficient solution for misalignment Hall, 2004.
of signal in side channel analysis,” ICASSP
(2008. 4) 47

1988 2 ( )
1990 2 ( )
1990 1 ~1995 4 LG
1996 1 ~1999 11
2005 3 ~
< > , ,

1999 ( )
2002 ( )
2005 ( )
2004 4 2005 4 Kyushu Univ.,
2005 4 2006 4 Future Univ.-Hakodate, Post.Doc.
2006 6
< > , , RFID/USN

2005 2
2007 8
2007 9 ~
< > , ,

2006 2 ( )
2006 3 ~
< > , ,

2002 2
2004 8
2005 3 ~
< > , ,

1987 2 :
1989 2 :
1994 2 :
1989 2 ~1999 2 :
1999 2 ~2001 8 :
2001 9 ~ :
< > , , ,