[go: up one dir, main page]

WO2014200301A1 - Dispositif électronique ayant un module de code et procédé pour traiter du code à l'aide de celui-ci - Google Patents

Dispositif électronique ayant un module de code et procédé pour traiter du code à l'aide de celui-ci Download PDF

Info

Publication number
WO2014200301A1
WO2014200301A1 PCT/KR2014/005200 KR2014005200W WO2014200301A1 WO 2014200301 A1 WO2014200301 A1 WO 2014200301A1 KR 2014005200 W KR2014005200 W KR 2014005200W WO 2014200301 A1 WO2014200301 A1 WO 2014200301A1
Authority
WO
WIPO (PCT)
Prior art keywords
secret key
temporary secret
value
temporary
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2014/005200
Other languages
English (en)
Korean (ko)
Inventor
장동훈
홍석희
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of WO2014200301A1 publication Critical patent/WO2014200301A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information

Definitions

  • the present invention relates to an electronic device having a cryptographic module and its cryptographic methods.
  • Template attack among side channel attacks is a powerful attack method that can be applied when the same encryption operation can be repeatedly performed. Thus, control over cryptographic operations is required so as not to repeat the same cryptographic operations.
  • DoS Denial of Service
  • the present invention proposes a cryptographic operation method that provides strong security against side channel attacks including DoS attacks and template attacks.
  • a method of decrypting an electronic device having an encryption module includes: receiving a message encrypted by a temporary secret key; On the basis of whether an entry consisting of the temporary secret key and a value (eg, hash or encryption, or the temporary secret key itself) for verifying the temporary secret key exists in the temporary secret key table of the cryptographic module. Determining whether the temporary secret key is valid; And if the temporary secret key is invalid, not decrypting the encrypted message.
  • a value eg, hash or encryption, or the temporary secret key itself
  • the method further includes decrypting the encrypted message.
  • determining whether the temporary private key is valid comprises determining that the temporary private key is invalid if the entry was used in a previous decryption operation.
  • the determining whether the temporary private key is valid may include determining that the temporary private key is not valid if the number of times the entry has been used in a previous decryption operation is greater than or equal to a predetermined value.
  • the temporary secret key table may include a plurality of entries including an index, a temporary secret key, and a verification value of the temporary secret key (for example, a verification value may be the temporary secret key itself). Include.
  • the method may further include deleting an entry for which a temporary secret key is not valid among the plurality of entries from the temporary secret table; And adding a new entry to the temporary secret table, the new entry consisting of a new index, a new temporary secret key corresponding to the new index, and a value for verifying the new temporary secret key.
  • the method may further include determining, from the temporary secret table, whether the number of entries in which the temporary secret key is invalid among the plurality of entries is greater than or equal to a predetermined value; and wherein the number of the invalid entries is determined in advance. Updating the temporary secret table when greater than or equal to the value.
  • the method may further include receiving an authentication code generated by the temporary secret key and the message.
  • the method may further include stopping the verification operation on the authentication code when the temporary secret key is invalid; And when the temporary secret key is valid, performing a verification operation on the authentication code.
  • the method may further include not decrypting the encrypted message when a verification operation for the authentication code fails.
  • the method may further include decrypting the encrypted message when the verification operation on the authentication code is successful.
  • An electronic device receives a message encrypted with a temporary secret key having a limit on the number of times of use, and based on whether a verification value corresponding to the temporary secret key exists in the temporary secret key table.
  • a temporary secret key manager for determining whether the secret key is valid; And a decryption unit that does not decrypt the encrypted message if the temporary secret key is invalid.
  • the temporary secret key manager generates another temporary secret key.
  • the cryptographic module includes an encryption unit for encrypting the message with another temporary secret key.
  • the cryptographic module uses a message authentication code and a cryptographic primitive function.
  • the message authentication code is generated to authenticate a message and additional head information of the message.
  • An encryption method of an electronic device having an encryption module may include generating a plurality of entries including a temporary secret key having a limit on the number of times of use and a verification value of the temporary secret key; Selecting any one of the plurality of entries; Encrypting the message using the temporary private key of the selected entry; And generating an authentication code using the used temporary secret key and the message.
  • the temporary secret key is generated on a sequential basis.
  • the temporary secret key is protected using an encryption operation, a hash function, or a synchronization operation.
  • the method may further include transmitting the verification value and the encrypted message to another cryptographic module.
  • the electronic device having the cryptographic module and the encryption / decryption methods thereof according to the present invention can fundamentally block the subchannel attack by stopping the decryption operation according to the number of times the temporary secret key is used.
  • FIG. 1 is a diagram illustrating an encryption system for explaining the concept of the present invention by way of example.
  • FIG. 2 is a flowchart illustrating an encryption method of an electronic device having an encryption module according to an embodiment of the present disclosure.
  • 3 is a diagram illustrating a secret secret key generation method by a sequential processing method.
  • FIG. 4 is a diagram illustrating an embodiment of a method of encrypting a temporary secret key.
  • FIG. 5 is a diagram illustrating an embodiment of a method of hashing a temporary secret key.
  • FIG. 6 illustrates a modified ECB mode according to an embodiment of the present invention.
  • FIG. 7 illustrates a modified CBC mode according to an embodiment of the present invention.
  • FIG 8 illustrates a modified CTR mode according to an embodiment of the present invention.
  • FIG. 9 is a flowchart illustrating a decryption method of an electronic device having an encryption module according to an embodiment of the present disclosure.
  • FIG. 10 is a flowchart exemplarily illustrating an encryption code-based encryption method (simple password authentication method) according to an embodiment of the present invention.
  • FIG. 11 is a diagram for describing a block cipher-based cipher authentication and decryption verification method according to an exemplary embodiment of the present invention.
  • FIG. 12 is a diagram illustrating a method of generating a mask train from a temporary secret nonce.
  • FIG. 13 is a diagram illustrating an example of a change to the checksum generation method illustrated in FIG. 11.
  • FIG. 14 is a diagram illustrating an example of changing a last message block processing method and a checksum illustrated in FIG. 11.
  • FIG. 15 is a diagram illustrating an example of changing a mask value applying method when processing the last message block illustrated in FIG. 14.
  • FIG. 16 is a diagram illustrating an example of a change to a case where the additional information shown in FIG. 14 is to be authenticated together.
  • 17 is a diagram illustrating an example of a method of updating a key of every block cipher without applying a mask value according to an embodiment of the present invention.
  • FIG. 18 is a diagram illustrating an example of a change to a case where the additional information shown in FIG. 17 is to be authenticated together.
  • FIG. 19 is a diagram illustrating an example of updating a key by using a temporary secret value when processing the last checksum illustrated in FIG. 17.
  • 20 is a diagram illustrating an example of defining a mask value using a key value of a block cipher according to an embodiment of the present invention.
  • 21 is a flowchart illustrating a decryption verification method of an electronic device having an encryption module according to an embodiment of the present disclosure.
  • FIG. 22 is a diagram illustrating an example of generating temporary secret nonce (Ni, Ni ') by a sequential processing method using a substitution function P according to an embodiment of the present invention.
  • FIG. 23 is a diagram illustrating an example of designing an encryption authentication scheme based on prefix free message padding based on a substitution function according to an embodiment of the present invention.
  • FIG. 24 is a diagram illustrating an example of designing an encryption authentication scheme based on arbitrary reversible message padding based on a substitution function according to an embodiment of the present invention.
  • FIG. 25 is a diagram illustrating an example of designing an encryption authentication scheme based on arbitrary reversible message padding using a substitution function and a non-zero constant value according to an embodiment of the present invention.
  • FIG. 26 is a diagram illustrating an example of a method of processing additional information illustrated in FIG. 23 and changing an authentication code value having an arbitrary length to be generated.
  • FIG. 27 is a diagram illustrating an example of generating temporary secret nonce (Ni, Ni ', Ni' ') by a sequential processing method using a compression function f according to an embodiment of the present invention.
  • FIG. 28 is a diagram illustrating an example of designing an encryption authentication scheme based on prefix free message padding based on a compression function f according to an embodiment of the present invention.
  • FIG. 29 is a diagram illustrating an example of designing an encryption authentication scheme based on arbitrary reversible message padding based on a compression function f according to an embodiment of the present invention.
  • FIG. 30 is a diagram illustrating an example of designing an encryption authentication scheme based on arbitrary reversible message padding using a compression function and a non-zero constant value.
  • 31 is a view showing a modified CBC mode according to an embodiment of the present invention.
  • FIG. 32 is a view showing a modified CBC mode according to an embodiment of the present invention.
  • 34 is a diagram showing PMAC.
  • TTK Table temporary secret key table
  • 36 is a diagram illustrating a temporary secret key table according to an embodiment of the present invention.
  • FIG. 37 is a diagram exemplarily illustrating a method for adding an entry of a temporary secret key table according to an embodiment of the present invention.
  • 38 is a diagram illustrating a temporary secret key table update method according to an embodiment of the present invention.
  • FIG. 1 is a view showing the best mode for practicing the present invention.
  • Template attack among side channel attacks is a powerful attack method that can be applied when the same encryption operation can be repeatedly performed. Thus, control over cryptographic operations is required so as not to repeat the same cryptographic operations.
  • DoS Denial of Service
  • the present invention proposes a cryptographic operation method that provides strong security against side channel attacks including DoS attacks and template attacks.
  • the cryptographic system 10 includes a first electronic device 100 and a second electronic device 200 that perform cryptographic communication through an external channel 11.
  • the external channel 11 may be a channel protected from an attacker's attack.
  • Each of the first electronic device 100 and the second electronic device 200 may include cryptographic modules 120 and 220 for performing cryptographic communication and cryptographic operation.
  • the first electronic device 100 transmits encrypted data generated by performing an encryption operation
  • the second electronic device 200 transmits the encrypted data received from the first electronic device 100.
  • the cryptographic operation includes various cryptographic operations such as encryption and decryption, authentication, digital signature, and key sharing.
  • the cryptographic module 120 of the first electronic device 100 includes a first temporary secret key manager 122 and an encryption unit 224.
  • the first temporary private key manager 122 generates a temporary private key ("TPK") required for the encryption operation.
  • the temporary secret key (TPK) has a limit on the number of uses. That is, the temporary secret key (TPK) can be used one or more times, but not more than that.
  • the temporary secret key (TPK) may be a temporary secret value (or key), such as a one-time password, secret nonce, session key.
  • the encryption unit 224 performs a cryptographic operation using the temporary secret key TPK.
  • the data values C generated through the encryption operation are transmitted to the external channel 11 through the internal channel 101 of the first electronic device 100. At this time, it is possible to transmit a value C0 that is difficult to infer corresponding to the temporary secret key TPK.
  • the transmitted verification value C0 is a verification value for the temporary secret key TPK.
  • the verification value C0 may be a hash value of the temporary secret key TPK.
  • the verification value C0 may be an authentication code value of the temporary secret key TPK.
  • the verification value C0 may be an encrypted value of the temporary secret key TPK.
  • the verification value C0 may be the same as or different from the verification value in the temporary secret value table in the cryptographic module.
  • the verification value which is the subject of verification in the temporary secret value table may be the temporary secret value
  • C0 may be the cipher text of the temporary secret value.
  • C0 can be an empty string.
  • the cryptographic module 200 of the second electronic device 200 includes a second temporary secret key manager 222 and a decryption unit 224.
  • the decryption unit 224 may include a process of performing decryption or verifying authentication.
  • the second temporary secret key manager 222 determines from C0 whether a corresponding temporary secret key (TPK) is in its internal memory, verifies / determines whether it is a valid temporary secret key (TPalid), and decrypts it accordingly.
  • Unit 224 may be activated. For example, if the temporary secret key TPK is a valid temporary TPK, an activation signal EN may be generated.
  • the decryption unit 224 performs a process on the encrypted data received from the first electronic device 100 in response to the activation signal EN.
  • each of the cryptographic modules 120 and 220 may be implemented so as not to trust the first electronic device 100 and the second electronic device 200, which are driving subjects.
  • the cryptographic modules 120 and 220 may share a secret key with each other in advance to generate temporary secret values.
  • the valid temporary TPK may be a temporary secret key that is not used in a previous cryptographic operation.
  • the valid temporary TPK may be a temporary private key used up to a predetermined number of times in a previous cryptographic operation.
  • the second temporary secret key manager 222 may verify / determine whether it is a valid temporary secret key (TPalid TPK) based on whether the temporary secret key (TPK) is used or how many times it is used.
  • the decryption unit 224 of the present invention does not initiate a decryption operation unless the temporary secret key TPK is not a valid temporary secret key TPK. That is, if the temporary secret key TPK is not a valid temporary TPK, the operation of the cryptographic module 220 may be immediately stopped.
  • the encryption module 120 of the first electronic device 100 is illustrated in terms of encryption, and the encryption module 220 of the second electronic device 200 is only illustrated in terms of decryption.
  • the cryptographic modules can perform various cryptographic operations, such as encryption and decryption and authentication, digital signature generation and verification.
  • the cryptographic module 120 of the first electronic device 100 may include components 222 and 224 of the cryptographic module 220 of the second electronic device 200, or may include the cryptographic module of the second electronic device 200.
  • 220 may include components 122 and 124 of the cryptographic module 12 of the first electronic device.
  • the cryptographic system 10 performs a cryptographic operation in consideration of whether the temporary secret key (TPK) is used in the previous cryptographic operation or the number of repetitive use, thereby subchannel and DoS attacks including template attacks. Secure cryptographic communication can be performed.
  • TPK temporary secret key
  • FIG. 2 is a flowchart illustrating an encryption method according to an embodiment of the present invention. 1 and 2, the encryption method is as follows.
  • a temporary secret key TPK that is not used in the temporary secret key manager 122 or used less than a predetermined number of times is generated (S110).
  • the temporary secret key (TPK) generated so as not to be known from the attacker is protected (S120).
  • the hash value C0 of the temporary secret key TPK may be generated to protect the temporary secret key TPK.
  • the message is encrypted using the temporary secret key TPK in the encryption unit 224 (S130). Finally, it sends an encrypted message to the other party with C0.
  • a temporary secret key is important secret information that will be used, such as a session key or a one-time password for performing cryptographic operations.
  • TPK temporary secret key
  • FIG. 3 is a diagram illustrating a secret secret key generation method by a sequential processing method.
  • a temporary secret key (TPK) or a nonce (N) value using a shared key K and a block cipher E shared between two cryptographic modules 120, 220 (see FIG. 1). are generated sequentially. If the first nonce (1, N1) is used for the first encryption operation, the second nonce (2, N2) is used for the next second encryption operation, and the third nonce (3, N3) for the third encryption operation. Will be used. Alternatively, temporary secret nonce values may be used in various ways. A characteristic of the sequential processing scheme shown in FIG.
  • TPK temporary secret key
  • the generated temporary secret key (TPK) is dangerous if known to the attacker.
  • the temporary secret key TPK can be protected by generating a verification value C0 for the temporary secret key TPK using the following three methods. The first is the encryption method, the second is the hash function, and the third is the temporary secret key (TPK) synchronization.
  • K is a secret key value shared between the two cryptographic modules 120, 220, and constant is any fixed constant value.
  • An encryption module eg, 120 of FIG. 1 wishing to perform encryption generates an encrypted nonce (C0) by encrypting the generated nonce (N), and encrypts the generated nonce (C0) with a relative cipher.
  • the encrypted nonce is a value that cannot be deduced by an attacker who does not know the shared key (K).
  • the XOR operation for protecting the nonce N from the encrypted nonce C0 may be efficiently implemented to be secured by the subchannel attack.
  • the value of the shared key K must be shared in advance between two correct devices which want to communicate.
  • the temporary secret key manager (e.g., 122) stores the nonce value and its index number in a table.
  • the table can be any memory space in the cryptographic module. For example, if you store (1, N1), (2, N2), and (3, N3) and use N1 and delete it, instead of (1, N1), instead of (1, N1), you fill the table with (4, N4) instead. You can add new nonce values to the table like this. If N1 is not used due to communication problems, N1 may be deleted after a certain time to prevent memory leaks.
  • the temporary secret key manager may add information on the number of times each nonce value is used to each entry in order to repeatedly use the nonce value up to a predetermined number.
  • FIG. 5 is a diagram illustrating a temporary secret key (TPK) protection according to the hash function (H) scheme by way of example.
  • the hash function H is a one-way hash function.
  • N temporary secret value
  • C0 hash value
  • the hash function H does not include any secret information. Also, without knowing the temporary secret key (TPK), the attacker will not be able to infer the hash value (C0).
  • the temporary secret value nonce N and its hash value C0 used for more than a limited number of times may be deleted from the table so that it is no longer available. That is, the corresponding entry can be deleted from the table.
  • the temporary secret key manager may add information on the number of times each nonce value is used to each entry in order to repeatedly use the nonce value up to a predetermined number.
  • each cryptographic module has a TPK table of the same size.
  • the sizes of the TPK tables may be different.
  • a table has 10 entries. The description here is based on hash. The temporary key usage count is 1, for example.
  • the TPK table may sort the entries by using the C0 value for efficient C0 search.
  • Step 2 After defining the table as in Step 1, the two cryptographic modules begin communicating.
  • the cryptographic data (C) obtained by performing a cryptographic operation using N values, which are temporary secret values, is transmitted to the counterpart according to a protocol established between the two devices.
  • N values which are temporary secret values
  • A sends to B.
  • the index is used from the smallest N values.
  • A generates the encrypted data C using the temporary secret value Ni used at any point in time.
  • the update time may be shortened by sorting the entries using the C0 value.
  • A sends C0_i value corresponding to Ni to C together with the cipher data C.
  • the index i value is not sent together.
  • the reason is that i is an index value, so that the attacker can easily infer and send (i, C0 ') to the attacker as if it were A, then B verifies that C0_i and C0_i' corresponding to Ni corresponding to i are the same. Or check if the hash value of Ni is equal to C0_i '. If an attacker repeatedly asks about the same i value, there is a risk that the Ni or C0_i value will be exposed by side channel attacks such as template attacks. Therefore, in the present invention, i value is not sent. B then checks if C0_i exists in its TPK table, and if C0_i does not exist, no further cryptographic operations are performed.
  • the cryptographic operation is performed using Ni. If there is an entry (j, Nj, C0_j) for all js less than or equal to i in B's TPK table, it is deleted and filled with new entries. In this case, instead of updating the entry every time, it may be a regular period, and the update time may be shortened by sorting the entries using the C0 value.
  • the temporary secret key validation method of the present invention is not limited to the above-described method, it can be implemented in various ways.
  • the hash value of the temporary secret key (TPK), which is a verification value corresponding to the temporary secret key, is sent to the counterpart.
  • the other party determines whether there is a corresponding temporary secret key (TPK) from C0, and if the temporary secret key (TPK) corresponding to C0 exists, determines that it is available and performs a cryptographic operation.
  • the verification value C0 here may be the same as or different from the verification value in the temporary secret key table owned by the temporary secret key manager.
  • TKI temporary secret key
  • FIGS. 6 to 8 are diagrams illustrating an encryption scheme according to an embodiment of the present invention.
  • N has been hashed.
  • H is a hash function and the block cipher key is updated each time using the temporary secret key (N).
  • M the final output value
  • C C0
  • An encryption scheme according to an embodiment of the present invention may be implemented such that the secret value N is not repeatedly used. This can be implemented with a temporary secret nonce value (N).
  • FIG. 6 is a diagram illustrating a modified electronic book (ECB) mode of a block cipher algorithm according to an embodiment of the present invention.
  • EBC electronic book
  • FIG. 7 illustrates a modified cipher-block chaining (CBC) mode of a block cipher algorithm according to an embodiment of the present invention.
  • CBC cipher-block chaining
  • FIG. 8 is a modified CTR (counter) mode of the block cipher algorithm according to an embodiment of the present invention.
  • a block cipher is used like a stream cipher.
  • the constant values (const, const + 1, const + 2, ...) entered into the blocks are counted up sequentially, and each block is encrypted with different keys generated from the given temporary secret value.
  • the encryption method of the present invention is not limited to the block encryption method shown in Figs. Similar to the above, it is applicable to encryption schemes based on various cryptographic primitives, such as block ciphers.
  • 9 is a flowchart illustrating a decoding method according to an embodiment of the present invention. 1 and 9, the decoding process proceeds as follows.
  • the encrypted message C is input to the second electronic device 200 through the external channel 11 (S210). It is determined whether the temporary secret key TPK used to generate the encrypted message C in the temporary secret key manager 222 is valid (S220). In other words, if the temporary secret key (TPK) has never been used in a previous encryption / decryption operation or the number of times of use does not exceed a predetermined value, the temporary secret key (TPK) is a valid temporary secret key (Valid TPK). If the temporary secret key TPK is valid, the message C encrypted by the decryption unit 224 is decrypted (S330). On the other hand, if the temporary secret key TPK is not valid, the operation of the encryption module 220 including the decryption unit 220 is stopped (S335).
  • the decryption operation after verifying the temporary secret key (TPK), the decryption operation may be determined according to the result.
  • the decryption step is to limit the number of times of use of the same verification value C0. For example, once used hashes or encrypted verification values C0 may no longer be used. Whether repeated use of the hash or the encrypted verification value C0 is important because implementations that are not guaranteed to be random are vulnerable to side channel attacks. Therefore, the temporary secret key (TPK) corresponding to the hash or encrypted verification value (C0) is determined by using a table managed by the temporary secret key manager, and is repeated if it is already used or for a limited number of times. If used, the decryption operation will be aborted.
  • TPK temporary secret key
  • the temporary secret key (TPK) After verifying that the temporary secret key (TPK) has not been used repeatedly, the temporary secret key (TPK) is calculated. After that, the decryption operation is performed on the input ciphertext C.
  • the encryption / decryption operation of the present invention may add an authentication method.
  • FIG. 10 is a flowchart exemplarily illustrating a block encryption method combining an authentication method according to an exemplary embodiment of the present invention.
  • the block encryption method proceeds as follows.
  • a temporary secret key (TPK) is generated based on the sequential processing (S310).
  • the temporary secret key verification value C0 is generated from the temporary secret key TPK generated using one of the three methods described above (encryption method, hash method, synchronization method) (S320).
  • Encryption method, hash method, synchronization method S320
  • fixed secret secret keys are not repeatedly used for a predetermined number.
  • the message is encrypted so that the internal state value is continuously changed, and an authentication code is generated (S330).
  • the nonce column is used to generate a mask column to protect the session key.
  • a mask value is used to protect input / output information of an encryption primitive using a session key.
  • cryptographic primitives include block ciphers, compression functions, substitution functions, and tweakable block ciphers.
  • FIG. 11 is a diagram illustrating a block ciphering operation for explaining a cipher authentication method according to an exemplary embodiment of the present invention.
  • FIG. 11 it is assumed that a modified offset code book (OCB) mode is used for convenience of description.
  • OBC offset code book
  • the size of the last unit message Mt may be selected from any value between 1 and the block size.
  • Const is a fixed constant value.
  • Const in different drawings is not the same constant value.
  • Const we write Const to mean a fixed constant. The same applies to the rest of the constant values, such as Const '.
  • the mask values Z1, Z2,... Generated from the temporary secret nonce N are used to protect the shared secret key K from side channel attacks in cryptographic authentication in FIG. 11.
  • the attacker can thoroughly hide the I / O information of the block cipher during the encryption authentication process. Therefore, the shared channel K value used for the block cipher by the subchannel attacker can be protected.
  • K may be a session key value.
  • the nonce and session key values can be maintained in a table like the TPK table generation method. In the case of the decryption verification process, only the temporary secret key used in the TPK table can be used to provide strong security against various side channel attacks.
  • a hash function based method is used when C0 occurs.
  • encryption-based, synchronization-based schemes may be used.
  • the method illustrated in FIG. 11 takes a method of generating mask values randomly as shown in FIG. 12 to provide strong safety against side channel attacks.
  • a mask value is also applied to the output of the block cipher when the last authentication code T value is generated to protect the shared key or session key K used.
  • the modified OCB mode shown in FIG. 11 may provide strong safety against side channel attacks.
  • FIG. 14 is a diagram illustrating an example of changing a last message block processing method and a checksum illustrated in FIG. 11.
  • FIG. 14 has a difference in the method of generating a checksum and processing of the last message block compared to that shown in FIG.
  • M arbitrary length
  • 10 * M1
  • Checksum a1 xor a2 xor ... xor at.
  • ai not the message block.
  • FIG. 15 is a diagram illustrating an example of changing a mask value applying method when processing the last message block illustrated in FIG. 14.
  • a mask value is defined as a value cyclically shifted using a constant value constant in the last message block shown in FIG. 14. The constant must not be zero or a multiple of the block size. As such, applying a different mask value when processing the last message block provides security against counterfeit attacks. Similarly, mask values can be changed for other structures.
  • FIG. 16 is a diagram illustrating an example of a change to a case where the additional information shown in FIG. 14 is to be authenticated together.
  • A a method of generating a cipher text and an authentication code in a case where additional information A is included in comparison with FIG. 14 is illustrated.
  • the additional information is referred to as A
  • A is padded.
  • the size of A should be a multiple of the block size.
  • a 10 * padding method may be used as the padding method.
  • checksum ⁇ 1 xor ...
  • the additional information may be extended to other cases.
  • FIG. 17 is a diagram illustrating an example of a method of updating a key of every block cipher without applying a mask value according to an embodiment of the present invention.
  • Const and Const ' are different constant values.
  • the key value used for the block cipher is updated every time without using mask values.
  • M M1
  • the size of the last Mt may take any value between 1 and the block size.
  • Checksum M1 xor M2 xor ... xor (Mt
  • FIG. 19 is a diagram illustrating an example of updating a key by using a temporary secret value when processing the last checksum illustrated in FIG. 17. Referring to FIG. 19, it is shown that the block cipher key is updated by using a temporary secret nonce (N) during the last checksum processing shown in FIG. 17. Similarly, other ways can be changed.
  • N temporary secret nonce
  • a checksum is generated by using the values of the plain text and the mask value after the XOR operation, not the checksum from the plain text itself.
  • 21 is a flowchart illustrating a decryption verification operation according to an embodiment of the present invention. 10 to 21, the decoding verification operation is as follows.
  • the encrypted message C and the authentication code T are input to the encryption module 240 (see FIG. 1) (S410). It is determined whether the temporary secret key TPK corresponding to the encrypted message C or the authentication code T is valid (S420). As described in the above-described decryption step, it is determined whether the temporary secret key (TPK) corresponding to C0 has been repeatedly used for a limited number of times. If the temporary secret key (TPK) is valid, the authentication code (T) is verified, and the decryption operation on the encrypted message (C) is performed (S440), while the temporary secret key (TPK) is not valid. If not, verification of the authentication code (T) is not in progress or the decryption operation for the encrypted message (C) is stopped (S445). That is, if the temporary secret key TTP has already been used for a limited number of times, the verification code T verification operation or decryption operation is immediately stopped.
  • FIG. 23 is a diagram illustrating an example of designing an encryption authentication scheme based on prefix free message padding based on a substitution function according to an embodiment of the present invention.
  • the substitution function-based encryption authentication and decryption verification process using the authentication method of the present invention are as follows.
  • the password authentication process proceeds as follows.
  • the temporary secret keys Ni, Ni ', i are integers
  • the verification key C0 is generated similarly, thereby protecting the temporary secret key TPK.
  • the encryption process is performed so that the internal state value is continuously changed by using a temporary secret key (TPK) generated to secure side channel attacks. That is, in the case where the shared key, session key, or temporary secret key are not repeatedly used in the base cryptographic primitive (here, substitution function or compression function), the reverse operation is performed by hiding a part or all of each input / output of the inner primitive. It also prevents attackers from knowing about forward operations. This prevents an attacker from obtaining the shared key, session key, or temporary secret key used.
  • TPK temporary secret key
  • FIG. 23 is a diagram illustrating an example of designing an encryption authentication scheme based on arbitrary reversible message padding based on a substitution function according to an embodiment of the present invention.
  • pad (M) M1
  • Mt is expressed.
  • the padding method pad must be prefix-free for safety reasons. This means that for any two different messages M, M ', pad (M) should never be a prefix of pad (M').
  • C ( C0
  • Ct) and an ⁇ bit value are generated for the message M.
  • 24 and 25 are diagrams exemplarily illustrating any reversible padding methods in which the message padding method shown in FIG. 23 is not prefix free.
  • FIG. 26 is a view illustrating a method of changing an authentication code value having an arbitrary length to output additional information shown in FIG. 14. Similarly, Figs. 25 and 26 may also be changeable.
  • the substitution function-based decoding process proceeds as follows. First, the temporary secret key verification value C0 is used to determine whether the temporary secret key TPK corresponding to the verification value C0 has been previously used. After verifying that the temporary secret key TPK has not been repeatedly used, the temporary secret key TPK is calculated, and a decryption operation and an authentication code verification operation on the input encrypted message C are performed. If the temporary secret key TPK corresponding to the verification value C0 is invalid, the decryption operation and the authentication code verification operation are immediately stopped.
  • FIG. 27 is a diagram illustrating an example of generating temporary secret nonce (Ni, Ni ', Ni' ') by a sequential processing method using a compression function f according to an embodiment of the present invention.
  • temporary secret keys Ni, Ni ', and Ni' ' are sequentially generated from the shared key K using the compression function f.
  • the generated temporary secret keys Ni, Ni ', and Ni' ' are protected as described above, and an encryption operation and an authentication code are generated using the temporary secret keys.
  • FIG. 28 is a diagram illustrating an example of designing an encryption authentication scheme based on prefix free message padding based on a compression function f according to an embodiment of the present invention.
  • pad (M) M1
  • the padding method pad should be prefix-free for safety reasons. This means that for any two different messages M, M ', pad (M) should never be a prefix of pad (M').
  • C ( C0
  • Ct) and an ⁇ bit value are generated.
  • 29 and 30 show an arbitrary reversible padding method in which the message padding method shown in FIG. 28 is not prefix free.
  • it can be changed to output an authentication code value of any length in the additional information in Figures 28, 29, and 30.
  • the temporary secret key (TPK) verification operation and thus decryption and authentication operation are similar to that of the substitution function.
  • the message authentication operation proceeds similarly to the message encryption operation.
  • FIG. 31 is a diagram illustrating a CBC MAC (cipher block chaining message authentication code) according to an embodiment of the present invention. Since the nonce value is not applied to the CBC MAC, the secret key value may be exposed in all block cipher operations. Therefore, a masking process is required so that the block cipher secret value is changed each time or the block cipher input / output value is not exposed as shown in the various examples.
  • CBC MAC cipher block chaining message authentication code
  • OMAC one-key MAC
  • H (Cst1) and H L (Cst2) can be used as a mask value of the last block cipher I / O value, using fixed constant values Cst1 and Cst2 instead of secret value (L).
  • H (N) and H '(N) are performed and taken as C
  • the nonce and the shared key value may be simultaneously entered into the H input value, and the nonce may be encrypted using the shared key K instead of hashing the temporary secret key TPK.
  • PMAC parallelizable MAC
  • the authentication code verification operation is performed according to the result after verifying that the temporary secret key (TPK) is not used repeatedly.
  • TTK Table temporary secret key table
  • the encryption / decryption operation proceeds as follows.
  • the encryption module A (eg, 120 of FIG. 1) selects any one of a plurality of entries of the temporary secret key table for the encryption operation (1). In the following description, it is assumed that the selected entry is (N3, C0_3) for convenience of description.
  • the cryptographic module A encrypts the message using the nonce value N3 contained in the selected entries N3, C0_3.
  • the encrypted message is then sent to the cryptographic module B (eg, 220 of FIG. 1). At this time, the cryptographic module B verifies whether a part of the encrypted message, that is, the verification value C0_3 corresponding to the nonce value N3 selected in the encryption operation, is included in the entries existing in the temporary secret key table ( 2). If the temporary secret key TPK is verified to be valid, the encryption module B proceeds to decrypt the encrypted message using this (3).
  • the temporary secret key table may further include an index to facilitate the search of the encrypted nonce value.
  • a temporary secret key table may be composed of a plurality of entries consisting of an index, a nonce value, and a hash value (or a verification value) thereof.
  • the two cryptographic modules (A, B) can start communication.
  • the cryptographic data (C) obtained by performing a cryptographic operation using N values, which are temporary secret values, is transmitted to the counterpart according to a protocol defined between the two electronic devices.
  • the encryption operation or the decryption operation uses N values with small indexes.
  • A generates the encrypted data C using the temporary secret value Ni used at any point in time.
  • the entry (i, Ni, C0_i) used in the temporary secret key table is deleted and filled with the new index.
  • the entry instead of updating the entry every time, the entry may be performed at regular intervals, and the search time may be shortened by sorting the entries using the verification value C0 during the update.
  • A sends the verification value C0_i corresponding to the nonce value Ni to the B together with the encrypted data C.
  • FIG. The index i value is not sent together. The reason is that i is an index value, so that the attacker can easily infer and send the attacker to (i, C0 ') by pretending to be A, then B is the verification value (C0_i) and C0_i' corresponding to Ni corresponding to i It will verify that it is the same. Or, it is checked whether the hash value of Ni is equal to the verification value C0_i '. If an attacker repeatedly asks about the same i value, there is a risk that the Ni or C0_i value will be exposed by side channel attacks such as template attacks.
  • B can check whether there is a verification value C0_i without knowing the index value i in its TPK table. If C0_i is missing, no further cryptographic operations are performed. If there is a C0_i value in the TPK table, the cryptographic operation is performed using Ni. Then, if there is an entry (j, Nj, C0_j) for all js less than or equal to i in B's TPK table, it is deleted and filled with new entries. In this case, instead of updating the entry every time, the entry may be performed at regular intervals, and the search time may be shortened by sorting the entries using the verification value C0 during the update.
  • FIG. 37 is a diagram exemplarily illustrating a method for adding an entry of a temporary secret key table according to an embodiment of the present invention.
  • the first nonce N1 is used for an encryption operation or a decryption operation.
  • the entries N1 and CO_1 used are invalidation data in the temporary secret key table.
  • the cryptographic module can then add a new entry consisting of a new nonce (Nk + 1) and its hash value (CO_k + 1) to the temporary secret key table.
  • the method for adding an entry of the temporary secret key table shown in FIG. 37 is merely an embodiment.
  • the method of adding an entry of the temporary secret key table of the present invention can be implemented in various ways.
  • the present invention can be implemented to update the temporary secret key table if the number of entries used in the temporary secret key table is greater than or equal to a predetermined number.
  • the schemes introduced in FIGS. 35 to 37 may be similarly used for various encryption operations such as encryption, decryption verification, authentication code generation and verification, as well as encryption and decryption.
  • k entries may be newly generated when a predetermined condition is satisfied.
  • the predetermined condition may be whether the number of entries used for the encryption / decryption operation is equal to or greater than the predetermined number.
  • a general cryptographic system is implemented in such a way that a counterpart calculates a temporary secret key value by performing a cryptographic operation by passing a counter to the counterpart.
  • the counter value does not decrease and increases.
  • the cryptographic operation based on the counter value has the advantage that it can be used to shorten the search time and the small memory, etc. The reason is that the counter value does not decrease and increases, so even if a secret counter value is used, a legitimate counter value can be easily derived.
  • Another cryptographic system is implemented to perform decryption without limiting the number of random ciphertexts, while providing security for side channel attacks without the need to maintain counter values.
  • a method of adding a process of authenticating each message block is presented.
  • this repeated authentication process is inefficient in an environment where communication efficiency is important, and in a battery-based environment, energy consumption increases, which makes it difficult to use.
  • An encryption system can maximize communication efficiency and minimize energy consumption.
  • the cryptographic system of the present invention is implemented not to send counter values that are easily inferred in the future to the counterpart, but only to the counterpart, such as hash values, to be validated before the cryptographic operation begins. Unlike conventional methods, it does not use counters, so it provides security for template attacks and validates before the start of cryptographic operations. Therefore, it can efficiently detect DoS attacks.
  • the cryptographic system of the present invention may specifically perform encryption and decryption and authentication to be safe from side channel attacks.
  • the present invention can be applied to various cryptographic operations such as authentication code generation, digital signature, key authentication, key exchange, etc.
  • the present invention has shown the invention and specific embodiments thereof, and includes all techniques that can be easily inferred therefrom. do.
  • the present invention is applicable to any device that performs cryptographic operations.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention porte sur un dispositif électronique qui comprend : un gestionnaire de clé de mot de passe temporaire (TPK) pour recevoir un message chiffré avec une clé de mot de passe temporaire limitée quant à son nombre d'utilisations et pour déterminer si la clé de mot de passe temporaire est efficace ou non en fonction de l'existence d'une valeur de preuve correspondant à la clé de mot de passe temporaire dans une table de clé de mot de passe temporaire ; un module de code comprenant une unité de déchiffrement pour ne pas déchiffrer le message chiffré si la clé de mot de passe temporaire n'est pas efficace.
PCT/KR2014/005200 2013-06-14 2014-06-13 Dispositif électronique ayant un module de code et procédé pour traiter du code à l'aide de celui-ci Ceased WO2014200301A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2013-0068071 2013-06-14
KR20130068071 2013-06-14

Publications (1)

Publication Number Publication Date
WO2014200301A1 true WO2014200301A1 (fr) 2014-12-18

Family

ID=52022510

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2014/005200 Ceased WO2014200301A1 (fr) 2013-06-14 2014-06-13 Dispositif électronique ayant un module de code et procédé pour traiter du code à l'aide de celui-ci

Country Status (1)

Country Link
WO (1) WO2014200301A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20030097465A (ko) * 2002-06-21 2003-12-31 주식회사 케이티 라이센스 발급 장치 및 그를 이용한 디지털 저작권 관리시스템 및 그 방법
KR20050054772A (ko) * 2003-12-06 2005-06-10 한국전자통신연구원 송수신 암호키를 분리하여 키를 재사용하는 방법
US7225157B2 (en) * 1999-02-08 2007-05-29 Copyright Clearance Center, Inc. Limited-use browser and security system
US7373668B1 (en) * 2002-03-29 2008-05-13 Xilinx, Inc. Methods and circuits for protecting proprietary configuration data for programmable logic devices
WO2013009120A2 (fr) * 2011-07-13 2013-01-17 (주)시루정보 Terminal de communication mobile et appareil et procédé d'authentification d'applications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7225157B2 (en) * 1999-02-08 2007-05-29 Copyright Clearance Center, Inc. Limited-use browser and security system
US7373668B1 (en) * 2002-03-29 2008-05-13 Xilinx, Inc. Methods and circuits for protecting proprietary configuration data for programmable logic devices
KR20030097465A (ko) * 2002-06-21 2003-12-31 주식회사 케이티 라이센스 발급 장치 및 그를 이용한 디지털 저작권 관리시스템 및 그 방법
KR20050054772A (ko) * 2003-12-06 2005-06-10 한국전자통신연구원 송수신 암호키를 분리하여 키를 재사용하는 방법
WO2013009120A2 (fr) * 2011-07-13 2013-01-17 (주)시루정보 Terminal de communication mobile et appareil et procédé d'authentification d'applications

Similar Documents

Publication Publication Date Title
WO2021095998A1 (fr) Procédé et système informatiques sécurisés
US8014526B2 (en) Secure wireless local or metropolitan area network and related methods
WO2014069783A1 (fr) Procédé d'authentification par mot de passe et appareil pour l'exécuter
KR100687455B1 (ko) 기밀 정보 전달 방법
WO2020147383A1 (fr) Procédé, dispositif et système d'examen et d'approbation de processus utilisant un système de chaîne de blocs, et support de stockage non volatil
WO2014069778A1 (fr) Procédé de chiffrement et de déchiffrement à base d'id et appareil pour sa mise en œuvre
WO2012093900A2 (fr) Procédé et dispositif pour authentifier une entité de réseau personnel
WO2020186775A1 (fr) Procédé, appareil et dispositif de fourniture de données de service, et support de stockage lisible par ordinateur
WO2018151390A1 (fr) Dispositif de l'internet des objets
WO2010087567A1 (fr) Procédé d'installation d'un objet de droits destiné à du contenu dans une carte de mémoire
WO2020101325A1 (fr) Système et procédé de chiffrement utilisant une technologie de chiffrement basée sur un groupe de permutation
WO2014063455A1 (fr) Procédé et système de messagerie instantanée
WO2018072261A1 (fr) Procédé et dispositif de chiffrement d'informations, procédé et dispositif de déchiffrement d'informations, et terminal
WO2016126023A1 (fr) Appareil de diffusion et procédé d'authentification de données de diffusion
WO2020067734A1 (fr) Équipement réseau sans adresse et système de sécurité de communication l'utilisant
KR20120105511A (ko) 스위치 장비들 사이에서 보안 연결을 확립하는 방법 및 시스템
Keleman et al. Secure firmware update in embedded systems
WO2020096180A1 (fr) Procédé de confirmation d'indication d'intention qui est capable d'assurer l'anonymat et de prévenir des attaques sybil, et procédé d'enregistrement et d'authentification d'un module de stockage d'informations d'identification
WO2020242062A1 (fr) Dispositif de transmission de données de clé à un abonné faisant partie d'un groupe de multidiffusion
WO2011111981A2 (fr) Procédé et dispositif de chiffrement et de déchiffrement automatiques de données
WO2014200301A1 (fr) Dispositif électronique ayant un module de code et procédé pour traiter du code à l'aide de celui-ci
WO2023054857A1 (fr) Dispositif à l'intérieur d'un réseau
KR101575050B1 (ko) 이종 통신 인터페이스를 지원하는 2.5계층 보안 시스템
WO2023113572A1 (fr) Appareil électronique et procédé de cryptage
KR101934899B1 (ko) 인증 암호 장치 및 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14811516

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14811516

Country of ref document: EP

Kind code of ref document: A1