Vol.3 No.1 2010

89/110

Research paper−86−Synthesiology - English edition Vol.3 No.1 pp.86-95 (Jul. 2010) hardly trace the results produced at the different experimental environments unique to each of them. Therefore, we have developed a standard experimental environment and published information about side-channel experiments in order to contribute to the standardization activities from the neutral standpoint of the National Institute of Advanced Industrial Science and Technology (AIST) as a pubic research institution. In addition, we are pursuing collaborations with domestic and overseas research institutions, private companies, and universities toward operations of security evaluation systems for cryptographic modules.In this paper, we first present a comprehensive vision of these standardization activities and our role in them. Secondly, we explain our effort in developing a standard evaluation environment for side-channel attacks and demonstrate the current status of side-channel attacks through experiments with the environment. Thirdly, we introduce our vision for future research on fault-injection attacks and invasive attacks, which require higher techniques, and on system dependability and security assurance against accidental errors and faults in addition to attack-basis security issues. 2 Expanding application and security evaluation of cryptographic technology2.1 Standardization of cryptographic algorithmsThe invention of writing made non-oral information propagation and knowledge accumulation possible. Since then, humankind has devised various measures for preventing a third person from discovering the information or knowledge. Cryptographic technology is one of them. 1 IntroductionThe fast expansion of the broadband network as well as the popularization of high-performance, rich-featured information appliances, IC cards, and RFID tags hasten the advent of a ubiquitous information society. On the other hand, the exchange of a vast amount of information in every aspect of our daily life raises security threats including eavesdropping and falsification of communication data to the surface. Cryptography is a fundamental technology indispensable to coping with such threats. With more and more use of the technology in consumer products, a number of active studies have been conducted not only on theoretical analysis for cryptographic algorithms but also on security assurance of implementation of practical devices such as cryptographic chips. In particular, many researchers have paid significant attention to physical attacks, which observe the measureable phenomena of operating devices such as power consumption, electro-magnetic radiation, and operating times and estimate the internal cryptographic key from the leaked information on the measurement results without invading or destructing the target device. This class of attacks is called side-channel attack since such attacks exploit the information on channels other than the intended input- or output-channels. Today, while the formulation of international security evaluation standards with regard to side-channel attacks is in progress, the efforts are confronting the following difficulties. First, there is no justification for us to oblige industrial parties such as IC card vendors to supply their cryptographic products for evaluation testing or to provide their proprietary information. Second, universities or other academic institutions may publish their experimental results, but third parties can - Development of a standard evaluation environment for side channel attacks -Akashi Satoh*, Toshihiro Katashita and Hirofumi SakaneResearch Center for Information Security, AIST Akihabaradaibiru 1003, 1-18-13, Sotokanda, Chiyoda-ku, Tokyo 101-0021, Japan *E-mail : Original manuscript received November 30, 2009, Revisions received January 8, 2010, Accepted January 21, 2010 The use of cryptographic modules is rapidly expanding throughout the world. Because of this, it is necessary to standardize a security evaluation scheme and to establish a public evaluation and validation program for these modules. Side channel attacks, which extract secret information from the cryptographic module by analyzing power consumption and electromagnetic radiation, are attracting a lot of attention. Research activity on such attacks has intensified recently. However, it is difficult to compare evaluation schemes proposed by different researchers because of differences in the experimental platform or environment. This makes it difficult for other researchers to repeat and verify the results. Therefore, we have developed cryptographic hardware boards and analysis software to serve as a common, uniform evaluation platform for side channel attacks. We have distributed this platform to government, industry, and academic research labs throughout the world in order to facilitate the development of an international standard.Secure implementation of cryptographic modulesKeywords : Cryptographic module, cryptographic hardware, side channel attack, differential power analysis, fault injection attack, security evaluation scheme, SASEBO[Translation from Synthesiology, Vol.3, No.1, p.56-65 (2010)]

※このページを正しく表示するにはFlashPlayer9以上が必要です