学士（工学）, ハルビン工程大学

Bachelor, Harbin Engineering University

Master, The University of Electro-Communications

博士（工学）, 電気通信大学

Doctor of Philosophy

Informatics, Information security

Apr. 2011 - Dec. 2012
Graduate School of The University of Electro-Communications, Graduate School of Informatics and Engineering, Department of Informatics

Apr. 2009 - Mar. 2011
Graduate School of The University of Electro-Communications, Faculty of Electro-Communications, Department of Information and Communication Engineering

Sep. 2004 - Jul. 2008
Harbin Engineering University, Electronic and Information Engineering (Acoustic)

Sep. 2001 - Jun. 2004
鎮江市第一高校, China

Mar. 2023
情報処理学会 第85回全国大会 学生奨励賞

Dec. 2022
Asiahost 2022 Best Paper Award

Mar. 2019
電子情報通信学会学術奨励賞（指導学生：羽田野凌太の受賞） 羽田野 凌太, 庄司 奈津, 李 陽, 菅原 健, 崎山 一男, "AES暗号への故障差分攻撃のモデル化と攻撃回数の評価" 電子情報通信学会

All You Need Is Fault: Zero-Value Attacks on AES and a New λ-Detection M&M
Haruka Hirata; Daiki Miyahara; Victor Arribas; Yang Li; Noriyuki Miura; Svetla Nikova; Kazuo Sakiyama
IACR Transactions on Cryptographic Hardware and Embedded Systems, Universitatsbibliothek der Ruhr-Universitat Bochum, 2024, 1, 133-156, 04 Dec. 2023, Deploying cryptography on embedded systems requires security against physical attacks. At CHES 2019, M&M was proposed as a combined countermeasure applying masking against SCAs and information-theoretic MAC tags against FAs. In this paper, we show that one of the protected AES implementations in the M&M paper is vulnerable to a zero-value SIFA2-like attack. A practical attack is demonstrated on an ASIC board. We propose two versions of the attack: the first follows the SIFA approach to inject faults in the last round, while the second one is an extension of SIFA and FTA but applied to the first round with chosen plaintext. The two versions work at the byte level, but the latter version considerably improves the efficiency of the attack. Moreover, we show that this zero-value SIFA2 attack is specific to the AES tower-field decomposed S-box design. Hence, such attacks are applicable to any implementation featuring this AES S-box architecture.Then, we propose a countermeasure that prevents these attacks. We extend M&M with a fine-grained detection-based feature capable of detecting the zero-value glitch attacks. In this effort, we also solve the problem of a combined attack on the ciphertext output check of M&M scheme by using Kronecker’s delta function. We deploy the countermeasure on FPGA and verify its security against both fault and side-channel analysis with practical experiments.
Scientific journal

Power Side-channel Attack Resistant Circuit Designs of ARX Ciphers Using High-level Synthesis
Saya Inagaki; Mingyu Yang; Yang Li; Kazuo Sakiyama; Yuko Hara-Azumi
ACM Transactions on Embedded Computing Systems, Association for Computing Machinery (ACM), 22, 5, 1-17, 26 Sep. 2023, In the Internet of Things (IoT) era, edge devices have been considerably diversified and are often designed using high-level synthesis (HLS) for improved design productivity. However, HLS tools were originally developed in a security-unaware manner, resulting in vulnerabilities to power side-channel attacks (PSCAs), which are a serious threat to IoT systems. Currently, the impact and applicability of existing methods to PSCA-resistant designs using HLS are limited. In this article, we propose an effective HLS-based design method for PSCA-resistant ciphers implemented in hardware. In particular, we focus on lightweight block ciphers composed of addition/rotation/XOR (ARX)-based permutations to study the effects of the threshold implementation (which is one of the provably secure countermeasures against PSCAs) to the behavioral descriptions of ciphers along with the changes in HLS scheduling. The results obtained using Welch’s t-test demonstrate that our proposed method can successfully improve the resistance against PSCAs for all ARX-based ciphers used as benchmarks.
Scientific journal

Software Evaluation for Second Round Candidates in NIST Lightweight Cryptography
Ryota Hira; Tomoaki Kitahara; Daiki Miyahara; Yuko Hara-Azumi; Yang Li; Kazuo Sakiyama
Journal of Information Processing, Information Processing Society of Japan, 31, 205-219, Mar. 2023
Scientific journal

Optimized Software Implementations of Ascon, Grain-128AEAD, and TinyJambu on ARM Cortex-M
Tomoaki Kitahara; Ryota Hira; Yuko Hara-Azumi; Daiki Miyahara; Yang Li; Kazuo Sakiyama
In Proc. International Symposium on Computing and Networking, CANDAR Workshops (CANDARW’22), IEEE,, ???-???, Mar. 2023, Peer-reviwed
International conference proceedings, English

Power Side-channel Countermeasures for ARX Ciphers using High-level Synthesis
Saya Inagaki; Mingyu Yang; Yang Li; Kazuo Sakiyama; Yuko Hara-Azumi
Proceedings of the 2023 ACM/SIGDA International Symposium on Field Programmable Gate Arrays, ACM, 52-52, 12 Feb. 2023
International conference proceedings

Evaluation of Statistical Fault Analysis using Input Timing Violation of Sequential Circuit on Cryptographic Module under IEM
Daisuke Fujimoto; Takumi Okamoto; Yang Li; Youngwoo Kim; Yuichi Hayashi
Transactions on Electromagnetic Compatibility, ?, ?, ?-?, Feb. 2023, Peer-reviwed
Scientific journal, English

On the Practical Dependency of Fresh Randomness in AES S-box with Second-Order TI.
Maki Tsukahara; Haruka Hirata; Mingyu Yang; Daiki Miyahara; Yang Li; Yuko Hara-Azumi; Kazuo Sakiyama
CANDARW, 286-291, 2023
International conference proceedings

The Limits of Timing Analysis and SEMA on Distinguishing Similar Activation Functions of Embedded Deep Neural Networks
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Appl. Sci., 12, 9, 4135-?, 21 Apr. 2022, Peer-reviwed
Scientific journal, English

Software Evaluation for Second Round Candidates in NIST Lightweight Cryptography.
Ryota Hira; Tomoaki Kitahara; Daiki Miyahara; Yuko Hara-Azumi; Yang Li 0001; Kazuo Sakiyama
IACR Cryptology ePrint Archive, 2022, 591-591, 2022
Scientific journal

Examining Vulnerability of HLS-designed Chaskey-12 Circuits to Power Side-Channel Attacks
Saya Inagaki; Mingyu Yang; Yang Li; Kazuo Sakiyama; Yuko Hara-Azumi
International Symposium on Quality Electronic Design (ISQED’22), ???-???, 2022, Peer-reviwed
International conference proceedings, English

Horizontal Correlation Analysis Without Precise Location on Schoolbook Polynomial Multiplication of Lattice-Based Cryptosystem
Chuanchao Lu; Yijun Cui; Yang Li; Dur-E-Shahwar Kundi; Chenghua Wang; Weiqiang Liu
International Symposium on Circuits and Systems (ISCAS’22), ???-???, 2022, Peer-reviwed
International conference proceedings, English

Mixture-Based 5-Round Physical Attack against AES: Attack Proposal and Noise Evaluation
Go Takami; Takeshi Sugawara; Kazuo Sakiyama; Yang Li
IEICE Trans. Fundam. Electron. Commun. Comput. Sci., E105-A, 3, 289-299, Jan. 2022, Peer-reviwed
Scientific journal, English

Revisiting System Noise in Side-Channel Attacks: Mutual Assistant SCA vs. Genetic Algorithm
Rei Kudo; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Asian Hardware Oriented Security and Trust Symposium (AsianHOST’21), IEEE, 1-6, Dec. 2021, Peer-reviwed
International conference proceedings, English

A Key Recovery Algorithm Using Random Key Leakage from AES Key Schedule
Tomoki Uemura; Yohei Watanabe; Yang Li; Noriyuki Miura; Iwamoto Mitsugu; Kazuo Sakiyama; Kazuo Ohta
The International Symposium on Information Theory and Its Applications, (ISITA’20), IEEE, 382-386, Oct. 2020, Peer-reviwed
International conference proceedings, English

Simple Electromagnetic Analysis Against Activation Functions of Deep Neural Networks
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yang Li
In Proc. Artificial Intelligence in Hardware Security (AIHWS’20),, Springer International Publishing, 181-197, Oct. 2020, Peer-reviwed
International conference proceedings, English

An Optimized Implementation of AES-GCM for FPGA Acceleration Using High-Level Synthesis
Tsubasa Takaki; Yang Li; Kazuo Sakiyama; Shoei Nashimoto; Daisuke Suzuki; Takeshi Sugawara
In Proc. Global Conference on Consumer Electronics (GCCE’20), 176-180, Oct. 2020, Peer-reviwed
International conference proceedings, English

(Short Paper) Signal Injection Attack on Time-to-Digital Converter and Its Application to Physically Unclonable Function
Takeshi Sugawara; Tatsuya Onuma; Yang Li
Advances in Information and Computer Security, Springer International Publishing, 117-127, 26 Aug. 2020
In book

An IC-level countermeasure against laser fault injection attack by information leakage sensing based on laser-induced opto-electric bulk current density
Kohei Matsuda; Sho Tada; Makoto Nagata; Yuichi Komano; Yang Li; Takeshi Sugawara; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama; Noriyuki Miura
Japanese Journal of Applied Physics, IOP Publishing, 59, SG, SGGL02-SGGL02, 01 Apr. 2020, Peer-reviwed, Abstract

Laser fault injection (LFI) attacks on cryptographic processor ICs are a critical threat to information systems. This paper proposes an IC-level integrated countermeasure employing an information leakage sensor against an LFI attack. Distributed bulk current sensors monitor abnormal bulk current density caused by laser irradiation for LFI. Time-interleaved sensor operation and sensitivity tuning can obtain partial secret key leakage bit information with small layout area penalty. Based on the leakage information, the secret key can be securely updated to realize high-availability resilient systems. The test chip was designed and fabricated in a 0.18 μm standard CMOS, integrating a 128-bit advanced encryption standard cryptographic processor with the proposed information leakage sensor. This evaluation successfully demonstrated bulk current density and leakage bit monitoring.
Scientific journal

Signal Injection Attack on Time-to-Digital Converter and Its Application to Physically Unclonable Function.
Takeshi Sugawara 0001; Tatsuya Onuma; Yang Li 0001
IACR Cryptology ePrint Archive, 2020, 716-716, 2020
Scientific journal

LFI検知回路に対するサイドチャネル攻撃耐性評価
羽田野凌太; 平田 遼; 松田航平; 三浦典之; 李陽; 崎山一男
電子情報通信学会論文誌(A), J104-A, 5, 118-126, 2020, Peer-reviwed
Scientific journal, Japanese

Side-Channel Leakage of Alarm Signal for a Bulk-Current-Based Laser Sensor
Yang Li; Ryota Hatano; Sho Tada; Kohei Matsuda; Noriyuki Miura; Takeshi Sugawara; Kazuo Sakiyama
In Proc. International Conference on Information Security and Cryptology (Inscrypt’19), LNCS 12020, Dec. 2019, Peer-reviwed
International conference proceedings, English

Fingerprinting Light Emitting Diodes Using Spectrometer
Akiko Toh; Yang Li; Kazuo Sakiyama; Takeshi Sugawara
IET Electronics Letters, 55, 24, 1295-1297, Sep. 2019, Peer-reviwed
Scientific journal, English

A Graphical PIN Entry System with Shoulder Surfing Resistance
Muhammad Salman; Yang Li; Jian Wang
2019 IEEE 4th International Conference on Signal and Image Processing, 203-207, Jul. 2019, Peer-reviwed
International conference proceedings, English

Probing Attack of Share-Serial Threshold Implementation of AES
Takeshi Sugawara; Yang Li; Kazuo Sakiyama
IET Electronics Letters, Institution of Engineering and Technology (IET), 55, 9, 517-519, May 2019, Peer-reviwed
Scientific journal, English

A Framework for Evaluation and Analysis on Infection Countermeasures Against Fault Attacks
Jingyi Feng; Hua Chen; Yang Li; Zhipeng Jiao; Wei Xi
IEEE Transactions on Information Forensics and Security, 2020, 15, 391-406, 20 Mar. 2019, Peer-reviwed
Scientific journal, English

An Information Leakage Sensor Based on Measurement of Laser-Induced Opto-Electric Bulk Current Density
K. Matsuda; S. Tada; M. Nagata; Y. Li; T. Sugawara; M. Iwamoto; K. Ohta; K. Sakiyama; N. Miura
International Conference on Solid State Devices and Materials (SSDM’19), 2019, 2019, Peer-reviwed
International conference proceedings, English

Improved Differential Fault Analysis on Authenticated Encryption of PAEQ-128
Ruyan Wang; Xiaohan Meng; Yang Li; Jian Wang
International Conferences on Information Security and Cryptology 2018 (Inscript’18), 183-199, Dec. 2018, Peer-reviwed
International conference proceedings, English

Recovering Memory Access Sequence with Differential Flush+Reload Attack
Zhiwei Yuan; Yang Li; Kazuo Sakiyama; Takeshi Sugawara; Jian Wang
Proceedings of the 14th International Conference on Information Security Practice and Experience, Springer International Publishing, 11125, 424-439, 27 Sep. 2018, Peer-reviwed
International conference proceedings, English

Towards Optimized DFA Attacks on AES under Multibyte Random Fault Model
Ruyan Wang; Xiaohan Meng; Yang Li; Jian Wang
Security and Communication Networks 2018, 2870475, 1-9, 13 Aug. 2018, Peer-reviwed
Scientific journal, English

Similar Operation Template Attack on RSA-CRT as a Case Study
Sen Xu; Xiangjun Lu; Kaiyu Zhang; Yang Li; Lei Wang; Weijia Wang; Haihua Gu; Zheng Guo; Junrong Liu; Dawu Gu
Science China Information Sciences, 61, 32111, 1-17, Mar. 2018, Peer-reviwed
Scientific journal, English

A Strict Key Enumeration Algorithm for Dependent Score Lists of Side-Channel Attacks
Yang Li; Shuang Wang; Zhibin Wang; Jian Wang
In Proc. 16th Smart Card Research and Advanced Application Conference, (Cardis’17), Springer, 51-69, Jan. 2018, Peer-reviwed
International conference proceedings, English

Comprehensive Evaluation on an ID-Based Side-Channel Authentication with FPGA-Based AES
Yang Li; Momoka Kasuya; Kazuo Sakiyama
Applied Sciences, 8, 10, 2018, Peer-reviwed
Scientific journal, English

A New Key Rank Estimation Method to Investigate Dependent Key Lists of Side Channel Attacks
Shuang Wang; Yang Li; Jian Wang
In Proc. Asian Hardware Oriented Security and Trust Symposium (AsianHOST’17), IEEE, 1-6, Oct. 2017, Peer-reviwed
International conference proceedings, English

Another Security Evaluation of SPA Countermeasures for AES Key Expansion in IoT Devices
Yang Li; MeiTing Chen; Jian Wang
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING, INST INFORMATION SCIENCE, 33, 4, 1085-1100, Jul. 2017, Peer-reviwed, Internet of things (IoT) devices are easily exposed to physical attackers for their easy access. Therefore, the cryptographic algorithms should be implemented carefully considering the key recovery attacks such as side-channel attacks and fault attacks. This work focuses on the simper power analysis against AES key expansion in the attack scenario of the IoT device. We mainly focused on the power analysis countermeasure applied to AES key expansion proposed and evaluated by Clavier et al. in CHES 2014. Their proposed column -wise random order countermeasure showed certain resistance against power analysis. Clavier et al. then analyzed the improved key recovery attack that combines power analysis with fault injections. In this work, we argue that extracting power information of AES state is more preferred than performing fault injections for practical attackers. This work first comprehensively evaluates the random order countermeasure assuming the attackers use the power consumptions of AES state to accelerate the key recovery. The relationship between the key recovery result and the amount of used information are verified with both theoretical analysis and key recovery simulations. The results demonstrate a set of effective key extractions with no fault injections. The most effect attack uses the Hamming weight of 12 bytes for 2 AES executions, whose key extraction finishes in 1 minute. This work also considers to use algebraic side channel attack to construct a general security evaluation method for variant countermeasures. We explain the successful key recovery of algebraic side -channel attack on AES key expansion and discuss some observations.
Scientific journal, English

Reduction in the Number of Fault Injections for Blind Fault Attack on SPN Block Ciphers
Yang Li; Mengting Chen; Zhe Liu; Jian Wang
ACM TRANSACTIONS ON EMBEDDED COMPUTING SYSTEMS, ASSOC COMPUTING MACHINERY, 16, 2, 1-20, Apr. 2017, Peer-reviwed, In 2014, a new fault analysis called blind fault attack (BFA) was proposed, in which attackers can only obtain the number of different faulty outputs without knowing the public data. The original BFA requires 480,000 fault injections to recover a 128-bit AES key. This work attempts to reduce the number of fault injections under the same attack assumptions. We analyze BFA from an information theoretical perspective and introduce a new probability-based distinguisher. Three approaches are proposed for different attack scenarios. The best one realized a 66.8% reduction of the number of fault injections on AES.
Scientific journal, English

Another SPA Key Recovery Against Random Order Countermeasures for AES Key Expansion
Mengting Chen; Yang Li; Jian Wang
CLOUD COMPUTING AND SECURITY, ICCCS 2016, PT I, SPRINGER INT PUBLISHING AG, 10039, 322-334, 2016, Peer-reviwed, To increase the resistance against power analysis, random order countermeasure applied to AES key expansion was proposed and evaluated by Clavier et al. in CHES 2014. The proposed column-wise random order countermeasure showed certain resistance when the power consumption of the key expansion part is used for key recovery. For further evaluation, Clavier et al. analyzed the improvement of key recovery attack using fault injection as additional information. As for the acceleration of the key recovery, this work argues that extracting power information of AES state is more preferred than performing fault injections for practical attackers. This work comprehensively evaluates the random order countermeasure assuming the attackers use the power consumptions of AES state to accelerate the key recovery. We studied the relationship between key recovery result and the amount of information from AES state via both theoretical analysis and key recovery simulations. The results (a) demonstrate a set of effective key extractions with no fault injections and (b) discover the most cost-effective attack is extracting Hamming weight of 12 bytes for 2 AES executions, whose key extraction averagely finishes in 1 min.
International conference proceedings, English

Introduction to Side-Channel Attacks and Fault Attacks
Yang Li; Mengting Chen; Jian Wang
2016 ASIA-PACIFIC INTERNATIONAL SYMPOSIUM ON ELECTROMAGNETIC COMPATIBILITY (APEMC), IEEE, 573-575, 2016, Peer-reviwed, Side-channel attacks and fault attacks use the physical interactions with cryptographic devices to achieve the shortcuts of recovering the secret key. For side-channel attacks, physical information leakage during the cryptographic calculation is measured and statistically analyzed to reveal the intermediate values. For fault attacks, computational faults are intentionally triggered to obtain faulty outputs or fault behaviors for the key recovery. Fault injections are also used to obtain special information leakage under the faulty environment. This paper gives a general overview of these physical attacks and discusses the necessity of the accurate complexity evaluation of their successful key recovery.
International conference proceedings, English

Fully integrated passive UHF RFID tag for hash-based mutual authentication protocol
Shugo Mikami; Dai Watanabe; Yang Li; Kazuo Sakiyama
Scientific World Journal, Hindawi Publishing Corporation, 2015, (Article ID 498610), 1-11, 2015, Peer-reviwed, Passive radio-frequency identification (RFID) tag has been used in many applications. While the RFID market is expected to grow, concerns about security and privacy of the RFID tag should be overcome for the future use. To overcome these issues, privacy-preserving authentication protocols based on cryptographic algorithms have been designed. However, to the best of our knowledge, evaluation of the whole tag, which includes an antenna, an analog front end, and a digital processing block, that runs authentication protocols has not been studied. In this paper, we present an implementation and evaluation of a fully integrated passive UHF RFID tag that runs a privacy-preserving mutual authentication protocol based on a hash function. We design a single chip including the analog front end and the digital processing block. We select a lightweight hash function supporting 80-bit security strength and a standard hash function supporting 128-bit security strength. We show that when the lightweight hash function is used, the tag completes the protocol with a reader-tag distance of 10 cm. Similarly, when the standard hash function is used, the tag completes the protocol with the distance of 8.5 cm. We discuss the impact of the peak power consumption of the tag on the distance of the tag due to the hash function.
Scientific journal, English

クロック間衝突を漏洩モデルとする新たなサイドチャネル解析と並列実装AES暗号ハードウェアにおける弱い鍵
Toshiki Nakasone; Yang Li; Kazuo Ohta; Kazuo Sakiyama
電子情報通信学会論文誌(A), J97, A(11), 695-703, Nov. 2014, Peer-reviwed
Scientific journal, Japanese

Software and hardware co-verification for privacy-enhanced passive UHF RFID tag
Yang Li; Toshiki Naksone; Kazuo Sakiyama
IEEE International Symposium on Electromagnetic Compatibility, Institute of Electrical and Electronics Engineers Inc., 2014-, September, 752-757, 15 Sep. 2014, Peer-reviwed, RFID system is one of the most important components for the construction of the Internet of Things. The wireless communication between the tag reader and the RFID tag is based on electromagnetic radiation, which is fully accessible by adversaries and brings the security and privacy problems. The RFID-based applications that are related to personal information urgently require the practical solution to the privacy protection. This work introduces a software and hardware combined functionality verification for a privacy-preserving RFID design. The target RFID design is the digital part of a passive UHF RFID tag with hash-based mutual authentication protocol and privacy-mode switch. We introduce the setup, the procedures and the results of the performed simulation-based and FPGA-based functionality verification. Finally, we explain the benefits and limitations of the performed experiments.
International conference proceedings, English

A Silicon-level Countermeasure against Fault Sensitivity Analysis and Its Evaluation
Sho Endo; Yang Li; Naofumi Homma; Kazuo Sakiyama; Kazuo Ohta; Daisuke Fujimoto; Makoto Nagata; Toshihiro Katashita; Jean-Luc Danger; Takafumi Aoki
IEEE Trans. Very Large Scale Integr. (VLSI) Syst., 28, 8, 1429-1438, Aug. 2014, Peer-reviwed
Scientific journal, English

Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest
Christophe Clavier; Jean-Luc Danger; Guillaume Duc; M. Abdelaziz; Elaabid; Benoît Gérard; Sylvain Guilley; Annelie Heuser; Michael Kasper; Yang Li; Victor Lomné; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama; Laurent Sauvage; Werner Schindler; Marc Stöttinger; Nicolas Veyrat-Charvillon; Matthieu Walle; Antoine Wurcker
J. Cryptographic Engineering, 4, 1, 1-16, Apr. 2014, Peer-reviwed
Scientific journal, English

Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest
Christophe Clavier; Jean-Luc Danger; Guillaume Duc; M. Abdelaziz Elaabid; Benoît Gérard; Sylvain Guilley; Annelie Heuser; Michael Kasper; Yang Li; Victor Lomné; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama; Laurent Sauvage; Werner Schindler; Marc Stöttinger; Nicolas Veyrat-Charvillon; Matthieu Walle; Antoine Wurcker
Journal of Cryptographic Engineering, Springer Verlag, 4, 4, 259-274, 2014, Peer-reviwed, Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.
Scientific journal, English

Yet another fault-based leakage in non-uniform faulty ciphertexts
Yang Li; Yu-Ichi Hayashi; Arisa Matsubara; Naofumi Homma; Takafumi Aoki; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, 8352, 272-287, 2014, Peer-reviwed, This paper discusses the information leakage that comes from the non-uniform distribution of the faulty calculation results for hardware AES implementations under setup-time violations. For the setup-time violation, it is more difficult to predict the faulty value than the introduced difference itself. Therefore, the faulty calculation results have been always paired with the fault-free calculations as the information leakage. However, the faulty calculation results under statistical analyses can directly leak the secret. This leakage is mainly caused by the circuit structure rather than the transition differences for variant input data. Generally, this work explains the mechanism of the non-uniform distribution of faulty calculation results. For the widely used composite field based AES S-box, we explain and demonstrate that the probability of the emergence of a particular faulty value is much higher than other values. We use the key recovery method proposed by Fuhr et al., and show the successful key recovery using only the faulty calculation results. In addition, against the attack target that encrypts random plaintexts, we extend the attack in case the faults are injected remotely using electromagnetic interference without any injection timing trigger. © 2014 Springer International Publishing Switzerland.
International conference proceedings, English

Privacy-Mode Switching: Toward Flexible Privacy Protection for RFID Tags in Internet of Things
Yang Li; Toshiki Nakasone; Kazuo Ohta; Kazuo Sakiyama
2014 IEEE 11TH CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE (CCNC), IEEE, 941-942, 2014, Peer-reviwed, The privacy problem becomes the biggest obstacle when applying the RFID technology to personal customers usage in Internet of Things. Privacy protection is in the cost of computational overhead and feasibility loss, and necessary for privacy-sensitive usages. We propose a RFID system in which the privacy protection can be turned on or off by validate authorities. The privacy-mode switching increases diversity of RFID usage, enables RFID recycles, and has limited hardware overhead for RFID tags. Based on a symmetric-key crypto-based mutual authentication protocol called OMHSO, we describe a construction of a RFID system with flexible privacy-mode switching.
International conference proceedings, English

Practical DFA strategy for AES under limited-access conditions
Kazuo Sakiyama; Yang Li; Shigeto Gomisawa; Yu-Ichi Hayashi; Mitsugu Iwamoto; Naofumi Homma; Takafumi Aoki; Kazuo Ohta
Journal of Information Processing, Information Processing Society of Japan, 22, 2, 142-151, 2014, Peer-reviwed, Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remotefault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections. © 2014 Information Processing Society of Japan.
Scientific journal, English

Software and Hardware Co-Verification for Privacy-Enhanced Passive UHF RFID Tag
Yang Li; Toshiki Naksone; Kazuo Sakiyama
2014 IEEE INTERNATIONAL SYMPOSIUM ON ELECTROMAGNETIC COMPATIBILITY (EMC), IEEE, 752-757, 2014, Peer-reviwed, RFID system is one of the most important components for the construction of the Internet of Things. The wireless communication between the tag reader and the RFID tag is based on electromagnetic radiation, which is fully accessible by adversaries and brings the security and privacy problems. The RFID-based applications that are related to personal information urgently require the practical solution to the privacy protection. This work introduces a software and hardware combined functionality verification for a privacy-preserving RFID design. The target RFID design is the digital part of a passive UHF RFID tag with hash-based mutual authentication protocol and privacy-mode switch. We introduce the setup, the procedures and the results of the performed simulation based and FPGA-based functionality verification. Finally, we explain the benefits and limitations of the performed experiments.
International conference proceedings, English

Single-Chip Implementation and Evaluation of Passive UHF RFID Tag with Hash-Based Mutual Authentication
Yang Li; Shugo Mikami; Dai Watanabe; Kazuo Ohta; Kazuo Sakiyama
Cryptology and Information Security Series, IOS Press, 12, 3-15, 2014, Peer-reviwed, This paper presents a single-chip implementation and evaluation of a passive ultra-high frequency (UHF) RFID tag that uses hash-based mutual authentication protocol. Implementation details of the silicon chip including analog power block, analog clock block, cryptographic block, volatile and non-volatile memory blocks will be introduced as well as the evaluation results of the chip about area, execution time, and power consumption. To the best of our knowledge, this work is the first single-chip implementation and the first feasibility verification of a fully functional passive UHF RFID tag chip running the hash-based mutual authentication protocol with forward privacy-preservation. We expect our experience is helpful for the future design of the privacy-preserving RFID system from both academic and industrial points of view.
Scientific journal, English

Exploration of the CC-EMA Attack Towards Efficient Evaluation of EM Information Leakage
Toshiki Nakasone; Kazuo Sakiyama; Yang Li; Kazuo Ohta
International Symposium on Electromagnetic Compatibility (EMC EUROPE' 2013), 411-414, Sep. 2013, Peer-reviwed
International conference proceedings, English

An extension of fault sensitivity analysis based on clockwise collision
Yang Li; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7763, 46-59, 2013, Peer-reviwed, This paper proposes an extension of fault sensitivity analysis based on clockwise collision. The original FSA attack uses the fault injections to exploit the sensitivity of calculations against the fault injections. While the clockwise collision fault sensitivity analysis (CC-FSA) uses the fault injections to detect the occurrence of the clockwise collision and to recover the secret key. Clockwise collision is a phenomenon for iterative hardware circuits, which leads to nearly impossible setup-time violations. Take an AES S-box as an instance, clockwise collision occurs when the S-box inputs for two consecutive clock cycles are identical in value. As a result, the combinational circuit in the second clock cycle has almost no signal toggle and a negligible critical path delay. This paper proposes and verifies the concept of CC-FSA using the clock-glitch-based fault injections and an unprotected AES implementation. We investigate the key recovery method for CC-FSA with a noisy data set and we consider CC-FSA can help the previous collision-based model-less FSA attack to identify the final 8-bit secret information without additional data and negligible computational overhead. © 2013 Springer-Verlag Berlin Heidelberg.
International conference proceedings, English

Key-dependent weakness of AES-based ciphers under clockwise collision distinguisher
Toshiki Nakasone; Yang Li; Yu Sasaki; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7839, 395-409, 2013, Peer-reviwed, In 2011, Li et al. proposed a series of side-channel attacks that are related to a fundamental side-channel leakage source called clockwise collision. This paper discloses the fact that hardware implementations of AES-based ciphers could have weak keys assuming that the leakage of clockwise collision is distinguishable. In order to explain this, we firstly set up an evaluation method by introducing a threshold-based distinguisher that takes an advantage of the locality of ElectroMagnetic (EM) measurements. Secondly, we discuss that the probability of clockwise collision depends on the key values and the byte positions in the AES states. Thirdly, based on practical EM measurements and mathematical analysis, we quantitatively evaluate the relationship between the probability of clockwise collision and the vulnerability to the side-channel attack. Finally, the discussion is extended to the design methodology of AES-based ciphers, i.e., the parameter selection for S-box and ShiftRows. © 2013 Springer-Verlag.
International conference proceedings, English

A New Type of Fault-Based Attack: Fault Behavior Analysis
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E96A, 1, 177-184, Jan. 2013, Peer-reviwed, Fault-based attacks are very powerful to recover the secret key for cryptographic implementations. In this work, we consider the faulty output value under a certain fault injection intensity as a new type of leakage called faulty behavior. We examine the data-dependency of the faulty behavior and propose a related side-channel attack called fault behavior analysis (FBA). To verify the validity of the proposed attack, we first show that our attack can work effectively on AES-COMP of SASEBO-R. Then we show how to apply the similar attack on two AES implementations with masking countermeasures, i.e., AES-MAO and AES-TI. Finally we compare the proposed FBA attack with the DFA attack and the FSA attack, trying to complete the research map for the fault-based attack based on setup-time violations.
Scientific journal, English

Exploring the relations between fault sensitivity and power consumption
Yang Li; Sho Endo; Nicolas Debande; Naofumi Homma; Takafumi Aoki; Thanh-Ha Le; Jean-Luc Danger; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7864, 137-153, 2013, Peer-reviwed, This paper qualitatively explores the relations between two kinds of side-channel leakages, i.e., the fault sensitivity (FS) and the power consumption. The FS is a relatively new active side-channel leakage, while the power consumption is one of the earliest researched passive side-channel leakage. These two side-channels are closely related with regard to both the security evaluation and the countermeasure proposal. This paper experimentally answers the following important issues such as the relationship between these two side-channels, whether they share the same leakage function and whether they can be protected by the same countermeasure. Based on two FPGA AES implementations without countermeasures, we first confirm a high correlation between the power consumption and the FS. Then, we construct the leakage profiles for the FS and the power consumption to explain the detailed relations between them. We also confirm a successful key recovery using the FS profile as the leakage model for power consumption. Based on these discoveries, we believe that FSA can be used as an evaluation tool to find the first-order leakage with less data-complexity, and it is more reasonable to achieve the countermeasures against FSA and power analysis from different design levels. © 2013 Springer-Verlag Berlin Heidelberg.
International conference proceedings, English

Coupon collector's problem for fault analysis against AES - High tolerance for noisy fault injections
Yu Sasaki; Yang Li; Hikaru Sakamoto; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7859, 213-220, 2013, Peer-reviwed, In this paper, we propose a new technique for Square Differential Fault Analysis (DFA) against AES that can recover a secret key even with a large number of noisy fault injections, while the previous approaches of the Square DFA cannot work with noise. This makes the attack more realistic because assuming the 100% accuracy of obtaining intended fault injections is usually impossible. Our success lies in the discovery of a new mechanism of identifying the right key guess by exploiting the coupon collector's problem and its variant. Our attack parameterizes the number of noisy fault injections. If the number of noisy faults is set to 0, the analysis becomes exactly the same as the previous Square DFAs. Then, our attack can work even with a large number of noisy faults. Thus our work can be viewed as a generalization of the previous Square DFAs with respect to the number of tolerable noisy fault injections. © 2013 Springer-Verlag.
International conference proceedings, English

複数の要因に対する新たな故障感度解析
小池彩歌; 李陽; 中津大介; 太田和夫; 崎山一男
電子情報通信学会論文誌(A), The Institute of Electronics, Information and Communication Engineers, J95-A,, 10, 751-755, Oct. 2012, Peer-reviwed, 暗号実装の耐タンパー性を確保するためには,故障発生時の評価が不可欠である.数ある故障誘発要因の中で,特に本論文では暗号デバイスに供給するクロック信号と電流及びデバイス動作時の環境温度を複合的に利用した故障感度解析を提案する.
Scientific journal, Japanese

複数の要因に対する新たな故障感度解析
小池彩歌; 李陽; 中津大介; 太田和夫; 﨑山一男
電子情報通信学会論文誌(A), 20, 5, 827-840, Oct. 2012, Peer-reviwed
Scientific journal, Japanese

Information-Theoretic Approach to Optimal Differential Fault Analysis
Kazuo Sakiyama; Yang Li; Mitsugu Iwamoto; Kazuo Ohta
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 7, 1, 109-120, Feb. 2012, Peer-reviwed, This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active attack where attackers induce an error in operations to retrieve the secret internal information, e. g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA attacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.
Scientific journal, English

New Fault-Based Side-Channel Attack Using Fault Sensitivity
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 7, 1, 88-97, Feb. 2012, Peer-reviwed, This paper proposes a new fault-based attack called fault sensitivity analysis (FSA) attack. In the FSA attack, fault injections are used to test out the sensitive information leakage called fault sensitivity. Fault sensitivity means the critical fault injection intensity that corresponds to the threshold between devices' normal and abnormal behaviors. We demonstrate that without using the values of the faulty outputs, attackers can obtain the information of the secret key based on the data-dependency of the collected fault sensitivity data. This paper explains the successful FSA attacks against three Advanced Encryption Standard (AES) hardware implementations, where two of them are resistant to the differential fault analysis. This paper also discusses the countermeasures against the proposed FSA attacks.
Scientific journal, English

Fault injection and key retrieval experiments on an evaluation board
Junko Takahashi; Toshinori Fukunaga; Shigeto Gomisawa; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Information Security and Cryptography, Springer International Publishing, 17, 313-331, 2012, Peer-reviwed, This chapter presents fault injection experiments using a side-channel evaluation board called SASEBO, which was developed to unify testing environments for side-channel analysis. We describe experiments where faults were injected into a cryptographic LSI mounted on a SASEBO board using a clock glitch. In this experiment, the faults can be induced at any desired point in time during the computation of an algorithm. We show the results of injecting faults into block cipher and public key modules implemented on the LSI. We also show the key retrieval from standard ciphers using the faulty outputs obtained in these experiments. This work contributes to the study of how a fault is injected into a target device, such as an LSI mounted on an evaluation board, and verifies various theoretical fault analyses using an experimental environment.
In book, English

Toward Effective Countermeasures against an Improved Fault Sensitivity Analysis
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E95A, 1, 234-241, Jan. 2012, Peer-reviwed, This paper proposes the countermeasures against an improved fault sensitivity analysis. Our countermeasure is proposed based on the WDDL technique due to its built-in resistance against both the power-based attack and differential fault analysis. At CHES 2010, Li et al. proposed the FSA attack on WDDL-AES. The vulnerability of WDDL-AES in their attack mainly comes from the implementation deficiency rather than the WDDL technique itself. This paper first proposes an improved fault sensitive analysis that can threat a well-implemented WDDL-AES based on the input-data dependency for the critical path delay of WDDL S-box. Then we discuss the possibility of efficient countermeasures by modifying the WDDL circuit with a limited overhead. The countermeasures are discussed based on either modifying the dual-rail to single-rail converter or the introduction of the enable signal.
Scientific journal, English

An Efficient Countermeasure against Fault Sensitivity Analysis Using Configurable Delay Blocks
Sho Endo; Yang Li; Naofumi Homma; Kazuo Sakiyama; Kazuo Ohta; Takafumi Aoki
2012 WORKSHOP ON FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY (FDTC), IEEE, 95-102, 2012, Peer-reviwed, In this paper, we present an efficient countermeasure against Fault Sensitivity Analysis (FSA) based on a configurable delay blocks (CDBs). FSA is a new type of fault attack which exploits the relationship between fault sensitivity and secret information. Previous studies reported that it could break cryptographic modules equipped with conventional countermeasures against Differential Fault Analysis (DFA) such as redundancy calculation, Masked AND-OR and Wave Dynamic Differential Logic (WDDL). The proposed countermeasure can detect both DFA and FSA attacks based on setup time violation faults. The proposed ideas are to use a CDB as a time base for detection and to combine the technique with Li's countermeasure concept which removes the dependency between fault sensitivities and secret data. Post-manufacture configuration of the delay blocks allows minimization of the overhead in operating frequency which comes from manufacture variability. In this paper, we present an implementation of the proposed countermeasure, and describe its configuration method. We also investigate the hardware overhead of the proposed countermeasure implemented in ASIC for an AES module and demonstrate its validity through an experiment using a prototype FPGA implementation.
International conference proceedings, English

Intentional Electromagnetic Interference for Fault Analysis on AES Block Cipher IC
Yu-ichi Hayashi; Shigeto Gomisawa; Yang Li; Naofumi Homma; Kazuo Sakiyama; Takafumi Aoki; Kazuo Ohta
International Workshop on Electromagnetic Compatibility of Integrated Circuits (EMCCOMPO'11), 235-240, Nov. 2011, Peer-reviwed
International conference proceedings, English

First Experimental Results of Correlation-Enhanced EMA Collision Attack
Toshiki Nakasone; Daisuke Nakatsu; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Poster Session, CHES2011, LNCS 6917, Springer-Verlag, XXX, Sep. 2011, Peer-reviwed
International conference proceedings, English

Combination of SW Countermeasure and CPU Modification on FPGA against Power Analysis
Daisuke Nakatsu; Yang Li; Kazuo Sakiyama; Kazuo Ohta
INFORMATION SECURITY APPLICATIONS, SPRINGER-VERLAG BERLIN, 6513, 258-272, 2011, Peer-reviwed, This paper presents a design flow for secure software (SW) implementations of cryptographic algorithms against Side-Channel Attacks (SCAs) by using a CPU modification. The development of countermeasures to increase resistance against the SCAs in SW implementations is a topic of ongoing research. Researchers have proposed SW-level countermeasures in order to defeat the SCAs. However, we notice that more secure SW implementations are possible with an additional support from a hardware (HW) level countermeasure such as partial CPU modifications. This paper proposes a co-design approach of SW-level countermeasures and CPU modifications to defeat the SCAs on Field Programmable Gate Arrays (FPGA). As a case study of evaluating an effectiveness of the combination of our SW-/HW-level countermeasures, the S-box algorithm proposed by Coron et al. [1] is used. According to our experimental results, we find that the algorithm can be performed with a higher resistance against power analysis by applying our countermeasures. Our proposed design flow is applicable to various kinds of algorithms as well.
International conference proceedings, English

Power Analysis against a DPA-Resistant S-Box Implementation Based on the Fourier Transform
Yang Li; Kazuo Sakiyama; Shinichi Kawamura; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E94A, 1, 191-199, Jan. 2011, Peer-reviwed, This paper shows two power analysis attacks against a software implementation of a first-order DPA resistant S-box algorithm that is based on the discrete Fourier Transform (DFT). The DPA resistant S-box algorithm based on DFT was proposed by Prouff et al. in 2006 and improved by Coron et al. in 2008, respectively. In our attacks against the improved one, we pre-process the power traces by separating them into two subgroups, so that each has a biased mask. For the separated power traces, two post analysis methods are proposed to identify the key. One is based on DPA attack against one subgroup, and the other utilizes the difference of means for two subgroups and a pattern matching. Finally, we compare these two attack methods and propose an algorithm-level countermeasure to enhance the security of S-box calculation based on the DFT.
Scientific journal, English

Fault sensitivity analysis against elliptic curve cryptosystems
Hikaru Sakamoto; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Proceedings - 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, 11-20, 2011, Peer-reviwed, In this paper, we present a fault-based security evaluation for an Elliptic Curve Cryptography (ECC) implementation using the Montgomery Powering Ladder (MPL). We focus in particular on the López-Dahab algorithm, which is used to calculate a point on an elliptic curve efficiently without using the y - coordinate. Several previous fault analysis attacks cannot be applied to the ECC implementation employing the López-Dahab algorithm in a straight-forward manner. In this paper, we evaluate the security of the López-Dahab algorithm using Fault Sensitivity Analysis (FSA). Although the initial work on FSA was applied only to an Advanced Encryption Standard (AES) implementation, we apply the technique to the ECC implementation. Consequently, we found a vulnerability to FSA for the ECC implementation using the López-Dahab algorithm. © 2011 IEEE.
International conference proceedings, English

Revisit fault sensitivity analysis on WDDL-AES
Yang Li; Kazuo Ohta; Kazuo Sakiyama
2011 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2011, 148-153, 2011, Peer-reviwed, This paper revisits and improves the fault sensitivity analysis (FSA) attack on WDDL-AES. At CHES 2010, the FSA attack on WDDL-AES was proposed by Li et al. based on the delay timing difference for complementary wires. In their attack, the vulnerability of WDDL-AES mainly comes from the implementation deficiency rather than the WDDL technique itself. On the contrary, we explain that a well-implemented WDDL-AES also has the vulnerability against the FSA attack due to the input-data dependency for the critical delay of the WDDL S-box. We explain the observed ciphertext-bit dependency for the fault sensitivity (FS) data when the clock glitch is injected at the final AES round. By proposing a new distinguisher, our FSA attack can successfully retrieve the secret key information for WDDL-AES on SASEBO-R. © 2011 IEEE.
International conference proceedings, English

On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting
Amir Moradi; Oliver Mischke; Christof Paar; Yang Li; Kazuo Ohta; Kazuo Sakiyama
CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2011, SPRINGER-VERLAG BERLIN, 6917, 292-+, 2011, Peer-reviwed, At CHES 2010 two powerful new attacks were presented, namely the Fault Sensitivity Analysis and the Correlation Collision Attack. This paper shows how these ideas can be combined to create even stronger attacks. Two solutions are presented; both extract leakage information by the fault sensitivity analysis method while each one applies a slightly different collision attack to deduce the secret information without the need of any hypothetical leakage model. Having a similar fault injection method, one attack utilizes the non-uniform distribution of faulty ciphertext bytes while the other one exploits the data-dependent timing characteristics of the target combination circuit. The results when attacking several AES ASIC cores of the SASEBO LSI chips in different process technologies are presented. Successfully breaking the cores protected against DPA attacks using either gate-level countermeasures or logic styles indicates the strength of the attacks.
International conference proceedings, English

New Approach of Super-Sbox Analysis on AES-Based Permutations: Applications to ECHO and Grøstl
Yu Sasaki; Li Yang; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
Advances in Cryptology -- ASIACRYPT'10, LNCS 6477, Springer-Verlag, 38-55, Dec. 2010, Peer-reviwed
International conference proceedings, English

Power Variance Analysis Breaks a Masked ASIC Implementation of AES
Yang Li; Kazuo Sakiyama; Lejla Batina; Daisuke Nakatsu; Kazuo Ohta
2010 DESIGN, AUTOMATION & TEST IN EUROPE (DATE 2010), IEEE, 1059-1064, 2010, Peer-reviwed, To obtain a better trade-off between cost and security, practical DPA countermeasures are not likely to deploy full masking that uses one distinct mask bit for each signal. A common approach is to use the same mask on several instances of an algorithm. This paper proposes a novel power analysis method called Power Variance Analysis (PVA) to reveal the danger of such implementations. PVA uses the fact that the side-channel leakage of parallel circuits has a big variance when they are given the same but random inputs. This paper introduces the basic principle of PVA and a series of PVA experiments including a successful PVA attack against a prototype RSL-AES implemented on SASEBO-R.
International conference proceedings, English

Fault Sensitivity Analysis
Yang Li; Kazuo Sakiyama; Shigeto Gomisawa; Toshinori Fukunaga; Junko Takahashi; Kazuo Ohta
CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2010, SPRINGER-VERLAG BERLIN, 6225, 320-+, 2010, Peer-reviwed, This paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values of faulty ciphertexts. Fault sensitivity means the critical condition when a faulty output begins to exhibit some detectable characteristics, e.g., the clock frequency when fault operation begins to occur. We explain that the fault sensitivity exhibits sensitive-data dependency and can be used to retrieve the secret key. This paper presents two practical FSA attacks against two AES hardware implementations on SASEBO-R, PPRM1-AES and WDDL-AES. Different from previous work, we show that WDDL-AES is not perfectly secure against setup-time violation attacks. We also discuss a masking technique as a potential countermeasure against the proposed fault-based attack.
International conference proceedings, English

Non-full-active Super-Sbox Analysis: Applications to ECHO and Grostl
Yu Sasaki; Yang Li; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
ADVANCES IN CRYPTOLOGY - ASIACRYPT 2010, SPRINGER-VERLAG BERLIN, 6477, 38-+, 2010, Peer-reviwed, In this paper, we present non-full-active Super-Sbox analysis which can detect non-ideal properties of a class of AES-based permutations with a low complexity. We apply this framework to SHA-3 round-2 candidates ECHO and Grostl. The first application is for the full-round (8-round) ECHO permutation, which is a building block for 256-bit and 224-bit output sizes. By combining several observations specific to ECHO, our attack detects a non-ideal property with a time complexity of 2(182) and 2(37) amount of memory. The complexity, especially in terms of the product of time and memory, is drastically reduced from the previous best attack which required 2(512) x 2(512). Note that this result does not impact the security of the ECHO compression function nor the overall hash function. We also show that our method can detect non-ideal properties of the 8-round Grostl-256 permutation with a practical complexity, and finally show that our approach improves a semi-free-start collision attack on the 7-round Grostl-512 compression function. Our approach is based on a series of attacks on AES-based hash functions such as rebound attack and Super-Sbox analysis. The core idea is using a new differential path consisting of only non-full-active states.
International conference proceedings, English

Security Evaluation of a DPA-Resistant S-Box Based on the Fourier Transform
Yang Li; Kazuo Sakiyama; Shinichi Kawamura; Yuichi Komano; Kazuo Ohta
INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, SPRINGER-VERLAG BERLIN, 5927, 3-+, 2009, Peer-reviwed, At CHES 2006. Prouff et al proposed a novel S-box calculation based on the discrete Fourier transform as a first-order DPA countermeasure At CHES 2008, Coron et al. showed that the original countermeasure can be broken by first-order DPA due to a biased mask and they proposed an improved algorithm This paper shows that there is still a flaw in the Colon's S-box algorithm with respect to a practical software implementation We pie-process the power traces to separate them into two subgroups. each has a biased mask For the separated power traces, we propose two post analysis methods to identify the key One is based on CPA attack against one subgroup. and the other is utilizing the difference of means for two subgroups and a pattern matching. Finally, we compare these two attack methods and propose an algorithm level countermeasure to enhance the security of Coron's S-box
International conference proceedings, English

Security of Block Ciphers: From Algorithm Design to Hardware Implementation
Kazuo Sakiyama; Yu Sasaki; Yang Li
A comprehensive evaluation of information security analysis spanning the intersection of cryptanalysis and side-channel analysis Written by authors known within the academic cryptography community, this book presents the latest developments in current research Unique in its combination of both algorithmic-level design and hardware-level implementation
this all-round approach - algorithm to implementation - covers security from start to completion Deals with AES (Advanced Encryption standard), one of the most used symmetric-key ciphers, which helps the reader to learn the fundamental theory of cryptanalysis and practical applications of side-channel analysis., John Wiley and Sons Ltd, 24 Jul. 2015, Security of Block Ciphers: From Algorithm Design to Hardware Implementation, 1-295, English, Others, 84949883783

Consideration on Side-Channel Information Toward Authentication
MATSUBARA Arisa; LI Yang; HAYASHI Yu-ichi; SAKIYAMA Kazuo
Recently, authentication using near field communication is widely spread for entrance and exit control and electronic money systems. However a threat of relay attack is often pointed out. Relay attack enables an attacker to camouflage the location by developing another communication channel instead of the legitimate one. In this paper, we propose an authentication method using side-channel information, and verify the usability of it based on fundamental experiments. When a cryptographic device is working, side-channel information is leaked as a power consumption and an electromagnetic wave, which is unique information depending on secret key. Utilizing such uniqueness for communication between prover and verifier, we aim at realizing an efficient distance bounding mechanism in the RFID-based authentication system., The Institute of Electronics, Information and Communication Engineers, 03 Jul. 2014, IEICE technical report. Social Implications of Technology and Information Ethics, 114, 116, 1-8, Japanese, 0913-5685, 110009945623, AA11651731

Consideration on Side-Channel Information Toward Authentication
Arisa Matsubara; Yang LI; Yu-ichi Hayashi; Kazuo Sakiyama
Recently, authentication using near field communication is widely spread for entrance and exit control and electronic money systems. However a threat of relay attack is often pointed out. Relay attack enables an attacker to camouflage the location by developing another communication channel instead of the legitimate one. In this paper, we propose an authentication method using side-channel information, and verify the usability of it based on fundamental experiments. When a cryptographic device is working, side-channel information is leaked as a power consumption and an electromagnetic wave, which is unique information depending on secret key. Utilizing such uniqueness for communication between prover and verifier, we aim at realizing an efficient distance bounding mechanism in the RFID-based authentication system., Information Processing Society of Japan (IPSJ), 26 Jun. 2014, IPSJ SIG Notes, 2014, 1, 1-8, Japanese, 0919-6072, 110009804637, AA11235941

Practical DFA Strategy for AES Under Limited-access Conditions
Kazuo Sakiyama; Yang Li; Shigeto Gomisawa; Yu-ichiHayashi; Mitsugu Iwamoto; Naofumi Homma; Takafumi Aoki; Kazuo Ohta
Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remote-fault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.22(2014) No.2 (online)DOI http://dx.doi.org/10.2197/ipsjjip.22.142------------------------------Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remote-fault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.22(2014) No.2 (online)DOI http://dx.doi.org/10.2197/ipsjjip.22.142------------------------------, 15 Feb. 2014, 情報処理学会論文誌, 55, 2, English, 1882-7764, 110009665014, AN00116647

On Side-Channel Information Using Signal Toggles in AES Circuit
MATSUBARA Arisa; KUAI Yunfeng; LI Yang; NAKASONE Toshiki; OHTA Kazuo; SAKIYAMA Kazuo
Side-channel attack recovers secret information utilizing extraneous information that leaks from cryp-tographic devices. At COSADE 2013, it has been shown that power consumption and signal delay from two AES hardware implementations, AES-COMP and AES-PPRM1, have a high correlation. In the case of AES-PPRM1, this is because Hamming weight of input values of combinatorial circuit for S-box is considered to be a good model for both side-channel information. However, it is not clear the reason why power consumption and signal delay of AES-COMP has a high correlation. In this paper, we clarify the reason by reconsidering the behavior of signal toggles in the combinatorial circuit. As a result of simulation, we show that a high correlation between power consumption and signal delay stems from the number of signal toggles of output value for S-box circuits and clarify its mechanism., The Institute of Electronics, Information and Communication Engineers, 18 Jul. 2013, 電子情報通信学会技術研究報告 = IEICE technical report : 信学技報, 113, 138, 331-338, Japanese, 0913-5685, 110009773125, AA12526316

On Side-Channel Information Using Signal Toggles in AES Circuit
松原 有沙; カイ 云峰; 李 陽; 中曽根 俊貴; 太田 和夫; 崎山 一男
11 Jul. 2013, 研究報告セキュリティ心理学とトラスト（SPT）, 2013, 49, 1-8, Japanese, 170000077675

On Side-Channel Information Using Signal Toggles in AES Circuit
松原 有沙; カイ 云峰; 李 陽; 中曽根 俊貴; 太田 和夫; 崎山 一男
サイドチャネル攻撃は，消費電力や電磁波などのデバイスから漏洩する副次的な情報を用いて秘密情報を復元する攻撃のことである．COSADE 2013 で，AES 暗号実装の一種である AES-COMP と AES-PPRM1 において，消費電力と故障感度の相関が高いことが示された．AES-PPRM1においては，S-box の組み合せ回路に対する入力値のハミング重みが，消費電力と信号遅延量の両方のサイドチャネル情報に対する良いモデルとなっていることが理由と考えられる．しかしながら，AES-COMPに関しては，消費電力と故障感度の相関が高い理由は明らかではない．そこで本稿では，組み合せ回路の信号遷移回数を再考し，消費電力と信号遅延量との相関を詳しく調査する．シミュレーションによる結果として，AES-COMPとAES-PPRM1の両方において，消費電力と信号遅延量の高相関が，S-box 回路の出力信号の遷移回数に起因することを示し，その理由を明らかとする．Side-channel attack recovers secret information utilizing extraneous information that leaks from cryp tographic devices. At COSADE 2013, it has been shown that power consumption and signal delay from two AES hardware implementations, AES-COMP and AES-PPRM1, have a high correlation. In the case of AES-PPRM1, this is because Hamming weight of input values of combinatorial circuit for S-box is considered to be a good model for both side-channel information. However, it is not clear the reason why power consumption and signal delay of AES-COMP has a high correlation. In this paper, we clarify the reason by reconsidering the behavior of signal toggles in the combinatorial circuit. As a result of simulation, we show that a high correlation between power consumption and signal delay stems from the number of signal toggles of output value for S-box circuits and clarify its mechanism., 11 Jul. 2013, 研究報告コンピュータセキュリティ（CSEC）, 2013, 49, 1-8, Japanese, 170000077612, AA11235941

A-7-7 Noise Tolerant Square Fault Attacks Based on Coupon Collector's Problem
Sasaki Yu; Li Yang; Sakamoto Hikaru; Sakiyama Kazuo
The Institute of Electronics, Information and Communication Engineers, 05 Mar. 2013, Proceedings of the IEICE General Conference, 2013, 142-142, Japanese, 110009699231, AN10471452

Break Masked AES Implementations Using Fault Sensitivity and Faulty Ciphertext Review of Presentation at CHES2011
LI Yang; OHTA Kazuo; SAKIYAMA Kazuo
At CHES 2010, a novel side-channel analysis called fault sensitivity analysis (FSA) has been proposed. The essence of the FSA attack is the exploration of the relationship between the fault injection intensity and the occurrence of the faulty calculation. The originally proposed FSA attack is based on the dependency between the intermediate value and the delay timing for the combinational circuit, and can successfully recover the secret key of 128-bit AES. After that, the FSA attack has been improved from the following two directions, which have been presented at CHES 2011. 1) The break of all the AES cores for SASEBO-R by applying the FSA attack proposed at CHES 2010. 2) The enhancement of the FSA attack by additionally analyzing of the faulty ciphertext that have not been used in the original FSA attack. In this paper, the result of breaking all the AES cores on the SASEBO-R will be explained at first, and then the enhanced FSA attack using faulty ciphertext will be reported in detail especially. In 2), for the AES implementation with masking-based side-channel countermeasures, we successfully find the dependency between the unmasked S-box input and the distribution of the values for a byte of the faulty ciphertext. Based on this factor, we demonstrate how to successfully recover the difference between the secret key bytes for the Masked-AND AES implementation and the AES-Threshold on SASEBO-R., The Institute of Electronics, Information and Communication Engineers, 07 Dec. 2011, Technical report of IEICE. ISEC, 111, 337, 25-25, Japanese, 110009466595, AN10060811

Fault Sensitivity Analysis Against Elliptic Curve Cryptosystems Using Clockwise Collisions
SAKAMOTO Hikaru; LI Yang; OHTA Kazuo; SAKIYAMA Kazuo
In this paper, we propose a new fault analysis attack technique using Clockwise Collision. Generally, for the combinational circuit in a synchronous design, if signal states of consecutive two cycles are same, the delay time of the second cycle is zero. Focusing on this fact, for the fault attack using setup time violation, we find out that it is difficult for an attacker to induce a fault in the operation in which Clockwise Collision occurs. As a case study, we apply this technique to Elliptic Curve Cryptography (ECC) implementation using Lopez-Dahab algorithm. Consequently, we succeeded in identifying the secret key. Our proposed attack technique is valid even if the Z coordinate of the input point is randomized. Therefore, we show that this technique is more powerful than the previous attack technique using Fault Sensitivity Analysis., The Institute of Electronics, Information and Communication Engineers, 14 Nov. 2011, IEICE technical report. Life intelligence and office information systems, 111, 286, 101-108, Japanese, 0913-5685, 110009465967, AA1240564X

A general construction method of visual secret sharing scheme with share rotations
IWMAOTO Mitsugu; LI Yang; SAKIYAMA Kazuo; OHTA Kazuo
In this paper, we discuss a visual secret sharing scheme with multiple secret images including share rotation operations with arbitrary degrees, as an extension of the S-extended (n,n) visual secret sharing scheme proposed by Droste. As a result, it is pointed out that the proposed visual secret sharing scheme can be naturally derived from the S-extended (n,n) visual secret sharing scheme., The Institute of Electronics, Information and Communication Engineers, 03 Sep. 2010, Technical report of IEICE. ISEC, 110, 200, 67-74, English, 0913-5685, 110008108065, AN10060811

A Novel Construction Method for Visual Secret Sharing Schemes Allowing Rotation of Shares
LI Yang; IWAMOTO Mitsugu; OHTA Kazuo; SAKIYAMA Kazuo
In 2006, Iwamoto et al. introduced a visual secret sharing (VSS) schemes that allows rotation operation for shares in decryption. However, the proposed construction method is complicated and it only deals with 180-degree rotation. In this paper, based on the change of the expression of subpixels, the rotation angle for shares is extended into degrees besides 180-degree. Especially, a new VSS scheme, in which two shares can decrypt multiple secret images with appropriate rotation angles, is proposed in this paper. The proposed construction approach overcomes the shortcomings of the one proposed by Li et al.. It satisfies the information theoretical security and is simpler than preview works. Besides, it is also possible to extend the proposed schemes into n shares., The Institute of Electronics, Information and Communication Engineers, 15 May 2009, IEICE technical report, 109, 42, 29-36, English, 0913-5685, 110007161998, AN10060811

Encyclopedia of Cryptography, Security and Privacy
Contributor, Fault Sensitivity Analysis, 1162, Springer, 12 Jul. 2024, 3030715205

暗号ハードウェアのセキュリティ
崎山一男; 菅原健,李陽
Textbook, Japanese, Joint work, コロナ社, May 2019

Security of Block Ciphers: From Algorithm Design to Hardware Implementation
Kazuo Sakiyama; Yu Sasaki; Yang Li
English, Joint work, Wiley, Jul. 2015, 9781118660010

Fault Injection and Key Retrieval Experiments on Evaluation Board: Chapter in Marc Joye and Michael Tunstall editors, Fault Analysis in Cryptography
Junko Takahashi; Toshinori Fukunaga; Shigeto Gomisawa; Yang Li; Kazuo Sakiyama; Kazuo Ohta
English, Contributor, Springer, Jul. 2012

MLP のハミング距離モデルに基づくサイドチャネル攻撃に対する 加算マスキング対策の提案
天野龍乃如; 崎山一男; 宮原大輝; 李陽, “
IEICE総合大会
Mar. 2024

コンポーザブルセキュリティによる暗号回路の高位合成
楊明宇; 比留間絃斗; 崎山一男; 李陽; 原祐子
ハードウェアセキュリティ研究会
Mar. 2024

トークンコントラクトを応用した競馬投票システムの検討
上段浩輝; 李陽; 崎山一男; 宮原大輝
2024年暗号と情報セキュリティシンポジウム (SCIS’24),
Jan. 2024

故障感度情報を用いたt検定によるAESハードウェアの安全性評価
古野亨紀; 佐藤泰雅; 平田遼; 宮原大輝; 李陽; 崎山一男
2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024

画面のスペクトル分布を用いた新たなQR コードの提案
須長淳也; 嶋野裕一郎; 宮原大輝; 李陽; 崎山一男
2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024

高シェア数状況下でのt検定による安全性評価の有効性について
胡宇暘; 宮原大輝; 崎山一男; 李陽
2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024

Implementation of Multiplicative Masked AES S-Box for M&M Scheme
Kaiyuan Li; Haruka Hirata; Daiki Miyahara; Kazuo Sakiyama; Yang Li
2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024

TI-AES に使用する擬似乱数生成器の物理安全性への影響
原田優咲; 塚原麻輝; 宮原大輝; 李陽; 原祐子; 崎山一男
2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024

スクリーミングチャネルから漏洩した情報を用いた物理認証システムの提案
野村麻友; 迫琉奈; 松川侑生; 宮原大輝; 李陽; 崎山一男
2024年暗号と情報セキュリティシンポジウム
Jan. 2024

On the Practical Dependency of Fresh Randomness in AES S-box with Second-Order TI
Maki Tsukahara; Haruka Hirata; Mingyu Yang; Daiki Miyahara; Yang Li; Yuko Hara-Azumi; Kazuo Sakiyama
CANDAR Workshops (CANDARW’23), IEEE, Peer-reviewed
Nov. 2023

スクリーミングチャネルを用いた認証システムの一考察
野村麻友; 粕谷桃伽; 松川侑生; 宮原大輝; 李陽; 崎山一男
IEICE2023年ソサイエティ大会
Sep. 2023

乱数性に対するTI-AESの一様性に関する基礎評価
原田優咲; 塚原麻輝; 宮原大輝; 李陽; 原祐子; 崎山一男
IEICE2023年ソサイエティ大会
Sep. 2023

軽量暗号Asconに対するスクリーミングチャネル解析実験
迫琉奈; 粕谷桃伽; 松川侑生; 宮原大輝; 李陽; 崎山一男
IEICE年ソサイエティ大会
Sep. 2023

ディスプレイが発するスペクトル分布を用いた認証方式の提案
須長淳也; 宮原大輝; 李陽; 崎山一男
IEICE年ソサイエティ大会
Sep. 2023

NFTを利用した競馬投票システムの一考察
上段浩輝; 李陽; 崎山一男; 宮原大輝
IEICE2023年ソサイエティ大会
Sep. 2023

天秤ベース秘密計算に対する計算モデルの構築
金子尚平; 李陽; 崎山一男; 宮原大輝
マルチメディア、分散、協調とモバイル(DICOMO2023)シンポジウム
Jul. 2023

SAKURA-GにおけるVITIセンサーの実装
内山一秀; 李; 陽
情報処理学会 第85回全国大会
Mar. 2023

Attention-Based Non-Profiled SCA on ASCAD Database
Enhao Xu; Takeshi Sugawara; Kazuo SakiyamaYuko Hara-Azumi; Yang Li
2023年 暗号と情報セキュリティシンポジウム（SCIS2023)
Jan. 2023

シミュレーションによるニューラルネットワークの乗算に対するサイドチャネル攻撃の考察
天野 龍乃如; 崎山 一男; 原 祐子; 李 陽
2023年 暗号と情報セキュリティシンポジウム（SCIS2023)
Jan. 2023

電力サイドチャネル攻撃に対して堅牢なARX型暗号回路の高位合成
稲垣沙耶; 楊明宇; 李陽; 﨑山一男; 原祐子
2023年 暗号と情報セキュリティシンポジウム（SCIS2023) 2023年1月
Jan. 2023

天秤とコインを使った秘密計算
吉田深月; 金子尚平; 李陽; 﨑山一男; 宮原大輝
2023年 暗号と情報セキュリティシンポジウム（SCIS2023) 2023年1月
Jan. 2023

相互補助相関電力解析の正解鍵順位と鍵復元率の調査
西澤慧悟、崎山一男 、原祐子、李陽
2023年 暗号と情報セキュリティシンポジウム（SCIS2023)
Jan. 2023

NIST軽量暗号最終候補におけるAD長と平文長に対するレイテンシの測定
北原知明; 日良僚太; 原祐子; 李陽; 崎山一男
Oral presentation, Japanese, IEICE2021年ソサイエティ大会, (Sep., 2021).
Sep. 2021

M&Mにより対策されたAES暗号ハードウェアに対するt検定
塚原麻輝; 平田遼; 李陽; 崎山一男
Oral presentation, Japanese, IEICE2021年ソサイエティ大会, (Sep., 2021).
Sep. 2021

M&Mにより対策されたAES暗号ハードウェアへの故障利用解析に向けた基礎実験
塚原麻輝; 平田遼; 李陽; 崎山一男
Oral presentation, Japanese, IEICE2021年ソサイエティ大会, (Sep., 2021).
Sep. 2021

ミクスチャ差分を用いた暗号解析のLED64への適用
高見豪; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, IEICE2021年ソサイエティ大会, (Sep., 2021).
Sep. 2021

GIFT暗号を用いたソフトウェア閾値法の実装
伊藤千夏; 原祐子; 崎山一男; 李陽
Oral presentation, Japanese, IEICE2021年ソサイエティ大会, (Sep., 2021).
Sep. 2021

高位合成による軽量暗号ChaskeyのFPGA実装およびサイドチャネル攻撃耐性の評価
稲垣 沙耶; 楊 明宇; 李 陽; 崎山 一男; 原 祐子
Oral presentation, Japanese, ハードウェアセキュリティ研究会, VLD2020-79, HWS2020-54, pp.61-66, オンライン
Sep. 2021

［招待講演］Simple Electromagnetic Analysis Against Activation Functions of Deep Neural Networks (from AIHWS 2020)
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Oral presentation, Japanese, ISEC2021-9, p.34, (May, 2021)
May 2021

AES鍵スケジュールからの固定ビット数漏洩を用いた鍵復元アルゴリズムの性能評価
植村友紀; 渡邉洋平; 李陽; 三浦典之; 岩本貢; 崎山一男; 太田和夫
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム (SCIS2021)
Jan. 2021

サイドチャネル攻撃の並列実装におけるシステムノイズの評価: 遺伝的アルゴリズムとの比較
工藤黎; 菅原健; 崎山一男; 原祐子, 李陽
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム (SCIS2021)
Jan. 2021

Pushing the Limits of Simple Electromagnetic Analysis Against Similar Activation Functions
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム (SCIS2021)
Jan. 2021

NIST軽量暗号第2ラウンド候補のソフトウェア実装に向けた調査
日良僚太; 李陽; 原祐子; 崎山一男
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム (SCIS2021)
Jan. 2021

M&Mにより対策されたAES暗号ハードウェアに対するサイドチャネル攻撃
平田遼; 羽田野凌太; 李陽; 三浦典之; 崎山一男
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム (SCIS2021)
Jan. 2021

NIST軽量暗号の第2ラウンド候補の軽量実装に向けた分類と比較
日良僚太; 李陽; 原祐子; 崎山一男
Oral presentation, Japanese, IEICE2020年ソサイエティ大会, (Sep., 2020).
Sep. 2020

M&Mにより対策されたAESハードウェアの安全性評価について
平田遼; 羽田野凌太; 李陽; 三浦典之; Svetla Nikova; 崎山一男
Oral presentation, Japanese, IEICE2020年ソサイエティ大会, (Sep., 2020).
Sep. 2020

LEDの個体識別における温度変化の影響
土屋彩夏; 藤聡子; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, ICSS2019-72
Jul. 2020

順序回路への故障注入に起因した不均一な頻度分布を持つ誤り出力を用いた故障利用解析
岡本拓実; 藤本大介; 崎山一男; 李陽, 林優一
Oral presentation, Japanese, HWS2019-101
Mar. 2020

レーザー検知回路から漏洩するサイドチャネル情報の考察
羽田野凌太; 平田遼; 松田航平; 三浦典之; 李陽; 崎山一男
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム (SCIS2020)
Jan. 2020

AESへの5ラウンドの物理攻撃の可能性の考察
高見豪; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム (SCIS2020)
Jan. 2020

無線通信から収集した電磁波を用いたテンプレート攻撃研究
杉本悠馬; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム (SCIS2020)
Jan. 2020

FPGAを用いた秘匿アクセラレーションの実装評価
高木翼; 李陽; 崎山一男; 菅原健; 梨本翔永; 鈴木大輔
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム (SCIS2020)
Jan. 2020

調光機能のある LEDの個体識別
藤聡子; 土屋彩夏; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム (SCIS2020)
Jan. 2020

鍵のランダムな漏洩に対する AES 鍵スケジュール復元アルゴリズム
植村友紀; 李陽; 三浦典之; 岩本貢; 崎山一男; 太田和夫
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム (SCIS2020)
Jan. 2020

レーザーフォールト注入攻撃への対策が施されたAES暗号チップの脆弱性評価
羽田野凌太; 李陽; 多田捷; 松田航平; 三浦典之; 菅原健; 崎山一男
Oral presentation, Japanese, IEICE2019年ソサイエティ大会
Sep. 2019

積分球による光量の均一化に基づくLEDの個体識別
土屋彩夏; 藤聡子; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, IEICE2019年ソサイエティ大会
Sep. 2019

AESに対する5ラウンド攻撃の物理攻撃への応用検討
高見豪; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, IEICE2019年ソサイエティ大会
Sep. 2019

クロック操作によるTime-to-Time-to-Digital Converterへの情報改ざん攻撃
小沼竜也; 李陽, 菅原健
Oral presentation, Japanese, IEICE2019年ソサイエティ大会
Sep. 2019

AESの指定したラウンド間差分の平文探索アルゴリズムの改良
伊藤駿輔; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, IEICE2018年ソサイエティ大会
Sep. 2018

AES暗号への故障差分攻撃のモデル化と攻撃回数の評価
羽田野凌太; 庄司奈津; 李陽; 菅原健; 崎山一男
Oral presentation, Japanese, IEICE2018年ソサイエティ大会
Sep. 2018

様々な実験条件におけるジャイロセンサのセンサなりすまし攻撃に関する基礎的検討
西山優太; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, IEICE2018年ソサイエティ大会
Sep. 2018

分光器を用いたLEDの個体識別に向けた基礎的研究
藤聡子; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, IEICE2018年ソサイエティ大会
Sep. 2018

AESハードウェア実装の任意ラウンドにおける消費電力制御
カイ 云峰; 李 陽; 町田 卓謙; 崎山 一男
Oral presentation, Japanese, 2015年暗号と情報セキュリティシンポジウム (SCIS2015)
Jan. 2015

Single-Chip Implementation and Evaluation of Passive UHF RFID Tag with Hash-Based Mutual Authentication
李陽; 崎山一男
Oral presentation, English, Hot Channel Workshop 2014
Oct. 2014

RFIDシステムにおけるリレー攻撃対策
李陽; 三上修吾; 渡辺大; 太田和夫; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014
Oct. 2014

サイドチャネル認証に向けた基礎的考察
松原有沙; 李陽; 林優一; 崎山一男
Oral presentation, Japanese, ISEC2014
Jul. 2014

Toward Practical Solution to Unsuccessful Write Operation on Non-Volatile Memory of Passive RFID Tags
Yang Li; Kazuo Sakiyama
Poster presentation, English, Poster, ASIACCS2014
Jun. 2014

Single-Chip Implementation and Evaluation of A Privacy-Enhanced RFID Tag
李陽; 崎山一男
Oral presentation, English, Hot Channel Workshop 2014
Apr. 2014

RFIDシステムにおけるリレー攻撃対策
崎山一男; 李陽
Oral presentation, Japanese, Hot Channel Workshop 2014
Apr. 2014

Introduction to IAIK Demotag and Related Experiments on It
李陽; 崎山一男
Oral presentation, English, Hot Channel Workshop 2013
Nov. 2013

Toward Applications of SRAM Retention Time as Battery-Less Timer for RFID Tags
Yang Li; Toshiki Nakasone; Kazuo Sakiyama
Poster presentation, English, Poster IWSEC2013 (Nov., 2013)
Nov. 2013

AES暗号回路における信号遷移回数を用いたサイドチャネル情報に関する考察
松原有沙; 蒯云峰; 李陽; 中曽根俊貴; 太田和夫; 崎山一男
Oral presentation, Japanese, ISEC2013-45(研究会),電子情報通信学会
Jul. 2013

NU-FVAに基づく新たな鍵復元攻撃について
松原有沙; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2013
Apr. 2013

Toward Practically Secure and Flexible RFID Tags
李陽; 中曽根俊貴; 崎山一男
Oral presentation, English, Hot Channel Workshop 2013
Apr. 2013

Toward Flexible Privacy Protection for RFID Tags Using Privacy-Mode Switching
Yang Li; Hikaru Sakamoto; Iwamasa Nishikado; Takafumi Saito; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, IEICE2013年総合大会
Mar. 2013

システム上にあるSRAMの電荷保持時間とPUF特性を利用したDoS攻撃対策
CC-EMAとCEMAの攻撃性能の比較
Oral presentation, Japanese, IEICE2013年総合大会
Mar. 2013

クーポンコレクタ問題を利用したノイズに強い飽和フォールト攻撃
佐々木悠; 李陽; 阪本光; 崎山一男
Oral presentation, Japanese, IEICE2013年総合大会
Mar. 2013

故障混入時のAES暗号ハードウェアの脆弱性について
松原有沙; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, IEICE2013年総合大会
Mar. 2013

故障感度隠蔽のための効率的な対策とその評価
遠藤翔; 李陽; 本間尚文; 崎山一男; 藤本大介; 永田真; 太田和夫; 青木孝文
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013

Mechanism Analysis for Non-Uniform Mapping of Faulty S-box –Case Study of AES-COMP–
松原有沙; 李陽; 太田和夫; 崎山一男
Oral presentation, English, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013

CC-EMAとCEMAの攻撃性能の比較
中曽根俊貴; 李陽; 佐々木悠; 岩本貢; 太田和夫; 崎山一男
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013

Two Topics in Cryptographic Hardware: Coupon DFA and Secure RFID
崎山一男; 李陽
Oral presentation, English, Hot Channel Workshop 2012
Sep. 2012

Locality Randomization for EMA-Resistant AES Hardware
Toshiki Nakasone; Daisuke Nakatsu; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Triangle Symposium on Advanced ICT 2012 (TriSAI 2012)
Sep. 2012

Key Recovery with Less Power Traces Using DPA Contest Data
Yang Li; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama
Poster presentation, English, Poster Session, CHES2012
Sep. 2012

Sensitive-Data Dependency of Faulty Behavior and Its Application
李陽; 太田和夫; 崎山一男
Oral presentation, English, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012

クロック間衝突を利用した電磁波解析
中曽根俊貴; 中津大介; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012

IRドロップを利用した故障感度解析と高温環境下における影響
小池彩歌; 李陽; 中津大介; 太田和夫; 﨑山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012

テンプレートを利用した時系列電力解析
中津大介; 李陽; 太田和夫; 﨑山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012

[招待講演］マスク対策AESに対する誤り暗号文を用いた故障感度解析～CHES2011での発表のレビュー～
李陽; 太田和夫; 﨑山一男
Invited oral presentation, Japanese, ISEC2011-66,ISEC研究会
Dec. 2011

クロック間衝突を用いた楕円曲線暗号実装に対する故障感度解析
阪本光; 李陽; 太田和夫; 﨑山一男
Oral presentation, Japanese, ISEC2011-49
Nov. 2011

First Experimental Results of Correlation-Enhanced EMA Collision Attack
Toshiki Nakasone; Daisuke Nakatsu; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Poster Session, CHES2011
Sep. 2011

7 及び8 ラウンド既知鍵AES識別機の実装
高柳真如; 佐々木悠; 李陽; 太田和夫; 﨑山一男
Oral presentation, Japanese, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011

Self-Template Fault Sensitivity Analysis
李陽; 太田和夫; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011

楕円曲線暗号実装に対するFault Sensitivity Analysis
阪本光; 李陽; 太田和夫; 﨑山一男
Oral presentation, Japanese, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011

Effective Verification for Known-Key Distinguisher by Using Extended Differential Path
Naoyuki Takayanagi; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2010 (TriSAI’10)
Oct. 2010

回転操作が可能な視覚復号型秘密分散法の一般的構成法
岩本貢; 李陽; 崎山一男; 太田和夫
Oral presentation, Japanese, ISEC2010-49
Sep. 2010

New Non-Ideal Properties of AES-Based Permutations: Applications to ECHO and Grøstl
Yu Sasaki; Yang Li; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, The Second SHA-3 Candidate Conference
Aug. 2010

AES暗号実装へのフォールト解析攻撃における適用範囲の拡大と解析効率の向上
五味澤重友; 泉雅巳; 李陽; 高橋順子; 福永利徳; 佐々木 悠; 崎山 一男; 太田 和夫
Oral presentation, Japanese, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010

An Information Theoretic Perspective on the Differential Fault Analysis against AES
Yang Li; Shigeto Gomisawa; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010

DPA耐性のあるソフトウェア実装のための安全なCPU
中津大介; 李陽; 崎山一男; 太田和夫
Oral presentation, Japanese, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010

Visual Secret Sharing Schemes Allowing Arbitrary Rotation Angles of Shares
Yang Li; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI 2009)
Oct. 2009

Comparison of Masked S-boxes in Hardware Implementation
Daisuke Nakatsu; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI 2009)
Oct. 2009

A Novel Construction Method for Visual Secret Sharing Schemes Allowing Rotation of Shares
Yang Li; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, ISEC2009-5
May 2009

Visual Secret Sharing Schemes for Multiple Secret Images Allowing the 90-degree Rotation of Shares
Yang Li; Mengyu Zhu; Wang Lei; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, 2009 Symposium on Cryptography and Information Security (SCIS'09)
Jan. 2009

Exploring Leakage Characteristics and Attacks through Profiles of Screaming Channels
uki Matsukawa; Daiki Miyahara; Takeshi Sugawara; Kazuo Sakiyama; Yang Li
International Conference on Mobile Internet Security, Peer-reviewed

Screaming channelsの漏洩モデルの実験的検証
松川 侑生; 崎山 一男; 菅原 健; 李 陽

アルゴリズムとデータ構造およびプログラミング演習
The University of Electro-Communications

アルゴリズムとデータ構造およびプログラミング演習
電気通信大学

セキュリティ情報学実験
The University of Electro-Communications

Fundamental of Security
The University of Electro-Communications

セキュリティー基礎
電気通信大学

セキュリティ情報学実験
The University of Electro-Communications

セキュリティ情報学実験
電気通信大学

スケーラブルな物理セキュリティを可能にする近似計算の設計基盤と理論の構築
冨山 宏之; 佐藤 寿倫; 原 祐子; 李 陽; 請園 智玲; 三浦 典之; 崎山 一男
日本学術振興会, 科学研究費助成事業 基盤研究(A), 立命館大学, 基盤研究(A), スケーラブルな物理セキュリティを可能にする近似計算の設計基盤と理論の構築に向けて、(a)スケーラブルな物理セキュリティを可能にする近似演算回路の開発、(b)物理セキュリティ強度要求に応じたACマスキング回路の自動合成技術の開発、(c)スケーラブルな物理セキュリティに関する安全性指標の理論の構築について研究を実施した。 サブテーマ(a)に関しては、FPGAを対象とした32ビットの可変精度近似乗算器の開発、省電力なデータ転送のためのApproximate Encodingの評価、クロック由来のノイズを乗せることによるサイドチャネル耐性のある回路構成の提案などを行った。さらに、演算器の基本構成単位である半加算器の電源および電磁波サイドチャネル漏洩を低減するためのカスタム回路を設計し、回路シミュレーションにてその効果を評価した。 サブテーマ(b)に関しては、昨年度に引き続き、可変精度近似乗算器を利用するカスタムハードウェアの高位合成手法を開発した。また、AESや軽量暗号アルゴリズムChaskeyの専用ハードウェアを高位合成の最適化を利用してFPGA実装し、高位合成の最適化が電力解析攻撃への脆弱性に与える影響をより定量的に評価した。 サブテーマ(c)に関しては、NISTの認証付き暗号候補をソフトウェア実装し、入力データ長に対する処理性能（レイテンシ）を調査した。その中で、加算器を用いる候補に対して、マスキング手法を検討し、サイドチャネル攻撃耐性の評価環境を構築した。また、機械学習の1つであるGraph Neural Network（GNN）を用いて、プログラム記述からの情報漏洩を定量的に評価する手法を検討した。さらに、機械学習を用いて、ハードウェアセキュリティのデータセット（演算器等のIP）を大量に生成するフレームワークの構築を行った。, 20H00590
01 Apr. 2020 - 31 Mar. 2024

Security Evaluation of IoT Devices against Medium and Long-Range Side-Channel Attacks
李 陽
日本学術振興会, 科学研究費助成事業 若手研究, 電気通信大学, 若手研究, This year, we mainly had two achievements. First, we have constructed an experimental environment for the remote side-channel attack. We used the same attack target from the previous work named BLEnano. We are able to remotely observe and collect the radio signal, which is used for Bluetooth communication and contains side-channel leakage. Also, we successfully recovered the secret key using the collected radio signal. Second, we noticed the difference between Bluetooth-based signal and near-field electromagnetic radiation in their leakage models and proposed a new key recovery method to combine these two types of information leakage. The new method can reduce the number of accessing the attack target. The relevant result was published at SCIS 2022., 20K19798
01 Apr. 2020 - 31 Mar. 2024

Resilience Enhancement of IoT Ecosystem by Cryptographic Technologies
崎山 一男; 廣瀬 勝一; 李 陽; 宮原 大輝; 渡邉 洋平; 岩本 貢; 駒野 雄一; 菅原 健; 三浦 典之; 太田 和夫
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research Grant-in-Aid for Scientific Research (S), The University of Electro-Communications, Grant-in-Aid for Scientific Research (S), リーク耐性暗号、リーク鍵の蒸留、及びリーク検知技術の3つの研究テーマの実績は以下の通りである。得られた成果は国内会議、国際会議、及び論文誌で発表した。 1)リーク耐性暗号： IDベース暗号について、マスター鍵が漏洩する場合でも安全となる構成法を提案した。また、復号鍵の漏洩に耐性のある鍵失効機能付きIDベース暗号の効率化に成功した。さらに、秘密鍵の盗難や紛失時の鍵漏洩耐性や秘密鍵自体の分散管理について検討した。カードベース暗号について、新しい物理道具を用いる秘密計算プロトコルを提案した。暗号利用モードについては、Lesamnta-LWの性能向上と応用について提案した。情報漏洩の形式的モデルへのフィードバックについては、演算器やマイクロアーキテクチャを精査し、新たな漏洩源を発見するとともに対策法を提案した。 2)リーク鍵の蒸留：AES暗号の秘密鍵復元において、検査フェイズを新たに導入し、従来0%の復元成功確率であった解析を約40%に向上することができた。プロービング攻撃への対策であるマスク実装について、あるブール関数を用いることで効率化できることを発見した。また、SHA-256圧縮関数の代数的故障利用解析やMAC関数chop-MDの偽造攻撃について、効率的な解析手法を考案した。チーム三浦／岩本との連携では、リキー方式の安全性と実装性を再考し、攻撃検知後に漏洩リスク下にある部分鍵を更新する新たな方式を構築した。この方式を搭載したAES暗号処理回路を設計した。 3)リーク検知技術：KU Leuven大と共同で作製したM&M技術により対策されたAES暗号ハードウェアの安全性評価を完了した。さらに連携を深めることで、リーケージセンサとアルゴリズムレベルでの対策技術の協調設計手法に着手できた。リーケージセンサについては、物理的なダイレクトプロービング攻撃の検知感度を高めた新たな回路を開発した。, 18H05289
Jun. 2018 - Mar. 2023

Comprehensive study on anti-tamper techniques to prevent information leakage by laser fault injection attacks
Sakiyama Kazuo; VERBAUWHEDE Ingrid; DANGER Jean-Luc; BHASIN Shivam
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research, The University of Electro-Communications, Grant-in-Aid for Scientific Research (A), In this research, we have established fundamental countermeasure techniques against laser fault injection attacks, where an attacker intentionally induces soft errors in a cryptographic circuit to retrieve secret information. Specifically, we have conducted four research items; (1) construction of evaluation environment of laser fault injection attacks, (2) measurement of substrate potential fluctuation at laser irradiation and development of attack detection method, (3) development of countermeasure techniques for cryptographic-algorithm level based on detection, and (4) safety evaluation of countermeasure technology. We have deepened our understandings of the information leakage mechanism in the laser fault injection attack from physical and mathematical viewpoints and clarified the feasibility of countermeasure techniques using a prototype IC chip., 15H01688
01 Apr. 2015 - 31 Mar. 2019

General and Efficient Masking Strategy for Fixed Secret Value Against Side-Channel Attacks
01 Jan. 2018 - 31 Dec. 2018

大量ストリームデータのリアルタイム処理に向けた柔軟なアーキテクチャ探索と設計環境構築
原 祐子; 陽
科学技術振興機構, 戦略的な研究開発の推進 戦略的創造研究推進事業 ACT-I, 東京工業大学, Coinvestigator, 多様な組込み・IoTアプリケーションに利用可能な汎用・柔軟性、計算処理とエネルギーの高効率性という相反する技術課題を両立する、新たな超小型省エネルギープロセッサおよびその設計支援環境を開発します。ビッグデータ社会で絶え間なく生成されるストリームデータを、データセンタ等のクラウドを介さずにエッジ端末内でリアルタイム処理可能にすることで、新サービス創出と社会問題の解決に繋げます。
2016 - 2017

認証システム及び認証方法
Patent right, 﨑山一男, 李陽, 太田和夫, PCT/JP2015/52576, Date applied: 29 Jan. 2015

電源遮断時間判定装置及び無線タグ
Patent right, 﨑山一男, 李陽, 中曽根俊貴, 山本晃裕, 特願2013-038790, Date applied: 28 Feb. 2013