*

신호 압신법을 이용한 차분전력분석 공격성능 향상

Performance Enhancement of Differential Power Analysis Attack

*
with Signal Companding Methods
JeongChoon Ryoo1 , Dong-Guk Han2, Sung-kyoung Kim1, HeeSeok Kim1, Tae Hyun Kim1, Sangjin Lee1
1
Graduate School of Information Management and Security, Korea University,
2
Electronics and Telecommunications Research Institute

(Side Channel Attack, SCA)

(Differential Power Analysis, DPA) . ,
. DPA
. DES
DPA .
,
33%, 50% .

ABSTRACT

Among previous Side Channel Analysis (SCA) methods, Differential Power Analysis (DPA) based on the statistical
characteristics of collected signals has been known as an efficient attack for uncovering secret key of cryptosystems.
However, the attack performance of this method is affected very much by the temporal misalignment and noise of
collected side channel signals. In this paper, we propose a new method to surmount the noise problem in DPA. The
performance of the proposed method is then evaluated while analyzing the power consumption signals of Micro-controller
chips during a DES operation. Its performance is then compared to that of the original DPA in the time and frequency
domains. When we compare the experimental results with respect to the needed number of traces to uncover the secret
key, our proposed method shows the performance enhancement 33% in the time domain and 50% in the frequency
domain.

Keywords Side-Channel Attack(SCA), Differential Power Analysis(DPA), Correlation Power Analysis(CPA),

Companding Method, Signaling Processing Gain

: 2007 11 2 ; : 2007 12 28
*" IT
" (IITA-2008- (C1090-0801-0025))
jcwillow@naver.com
sangjin@korea.ac.kr
40

,
.
(Simple Power
Analysis, SPA), (DPA)[1,2]
(Correlation Power Analysis, CPA)[3]
.
(Simple ElectroMagnetic Analysis,
SEMA), (Differential ElectroMagnetic , DPA “1”
Analysis, DEMA) [4,5]. “0”

. K
. DPA P bi[2]
D(P, bi, K) .
, Gobotys[6] [ 1] DPA .

2.1.
.
, DPA
P
. ,
DPA K
, D(P, bi, K) “1”
DPA D(P, bi, K) “0”
. D(bi) . K
. 2 DPA
, 3 “bi” τ D(bi) 0
, 4 DPA .
DPA .
5 D(bi) 0
. .

. DPA
τ DPA
DPA . DPA
. DPA Messerges[7]
Bevan[8] DPA
, DPA , DPA

. . [9]
 (2008. 4) 41

2.2.

Gebotys

(Shift Property)
.
Gebotys

DPA .
DPA
P
DPA .
(Power Spectral Density) . (Power)
(Electromagnetic Energy)
K
, D(P, bi, K) “1” D(P, bi, (Peak)
K) “0” .
.
, (Weighting)
(Companding)[13]
. .

. A-law . [
, 2] A-law .
(Non-uniform)
A-law
.
A=1.0
.
A-law A [1.0
3.1. 87.6] . , A

.
. A-law
. DES

.
[ 3]
42

.
[14]
.
. A=87.6
(Gain)
“0” x(t)=1 .

. sgn( x (t )) Exp ( K ( x (t ) - 1))

Gain = 20 log( )
K
x (t )
3.2. A
A
= 20 log( ) = 20 log( 16 ) » 24 dB
K
DPA

A=87.6
.
24dB
A-law .
.

ì K 1
ï x(t ) ; x(t ) £ DPA
ï A K
y(t ) = í
ï 1 .
ïsgn(x(t ))Exp( K ( x(t ) - 1)) ; < x(t ) £ 1
î K
ì 1 : x(t ) ³ 0 .
Here K = 1 + loge ( A) and sgn(x(t )) = í
î- 1 : x(t ) < 0
4.1.

. , DES[11] Micro-Controller
.
.[ 4] PIC16F84A[12]
. 8
 (2008. 4) 43

i=1,2,3,4 4
.
DES .

1,000
DPA .
DPA

.
, DES
. , DES PIC
4.2.1

.
[ 6]
DC Power Supply +5V
, Function Generator
.
1MHz Sine Wave .
[ 6]
Tektronix TDS3032B
(Amplitude) ( 0.15)
(CRO) .
.
[ 5] .
.
DES
. 1,000

DES 8 S-Box
. DPA

DPA .

4.2.

DPA S-box
DPA
. (Sum)
S-box
DPA
.
.

åD i
D (bi )

DES S-box
44

DPA
. [ 7]
(A) DPA
S-Box
.
[ 7] A=1 ,
600
, A=2.5
400
.
DPA
33%
.

4.2.2
.
[ 8]
. .
5,000 Zero Padding [ 9]
8,192 DPA S-Box
4,096 . .
[ 8] DPA 1, 2, 3, 4

[0..80] . [ 9]
A=1
. 500
[0..15] A=17.5
250
.
 (2008. 4) 45

DPA .
50%
. DPA

4.3. .

.
A=2.0 A=17.5
DPA DPA
.
.
DPA
. ,
. DES
. .
[ 1] ,
, DPA
. CPA
. (Correlation Power Analysis)[3]
[ 1]
33%, 50% ,
17%, , DPA CPA
38% . .

.
DPA [1] P.Kocher, J.Jaffe, and B. Jun, “Introduction to
. differential power analysis and related attacks,”
1998, White Paper, Cryptography Research.
[2] P. Kocher, J. Jaffe, and B. Jun, ““Differential
power analysis,” CRYPTO 1999, LNCS 1666,
pp. 388-397, Springer-Verlag, 1999.
17% 58% . [3] E. Brier, C. Clavier, and F. Olivier, “Correlation
, power analysis with a leakage model,” CHES
600 2004. LNCS 3156, pp. 16-29, Springer-Verlag,
250 2004.
[4] K. Gandolfi, C. Mourtel, and F. Olivier, “Electro-
magnetic Analysis: Concrete Results,” CHES
2001, LNCS 2162, pp. 251-261, Springer-
600 500 17% Verlag, 2001.
400 250 38% [5] J.J Quisquater and D. Samyde, “Electromagnetic
33% 50% 58% Analysis(EMA): Measures and Countermeasures
46
for Smart Cards,” in In proceedings of e-Smart
2001.
[6] C. Gebotys, S. Ho, and A. Tiu, “EM Analysis
of Rijndael and ECC on a Wireless Java-Based
PDA,” CHES 2005, LNCS 3659, pp. 250-264,
Springer-Verlag, 2005.
[7] T. S. Messerges, E. A. Dabbish, and R. H.
Sloan, “Examining smart-card security under
the threat of power analysis attacks,” Journal
of IEEE Trans. on Computers, vol.51, Issue 5,
pp.541-552, 2002.
[8] R. Bevan and E. Knudsen, “Ways to Enhance
DPA,” ICISC 2002. LNCS 2587, pp. 327-342,
Springer-Verlag, 2003.
[9] T-H. Le, J. Clediere, C. Serviere, and J-L.
Lacoume, “Efficient solution for misalignment
of signal in side channel analysis,” ICASSP
2007, pp.257-260.
[10] K. Tiri, I.Verbauwhede, “Simulation Models
for side-channel information leaks,” Annual
ACM IEEE Design Automation Conference
2005, pp. 228 - 233, 2005.
[11] FIPS PUB 46-3, “Data Encryption Standard
(DES),” National Institute of Standards and
Technology, 1999.
[12] Microchip Technology Inc., PIC16F8X-18 pin
Flash EEPROM 8-bit Microcontrollers, 1998.
[13] N.S. Jayant, Peter Noll Digital Coding of
Waveforms : Principles and Applications to
Speech and Video, Prentice Hall, 1984.
[14] Richard G. Lyons Understanding Digital
Signal Processing Second Edition, Prentice
Hall, 2004.
 (2008. 4) 47

1988 2 ( )
1990 2 ( )
1990 1 ~1995 4 LG
1996 1 ~1999 11
2005 3 ~
< > , ,

1999 ( )
2002 ( )
2005 ( )
2004 4 2005 4 Kyushu Univ.,
2005 4 2006 4 Future Univ.-Hakodate, Post.Doc.
2006 6
< > , , RFID/USN

2005 2
2007 8
2007 9 ~
< > , ,

2006 2 ( )
2006 3 ~
< > , ,

2002 2
2004 8
2005 3 ~
< > , ,

1987 2 :
1989 2 :
1994 2 :
1989 2 ~1999 2 :
1999 2 ~2001 8 :
2001 9 ~ :
< > , , ,