The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
부채널공격(Side Channel Attack)은 컴퓨터 시스템에서 의도하지 않게 방출되는 전자파, 열, 전기에너지, 실행시간 등의 부차정보를 분석해 비밀정보를 복원하려는 보안공격 수단이다. 암호화 시스템의 실행 시간에 초점을 맞춘 부채널 공격을 구체적으로 "타이밍 공격"이라고 합니다. 타이밍 공격은 상대적으로 수행하기 쉽고, 시스템이 매우 단순하여 카드/장치 외부에서 처리 시간을 명확하게 관찰할 수 있기 때문에 스마트 카드 및 IoT 장치에 사용되는 소형 시스템에 특히 위협적입니다. 타이밍 공격의 위협은 공격자가 대상 프로그램에 대한 입력을 적극적으로 제어할 때 특히 심각합니다. 이러한 적극적인 공격을 막기 위한 대응책이 연구되고 있지만, 공격자는 여전히 대상 프로그램의 실행 시간을 수동적으로 관찰함으로써 숨겨진 정보에 대해 뭔가를 알아낼 수 있는 기회를 갖고 있습니다. 패시브 타이밍 공격의 위험은 숨겨진 정보와 실행 시간 간의 상호 정보로 측정할 수 있습니다. 그러나 상호 정보의 계산은 장난감 예제를 제외하고는 거의 불가능합니다. 본 연구에서는 RSA 복호화를 위한 세 가지 알고리즘에 초점을 맞추고, 여러 가정과 근사치를 통해 상호 정보의 공식을 도출하고, 실제 보안 매개변수에 대해 상호 정보를 수치적으로 계산합니다.
Tomonori HIRATA
Nagoya University
Yuichi KAJI
Nagoya University
타이밍 공격, 정량적 정보 흐름 분석, RSA, 상호 정보, 엔트로피
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Tomonori HIRATA, Yuichi KAJI, "Information Leakage Through Passive Timing Attacks on RSA Decryption System" in IEICE TRANSACTIONS on Fundamentals,
vol. E106-A, no. 3, pp. 406-413, March 2023, doi: 10.1587/transfun.2022TAP0006.
Abstract: A side channel attack is a means of security attacks that tries to restore secret information by analyzing side-information such as electromagnetic wave, heat, electric energy and running time that are unintentionally emitted from a computer system. The side channel attack that focuses on the running time of a cryptosystem is specifically named a “timing attack”. Timing attacks are relatively easy to carry out, and particularly threatening for tiny systems that are used in smart cards and IoT devices because the system is so simple that the processing time would be clearly observed from the outside of the card/device. The threat of timing attacks is especially serious when an attacker actively controls the input to a target program. Countermeasures are studied to deter such active attacks, but the attacker still has the chance to learn something about the concealed information by passively watching the running time of the target program. The risk of passive timing attacks can be measured by the mutual information between the concealed information and the running time. However, the computation of the mutual information is hardly possible except for toy examples. This study focuses on three algorithms for RSA decryption, derives formulas of the mutual information under several assumptions and approximations, and calculates the mutual information numerically for practical security parameters.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2022TAP0006/_p
부
@ARTICLE{e106-a_3_406,
author={Tomonori HIRATA, Yuichi KAJI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Information Leakage Through Passive Timing Attacks on RSA Decryption System},
year={2023},
volume={E106-A},
number={3},
pages={406-413},
abstract={A side channel attack is a means of security attacks that tries to restore secret information by analyzing side-information such as electromagnetic wave, heat, electric energy and running time that are unintentionally emitted from a computer system. The side channel attack that focuses on the running time of a cryptosystem is specifically named a “timing attack”. Timing attacks are relatively easy to carry out, and particularly threatening for tiny systems that are used in smart cards and IoT devices because the system is so simple that the processing time would be clearly observed from the outside of the card/device. The threat of timing attacks is especially serious when an attacker actively controls the input to a target program. Countermeasures are studied to deter such active attacks, but the attacker still has the chance to learn something about the concealed information by passively watching the running time of the target program. The risk of passive timing attacks can be measured by the mutual information between the concealed information and the running time. However, the computation of the mutual information is hardly possible except for toy examples. This study focuses on three algorithms for RSA decryption, derives formulas of the mutual information under several assumptions and approximations, and calculates the mutual information numerically for practical security parameters.},
keywords={},
doi={10.1587/transfun.2022TAP0006},
ISSN={1745-1337},
month={March},}
부
TY - JOUR
TI - Information Leakage Through Passive Timing Attacks on RSA Decryption System
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 406
EP - 413
AU - Tomonori HIRATA
AU - Yuichi KAJI
PY - 2023
DO - 10.1587/transfun.2022TAP0006
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E106-A
IS - 3
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - March 2023
AB - A side channel attack is a means of security attacks that tries to restore secret information by analyzing side-information such as electromagnetic wave, heat, electric energy and running time that are unintentionally emitted from a computer system. The side channel attack that focuses on the running time of a cryptosystem is specifically named a “timing attack”. Timing attacks are relatively easy to carry out, and particularly threatening for tiny systems that are used in smart cards and IoT devices because the system is so simple that the processing time would be clearly observed from the outside of the card/device. The threat of timing attacks is especially serious when an attacker actively controls the input to a target program. Countermeasures are studied to deter such active attacks, but the attacker still has the chance to learn something about the concealed information by passively watching the running time of the target program. The risk of passive timing attacks can be measured by the mutual information between the concealed information and the running time. However, the computation of the mutual information is hardly possible except for toy examples. This study focuses on three algorithms for RSA decryption, derives formulas of the mutual information under several assumptions and approximations, and calculates the mutual information numerically for practical security parameters.
ER -