Kazuo SAKIYAMA
| Department of Informatics | Professor |
| Cluster II (Emerging Multi-interdisciplinary Engineering) | Professor |
| Info-Powered Energy System Research Center | Professor |
Researcher Information
Degree
Field Of Study
Career
- Apr. 2016
電気通信大学 大学院情報理工学研究科 情報学専攻, 教授 - Apr. 2013 - Mar. 2015
電気通信大学 大学院情報理工学研究科 総合情報学専攻, 教授 - Apr. 2010 - Mar. 2013
電気通信大学 大学院情報理工学研究科 総合情報学専攻, 准教授 - Apr. 2008 - Mar. 2010
University of Electro-Communications, Associate Professor - Jan. 2008 - Mar. 2008
Katholieke Universiteit Leuven, Post-doctoral researcher - Jan. 2005 - Dec. 2007
Katholieke Universiteit Leuven, Research Assistant - Apr. 1996 - Dec. 2004
Hitachi, Ltd. (Renesas Technology)
Educational Background
- Jan. 2005 - Dec. 2007
KU Leuven, Department of Electrical Engineering (Ph. D.) - Sep. 2001 - Jun. 2003
University of California, Los Angeles, Department of Electrical Engineering (M. Sc.) - Apr. 1994 - Mar. 1996
Osaka University, Graduate School of Engineering Science, 物理系電気工学分野(博士前期課程) - Apr. 1990 - Mar. 1994
Osaka University, School of Engineering Science, 電気工学科 - Apr. 1987 - Mar. 1990
兵庫県立川西北陵高等学校, 普通科
Research Activity Information
Award
- Dec. 2023
Exploring Leakage Characteristics and Attacks through Profiles of Screaming Channels
KIISC Best Paper Award, Yuki Matsukawa;Daiki Miyahara;Takeshi Sugawara;Kazuo Sakiyama;Yang Li - Dec. 2023
WICS2023@CANDAR
On the Practical Dependency of Fresh Randomness in AES S-box with Second-Order TI
Best Paper Award, Maki Tsukahara;Haruka Hirata;Mingyu Yang;Daiki Miyahara;Yang Li;Yuko Hara-Azumi;Kazuo Sakiyama - Sep. 2023
DICOMO2023
天秤ベース秘密計算に対する計算モデルの構築
優秀論文賞, 金子尚平;李陽;崎山一男;宮原大輝 - Dec. 2021
Asiahost 2021 Best Paper Award, Rei Kudo;Takeshi Sugawara;Kazuo Sakiyama;Yuko Hara-Azumi;Yang Li - Sep. 2021
電子情報通信学会 基礎・境界ソサイエティ
2021年暗号と情報セキュリティシンポジウム(SCIS2021)での実行委員長としての貢献
電子情報通信学会 功労賞
Japan society, Japan - Mar. 2020
電子情報通信学会, 2019年度に開催された総合大会及びソサイエティ大会で発表された2976件の中から、特に優秀な48件の発表に対して送られたものです。
星野翔,椎名瞭,松村竜我,崎山一男, "レーザー光を使った音情報の漏洩に対する安全性評価"
電子情報通信学会学術奨励賞(指導学生:星野翔の受賞)
International society - Mar. 2019
藤聡子, 菅原健, 崎山一男, “分光スペクトルを用いたLEDの個体識別に向けた電流変化の影響”
サイバーセキュリティシンポジウム道後2019学生研究賞(指導学生:藤聡子の受賞)
Japan society - Mar. 2019
電子情報通信学会, 2018年3月に開催された総合大会及び9月に開催されたソサイエティ大会で発表された3351件の中から、特に優秀な50件の発表に対して送られたものです。
羽田野 凌太, 庄司 奈津, 李 陽, 菅原 健, 崎山 一男, "AES暗号への故障差分攻撃のモデル化と攻撃回数の評価"
電子情報通信学会学術奨励賞(指導学生:羽田野凌太の受賞)
International society - Dec. 2018
古川和祈, 羽田野凌太
CODE BLUE CTF2018感謝状(指導学生:羽田野凌太の受賞)
International society - Sep. 2018
IWSEC Best Poster Award, Erina Tatsumi;Kazuo Sakiyama;Takeshi Sugawara
International society - Mar. 2018
庄司奈津, 菅原健, 岩本貢, 崎山一男, “ブロック暗号へのプロービング攻撃における鍵復元効率の正確な評価モデル”
サイバーセキュリティシンポジウム道後2018学生研究賞(指導学生:庄司奈津の受賞)
Japan society - Jan. 2018
XORモデルを用いたサイドチャネル認証(粕谷桃伽,石原遼,崎山一男)
SCIS論文賞(指導学生:粕谷桃伽の受賞)
Japan society - Sep. 2017
IWSEC Best Poster Award, Natsu Shoji;Ryuga Matsumura;Takeshi Sugawara;Kazuo Sakiyama
International society - Feb. 2017
Risa Yashiro, Takanori Machida, Mitsugu Iwamoto, and Kazuo Sakiyama, “Deep-Learning-Based Security Evaluation on Authentication Systems Using Arbiter PUF and Its Variants”
サイバーセキュリティシンポジウム道後2017学生研究賞(指導学生:八代理沙の受賞)
Japan society - May 2016
Kazuo Sakiyama, Momoka Kasuya, Takanori Machida, Arisa Matsubara, Yunfeng Kuai, Yu-Ichi Hayashi, Takaaki Mizuki, Noriyuki Miura, and Makoto Nagata, “Physical Authentication Using Side-Channel Information”
ICoICT2016 Best Presenter Award
International society - Oct. 2015
DE0-nanoを用いたサイドチャネル認証 藤井達哉,粕谷桃伽,町田卓謙,崎山一男
CSS2015 優秀デモンストレーション賞
Japan society - Jan. 2012
Self-Template Fault Sensitivity Analysis (李陽、太田和夫、﨑山一男)
SCIS論文賞(指導学生:李陽の受賞)
Japan society
Paper
- Hardware/Software Cooperative Design Against Power Side-Channel Attacks on IoT Devices
Mingyu Yang; Tanvir Ahmed; Saya Inagaki; Kazuo Sakiyama; Yang Li; Yuko Hara-Azumi
IEEE Internet of Things Journal, 2024
Scientific journal - All You Need Is Fault: Zero-Value Attacks on AES and a New λ-Detection M&M
Haruka Hirata; Daiki Miyahara; Victor Arribas; Yang Li; Noriyuki Miura; Svetla Nikova; Kazuo Sakiyama
IACR Transactions on Cryptographic Hardware and Embedded Systems, Universitatsbibliothek der Ruhr-Universitat Bochum, 2024, 1, 133-156, 04 Dec. 2023, Deploying cryptography on embedded systems requires security against physical attacks. At CHES 2019, M&M was proposed as a combined countermeasure applying masking against SCAs and information-theoretic MAC tags against FAs. In this paper, we show that one of the protected AES implementations in the M&M paper is vulnerable to a zero-value SIFA2-like attack. A practical attack is demonstrated on an ASIC board. We propose two versions of the attack: the first follows the SIFA approach to inject faults in the last round, while the second one is an extension of SIFA and FTA but applied to the first round with chosen plaintext. The two versions work at the byte level, but the latter version considerably improves the efficiency of the attack. Moreover, we show that this zero-value SIFA2 attack is specific to the AES tower-field decomposed S-box design. Hence, such attacks are applicable to any implementation featuring this AES S-box architecture.Then, we propose a countermeasure that prevents these attacks. We extend M&M with a fine-grained detection-based feature capable of detecting the zero-value glitch attacks. In this effort, we also solve the problem of a combined attack on the ciphertext output check of M&M scheme by using Kronecker’s delta function. We deploy the countermeasure on FPGA and verify its security against both fault and side-channel analysis with practical experiments.
Scientific journal - Fundamental Study for Acquiring Side-Channel Information Using Rolling Shutter Effect
Yuichiro Shimano; Daiki Miyahara; Kazuo Sakiyama
IEEJ Transactions on Electronics, Information and Systems, 01 Dec. 2023
Scientific journal - Power Side-channel Attack Resistant Circuit Designs of ARX Ciphers Using High-level Synthesis
Saya Inagaki; Mingyu Yang; Yang Li; Kazuo Sakiyama; Yuko Hara-Azumi
ACM Transactions on Embedded Computing Systems, Association for Computing Machinery (ACM), 22, 5, 1-17, 26 Sep. 2023, In the Internet of Things (IoT) era, edge devices have been considerably diversified and are often designed using high-level synthesis (HLS) for improved design productivity. However, HLS tools were originally developed in a security-unaware manner, resulting in vulnerabilities to power side-channel attacks (PSCAs), which are a serious threat to IoT systems. Currently, the impact and applicability of existing methods to PSCA-resistant designs using HLS are limited. In this article, we propose an effective HLS-based design method for PSCA-resistant ciphers implemented in hardware. In particular, we focus on lightweight block ciphers composed of addition/rotation/XOR (ARX)-based permutations to study the effects of the threshold implementation (which is one of the provably secure countermeasures against PSCAs) to the behavioral descriptions of ciphers along with the changes in HLS scheduling. The results obtained using Welch’s t-test demonstrate that our proposed method can successfully improve the resistance against PSCAs for all ARX-based ciphers used as benchmarks.
Scientific journal - Software Evaluation for Second Round Candidates in NIST Lightweight Cryptography
Ryota Hira; Tomoaki Kitahara; Daiki Miyahara; Yuko Hara-Azumi; Yang Li; Kazuo Sakiyama
Journal of Information Processing, Information Processing Society of Japan, 31, 205-219, 15 Mar. 2023, Peer-reviwed
Scientific journal - Power Side-channel Countermeasures for ARX Ciphers using High-level Synthesis
Saya Inagaki; Mingyu Yang; Yang Li; Kazuo Sakiyama; Yuko Hara-Azumi
Proceedings of the 2023 ACM/SIGDA International Symposium on Field Programmable Gate Arrays, ACM, 12 Feb. 2023
International conference proceedings - Optimized Software Implementations of Ascon, Grain-128AEAD, and TinyJambu on ARM Cortex-M
Tomoaki Kitahara; Ryota Hira; Yuko Hara-Azumi; Daiki Miyahara; Yang Li; Kazuo Sakiyama
International Symposium on Computing and Networking, CANDAR Workshops (CANDARW’22), IEEE, 316-322, Nov. 2022, Peer-reviwed
International conference proceedings, English - The Limits of SEMA on Distinguishing Similar Activation Functions of Embedded Deep Neural Networks
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Applied Sciences, MDPI AG, 12, 9, 4135-4135, 20 Apr. 2022, Artificial intelligence (AI) is progressing rapidly, and in this trend, edge AI has been researched intensively. However, much less work has been performed around the security of edge AI. Machine learning models are a mass of intellectual property, and an optimized network is very valuable. Trained machine learning models need to be black boxes as well because they may give away information about the training data to the outside world. As selecting the appropriate activation functions to enable fast training of accurate deep neural networks is an active area of research, it is important to conceal the information of the activation functions used in a neural network architecture as well. There has been research on the use of physical attacks such as the side-channel attack (SCA) in areas other than cryptography. The SCA is highly effective against edge artificial intelligence due to its property of the device computing close to the user. We studied a previously proposed method to retrieve the activation functions of a black box neural network implemented on an edge device by using simple electromagnetic analysis (SEMA) and improved the signal processing procedure for further noisy measurements. The SEMA attack identifies activation functions by directly observing distinctive electromagnetic (EM) traces that correspond to the operations in the activation function. This method requires few executions and inputs and also has little implementation dependency on the activation functions. We distinguished eight similar activation functions with EM measurements and examined the versatility and limits of this attack. In this work, the machine learning architecture is a multilayer perceptron, evaluated on an Arduino Uno.
Scientific journal - The Limits of Timing Analysis and SEMA on Distinguishing Similar Activation Functions of Embedded Deep Neural Networks
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Appl. Sci., 12, 4135, 1-20, 20 Apr. 2022, Peer-reviwed
Scientific journal, English - Mixture-Based 5-Round Physical Attack against AES: Attack Proposal and Noise Evaluation
Go Takami; Takeshi Sugawara; Kazuo Sakiyama; Yang Li
IEICE Trans. Fundam. Electron. Commun. Comput. Sci., E105-A, 3, 289-299, 01 Mar. 2022, Peer-reviwed
Scientific journal, English - Evaluation of Side-Channel Attack Resistance on LFI Detection Circuits
羽田野凌太; 平田 遼; 松田航平; 三浦典之; 李陽; 崎山一男
電子情報通信学会論文誌(A), J104-A, 5, 118-126, 01 May 2021, Peer-reviwed
Scientific journal, Japanese - Design and concept proof of an inductive impulse self-destructor in sense-and-react countermeasure against physical attacks
Sho Tada; Yuki Yamashita; Kohei Matsuda; Makoto Nagata; Kazuo Sakiyama; Noriyuki Miura
Japanese Journal of Applied Physics, IOP Publishing, 60, SB, SBBL01-SBBL01, 10 Feb. 2021, Abstract
This paper presents an inductive impulse self-destruction circuit utilized in a sense-and-react IC-level countermeasure against physical attacks on a cryptographic processor. Triggered upon an alarm signal assertion by an integrated attack sensor, the proposed circuit instantaneously generates >10 V high-voltage impulse to permanently destruct the cryptographic processor for enhancing tamper resiliency. A compact design with only a single on-chip inductor and a transistor significantly saves the hardware overhead. The inductor accumulates large electric energy in its magnetic field and the switch transistor suddenly opens the accumulated energy to boost the impulse voltage in an inertial manner. Since the inductor is drawn over the cryptographic core by existing on-chip IC interconnections, no extra area for the inductor and no any optional IC process steps are needed. This fully standard CMOS compatible, complete circuit solution, results in no fabrication cost penalty. A prototype implemented in both discrete components and a 0.18 μm standard CMOS process successfully demonstrated the-proof-of-concept.
Scientific journal - A Key Recovery Algorithm Using Random Key Leakage from AES Key Schedule
Tomoki Uemura; Yohei Watanabe; Yang Li; Noriyuki Miura; Iwamoto Mitsugu; Kazuo Sakiyama; Kazuo Ohta
The International Symposium on Information Theory and Its Applications, (ISITA’20), IEEE, 382-386, Oct. 2020, Peer-reviwed
International conference proceedings, English - An Optimized Implementation of AES-GCM for FPGA Acceleration Using High-Level Synthesis
Tsubasa Takaki; Yang Li; Kazuo Sakiyama; Shoei Nashimoto; Daisuke Suzuki; Takeshi Sugawara
Global Conference on Consumer Electronics (GCCE’20), 176-180, Oct. 2020, Peer-reviwed
International conference proceedings, English - Low-Memory Implementation of Authenticated Encryption Algorithm SAEAES on ARM Cortex-M0 Microcontroller
Marika Yabu; Kazuo Sakiyama; Takeshi Sugawara
Global Conference on Consumer Electronics (GCCE’20), 181-185, Oct. 2020, Peer-reviwed
International conference proceedings, English - Simple Electromagnetic Analysis Against Activation Functions of Deep Neural Networks
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yang Li
Artificial Intelligence in Hardware Security (AIHWS’20), Springer-Verlag, LNCS, 12418, 181-197, Oct. 2020, Peer-reviwed
International conference proceedings, English - Flush Code Eraser: Fast Attack Response Invalidating Cryptographic Sensitive Data
Kazuo Sakiyama; Tatsuya Fujii; Kohei Matsuda; Noriyuki Miura
IEEE Embedded Systems Letters, 12, 2, 37-40, Jun. 2020, Peer-reviwed
Scientific journal, English - An IC-level countermeasure against laser fault injection attack by information leakage sensing based on laser-induced opto-electric bulk current density
Kohei Matsuda; Sho Tada; Makoto Nagata; Yuichi Komano; Yang Li; Takeshi Sugawara; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama; Noriyuki Miura
Japanese Journal of Applied Physics, IOP Publishing, 59, SG, SGGL02-SGGL02, 01 Apr. 2020, Peer-reviwed, Abstract
Laser fault injection (LFI) attacks on cryptographic processor ICs are a critical threat to information systems. This paper proposes an IC-level integrated countermeasure employing an information leakage sensor against an LFI attack. Distributed bulk current sensors monitor abnormal bulk current density caused by laser irradiation for LFI. Time-interleaved sensor operation and sensitivity tuning can obtain partial secret key leakage bit information with small layout area penalty. Based on the leakage information, the secret key can be securely updated to realize high-availability resilient systems. The test chip was designed and fabricated in a 0.18 μm standard CMOS, integrating a 128-bit advanced encryption standard cryptographic processor with the proposed information leakage sensor. This evaluation successfully demonstrated bulk current density and leakage bit monitoring.
Scientific journal - Deep Learning Attack against Large n-XOR PUFs on 180nm Silicon Chips
Risa Yashiro; Yohei Hori; Toshihiro Katashita; Kazuo Sakiyama
RISP International Workshop on Nonlinear Circuits, Communications and Signal Processing (NCSP’20), 598-601, Mar. 2020, Peer-reviwed
International conference proceedings, English - Countermeasure Against Deep Learning-Based Cloning Attack on Arbiter PUF by Using Intentional Errors
八代理紗; 堀洋平; 片下敏宏; 崎山一男
情報処理学会論文誌, 1871-1880, 2020, Peer-reviwed
Scientific journal, English - Validating the DFA Attack Resistance of AES (Short Paper)
Hakuei Sugimoto; Ryota Hatano; Natsu Shoji; Kazuo Sakiyama
International Symposium on Foundations & Practice of Security (FPS’19), IEEE, LNCS12056, 371-378, Nov. 2019, Peer-reviwed
International conference proceedings, English - A Deep Learning Attack Countermeasure with Intentional Noise for a PUF-based Authentication Scheme
Risa Yashiro; Yohei Hori; Toshihiro Katashita; Kazuo Sakiyama
International Conference on Security for Information Technology and Communications (SecITC’19), IEEE, LNCS, 12001, 78-94, Nov. 2019, Peer-reviwed
International conference proceedings, English - Side-Channel Leakage of Alarm Signal for a Bulk-Current-Based Laser Sensor
Yang Li; Ryota Hatano; Sho Tada; Kohei Matsuda; Noriyuki Miura; Takeshi Sugawara; Kazuo Sakiyama
International Conference on Information Security and Cryptology (Inscrypt’19), LNCS12020, 346-361, Nov. 2019, Peer-reviwed
International conference proceedings, English - An Information Leakage Sensor Based on Measurement of Laser-Induced Opto-Electric Bulk Current Density
Kohei Matsuda; Sho Tada; Makoto Nagata; Yang Li; Takeshi Sugawara; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama; Noriyuki Miura
International Conference on Solid State Devices and Materials (SSDM’19), IEEE, 501-502, Sep. 2019, Peer-reviwed
International conference proceedings, English - Side-channel leakage from sensor-based countermeasures against fault injection attack
Takeshi Sugawara; Natsu Shoji; Kazuo Sakiyama; Kohei Matsuda; Noriyuki Miura; Makoto Nagata
Microelectronics Journal, Elsevier BV, 90, 63-71, Aug. 2019, Peer-reviwed
Scientific journal, English - Oscillator without a Combinatorial Loop and its Threat to FPGA in Data Center
Takeshi Sugawara; Kazuo Sakiyama; Shoei Nashimoto; Daisuke Suzuki; Tomoyuki Nagatsuka
IET Electronics Letters, Institution of Engineering and Technology (IET), 55, 11, 640-642, 2019, Peer-reviwed
Scientific journal, English - A 286 F2/Cell Distributed Bulk-Current Sensor and Secure Flush Code Eraser against Laser Fault Injection Attack on Cryptographic Processor
Kohei Matsuda; Tatsuya Fujii; Natsu Shoji; Takeshi Sugawara; Kazuo Sakiyama; Yu-ichi Hayashi; Makoto Nagata; Noriyuki Miura
IEEE Journal of Solid-State Circuits, IEEE, 53, 11, 3174-3182, Nov. 2018, Peer-reviwed
Scientific journal, English - Recovering Memory Access Sequence with Differential Flush+Reload Attack
Zhiwei Yuan; Yang Li; Kazuo Sakiyama; Takeshi Sugawara; Jian Wang
International Conference on Information Security Practice and Experience (ISPEC’18), Springer-Verlag, 424-439, Sep. 2018, Peer-reviwed
International conference proceedings, English - A Secure LiDAR with Side-channel Fingerprinting
Ryuga Matsumura; Takeshi Sugawara; Kazuo Sakiyama
International Symposium on Computing and Networking, CANDAR Workshops (CANDARW’18), IEEE, 479-482, Aug. 2018, Peer-reviwed
International conference proceedings, English - Sensor CON-Fusion: Defeating Kalman Filter in Signal Injection Attack
Shoei Nashimoto; Daisuke Suzuki; Takeshi Sugawara; Kazuo Sakiyama
The 13th ACM ASIA Conference on Information, Computer and Communications Security (ACM ASIACCS 2018), 511-524, Jun. 2018, Peer-reviwed
International conference proceedings, English - A 286F2/cell distributed bulk-current sensor and secure flush code eraser against laser fault injection attack
Kohei Matsuda; Tatsuya Fujii; Natsu Shoji; Takeshi Sugawara; Kazuo Sakiyama; Yu-Ichi Hayashi; Makoto Nagata; Noriyuki Miura
Digest of Technical Papers - IEEE International Solid-State Circuits Conference, Institute of Electrical and Electronics Engineers Inc., 61, #21.5, 352-354, 08 Mar. 2018, Peer-reviwed, A sense-and-react closed-loop countermeasure is proposed against Laser Fault Injection (LFI) attack on a cryptographic processor core. A 286F2/cell distributed bulk-current sensor detects laser injection by abnormal current conduction at bulk contacts. Upon the detection, a flush code eraser avoids exposure of laser-induced faulty ciphertext by shunting the core supply instantaneously at ns order. A protected AES core in 0.18μσι CMOS successfully disables the LFI attack with only +28% area penalty.
International conference proceedings, English - Analysis of Mixed PUF-TRNG Circuit Based on SR-Latches in FD-SOI Technology
Jean-Luc Danger; Risa Yashiro; Tarik Graba; Sylvain Guilley; Yves Mathieu; Noriyuki Miura; Abdelmalek Si-Merabet; Kazuo Sakiyama; Makoto Nagata
Euromicro Conference on Digita System Design(DSD'18), IEEE, 508-515, 2018, Peer-reviwed
International conference proceedings, English - Q-class authentication system for double arbiter PUF
Risa Yashiro; Takeshi Sugawara; Mitsugu Iwamoto; Kazuo Sakiyama
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Institute of Electronics, Information and Communication, Engineers, IEICE, E101A, 1, 129-137, 01 Jan. 2018, Peer-reviwed, Physically Unclonable Function (PUF) is a cryptographic primitive that is based on physical property of each entity or Integrated Circuit (IC) chip. It is expected that PUF be used in security applications such as ID generation and authentication. Some responses from PUF are unreliable, and they are usually discarded. In this paper, we propose a new PUF-based authentication system that exploits information of unreliable responses. In the proposed method, each response is categorized into multiple classes by its unreliability evaluated by feeding the same challenges several times. This authentication system is named Q-class authentication, where Q is the number of classes. We perform experiments assuming a challenge-response authentication system with a certain threshold of errors. Considering 4-class separation for 4-1 Double Arbiter PUF, it is figured out that the advantage of a legitimate prover against a clone is improved form 24% to 36% in terms of success rate. In other words, it is possible to improve the tolerance of machine-learning attack by using unreliable information that was previously regarded disadvantageous to authentication systems.
International conference proceedings, English - Exploiting Bitfip Detector for Non-Invasive Probing and its Application to Ineffective Fault Analysis
Takeshi Sugawara; Natsu Shoji; Kazuo Sakiyama; Kohei Matsuda; Noriyuki Miura; Makoto Nagata
Workshop on Fault Diagnosis and Tolerance in Cryptography(FDTC'17), IEEE, IEEE, 49-56, Sep. 2017, Peer-reviwed
International conference proceedings, English - Improved EM Side-Channel Authentication Using Profile-Based XOR Model
Momoka Kasuya; Kazuo Sakiyama
International Workshop on Information Security Applications(WISA'2017), LNCS 10763, Springer-Verlag, 173-183, Aug. 2017, Peer-reviwed
International conference proceedings, English - Efficient Software Implementation of Modular Multiplication in Prime Fields on TI's DSP TMS320C6678
Eito Miyamoto; Takeshi Sugawara; Kazuo Sakiyama
International Workshop on Information Security Applications(WISA'2017), LNCS 10763, Springer-Verlag, 261-273, Aug. 2017, Peer-reviwed
International conference proceedings, English - Protecting cryptographic integrated circuits with side-channel information
Makoto Nagata; Daisuke Fujimoto; Noriyuki Miura; Naofumi Homma; Yu-ichi Hayashi; Kazuo Sakiyama
IEICE ELECTRONICS EXPRESS, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, 14, 2, 20162005, Jan. 2017, Peer-reviwed, Side-channel attacks have emerged as the nondestructive threats of security vulnerability in cryptographic hardware. This paper provides an overview of the protection techniques with counter ways of utilizing sidechannel information leakage for combatting side-channel attacks as well as securing the authenticity of devices against counterfeits or even falsification.
Scientific journal, English - Protecting cryptographic integrated circuits with side-channel information
Makoto Nagata; Daisuke Fujimoto; Noriyuki Miura; Naofumi Homma; Yu-ichi Hayashi; Kazuo Sakiyama
IEICE ELECTRONICS EXPRESS, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, 14, 2, 1-13, Jan. 2017, Peer-reviwed, Side-channel attacks have emerged as the nondestructive threats of security vulnerability in cryptographic hardware. This paper provides an overview of the protection techniques with counter ways of utilizing sidechannel information leakage for combatting side-channel attacks as well as securing the authenticity of devices against counterfeits or even falsification.
Scientific journal, English - A Performance Evaluation of Cryptographic Algorithms on FPGA and ASIC on RFID Design Flow
Shugo Mikami; Dai Watanabe; Kazuo Sakiyama
2016 4TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY (ICOICT), IEEE, 1-6, 2016, Peer-reviwed, Radio Frequency Identification (RFID) has been widely used in many areas, but security issues still remain. To overcome these issues, RFID authentication protocols based on cryptographic algorithms have been developed. These protocols require implementing cryptographic components on the tag. In this paper, we focus on the lightweight stream ciphers and the lightweight hash functions that are vastly used for the authentication protocols. We implement and evaluate hardware performance of these algorithms on FPGA. Then, we discuss the practicality of FPGA on the design flow of RFID by comparing FPGA and ASIC implementation results of the tag.
International conference proceedings, English - Physical Authentication Using Side-Channel Information
Kazuo Sakiyama; Momoka Kasuya; Takanori Machida; Arisa Matsubara; Yunfeng Kuai; Yu-ichi Hayashi; Takaaki Mizuki; Noriyuki Miura; Makoto Nagata
2016 4TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY (ICOICT), IEEE, 1-6, 2016, Peer-reviwed, Authentication based on cryptographic protocols is a key technology for recent security systems. This paper proposes a new authentication method that utilizes the side channel that already exists in many authentication systems. Side-channel analysis has been studied intensively from the attacker viewpoint and is best known for key-recovery attacks against cryptographic implementations using physical information. In this paper, reversing the traditional thought, we propose to use the key-dependent side-channel information constructively to enhance, or as an alternate to, existing cryptographic protocols. Using Advanced Encryption Standard (AES)-based authentication as an example, we demonstrate, based on experiments using an Field Programmable Gate Array (FPGA), that the side-channel information leaked from cryptographic devices is sufficiently unique for authentication.
International conference proceedings, English - Circuit-Level Information Leakage Prevention for Fault Detection
Kazuo Sakiyama; Rcina Yagasaki; Takanori Machida; Tatsuya Fujii; Noriyuki Miura; Yu-ichi Hayashi
2016 URSI ASIA-PACIFIC RADIO SCIENCE CONFERENCE (URSI AP-RASC), IEEE, 1271-1274, 2016, Peer-reviwed, The security of cryptographic devices is gaining significance, of late, owing to their important role in ensuring information security in the internet of things (IoT). Amongst various implementation attacks, the laser and electromagnetic (EM) fault-based attacks are considered the most powerful because of their control over the injection timing and position. This paper discusses a practical countermeasure against fault attacks, focusing on a secure measure to prevent information leakage, in particular, after a fault is detected. Preliminary experiments using a field programmable gate array (FPGA) hoard show that cutting off the power supply (VDD) could be an effective countermeasure for preventing information leakage from cryptographic devices under the fault attacks.
International conference proceedings, English - New Metric for Side-Channel Information Leakage: Case Study on KM Radiation from AES Hardware
Momoka Kasuya; Takanori Machida; Kazuo Sakiyama
2016 URSI ASIA-PACIFIC RADIO SCIENCE CONFERENCE (URSI AP-RASC), IEEE, 1288-1291, 2016, Peer-reviwed, Research into electromagnetic (EM) security emerged with the advent and development of information communication technology. In general, information leakage is of great concern, and of particular concern is the information leaked via EM radiation from cryptographic hardware (also known as EM side-channel information). We simulated this form of information leakage in order to perform a quantitative evaluation of the problem. The proposed metric, the information leakage rate, enables us to compare the quality of a measurement system for EM side-channel information, which helps to advance a fair discussion of EM security.
International conference proceedings, English - Deep-Learning-Based Security Evaluation on Authentication Systems Using Arbiter PUF and Its Variants
Risa Yashiro; Takanori Machida; Mitsugu Iwamoto; Kazuo Sakiyama
ADVANCES IN INFORMATION AND COMPUTER SECURITY, IWSEC 2016, SPRINGER INT PUBLISHING AG, 9836, Springer-Verlag, 267-285, 2016, Peer-reviwed, Fake integrated circuit (IC) chips are in circulation on the market, which is considered a serious threat in the era of the Internet of Things (IoTs). A physically unclonable function (PUF) is expected to be a fundamental technique to separate the fake IC chips from genuine ones. Recently, the arbiter PUF (APUF) and its variants are intensively researched aiming at using for a secure authentication system. However, vulnerability of APUFs against machine-learning attacks was reported. Upon the situation, the double arbiter PUF (DAPUF), which has a tolerance against support vector machine (SVM)-based machine-learning attacks, was proposed as another variant of APUF in 2014. In this paper, we perform a security evaluation for authentication systems using APUF and its variants against Deep-learning (DL)-based attacks. DL has attracted attention as a machine-learning method that produces better results than SVM in various research fields. Based on the experimental results, we show that these DAPUFs could be used as a core primitive in a secure authentication system if setting an appropriate threshold to distinguish a legitimate IC tags from fake ones.
International conference proceedings, English - On-Chip Substrate-Bounce Monitoring for Laser-Fault Countermeasure
Kohei Matsuda; Noriyuki Miura; Makoto Nagata; Yu-ichi Hayashi; Tatsuya Fujii; Kazuo Sakiyama
PROCEEDINGS OF THE 2016 IEEE ASIAN HARDWARE ORIENTED SECURITY AND TRUST SYMPOSIUM (ASIANHOST 2016), IEEE, IEEE, 1-6, 2016, Peer-reviwed, This paper presents a reactive sensor-based IC countermeasure against a laser-fault injection attack on a cryptographic processor. IC substrate potential bounce due to laser injection is in-situ monitored by distributed 1bit compact comparators to raise the alarm against the attack. Since the laser power to induce fault is very high, the associated substrate bounce is large and wide-spread over a broad chip area. The efficient attack detection is thus possible with small hardware overhead. To further squeeze the overhead, an optimal sensor design methodology is proposed. An in-situ precise measurement of the bounce by utilizing an on-chip monitor successfully pre-characterizes the magnitude of the critical substrate bounce causing fault injection. The sensor sensitivity, position, and pitch could be optimized accordingly. A test chip is designed and fabricated in 0.18 mu m CMOS to evaluate the efficiency and validity of the proposed countermeasure.
International conference proceedings, English - Advanced fault analysis techniques on AES
Kazuo Sakiyama; Takanori Machida; Arisa Matsubara
IEEE International Symposium on Electromagnetic Compatibility, Institute of Electrical and Electronics Engineers Inc., 2015-, 230-234, 10 Sep. 2015, Peer-reviwed, Fault analysis research on symmetric-key cipher has been intensively discussed since differential fault analysis (DFA) was proposed in 1997. Output masking for wrong ciphertexts was believed to be the most effective countermeasure of the DFA attacks. However, fault sensitive analysis (FSA), proposed in 2010, can bypass the output-masking countermeasure. Both DFA and FSA require a strict fault injection control with the same plaintext, which is often difficul to realize under a circumstance where faults are randomly injected, e.g., in the case of electromagnetic (EM) fault injections. Although it requires the distribution of faulty ciphertexts, an extended fault analysis technique called NU-FVA, proposed in 2013, can avoid the hardness of the fault injection control. This article reviews the previous fault attacks and discusses their merits and demerits especially focusing on the power of the NU-FVA attack.
International conference proceedings, English - A new method for enhancing variety and maintaining reliability of PUF responses and its evaluation on ASICs Journal of Cryptographic Engineering
Dai Yamamoto; Kazuo Sakiyama; Mitsugu Iwamoto; Kazuo Ohta; Masahiko Takenaka; Kouichi Itoh; Naoya Torii
J. Cryptographic Engineering, 5, 3, 187-199, Sep. 2015, Peer-reviwed
Scientific journal, English - Implementation of Double Arbiter PUF and Its Performance Evaluation on FPGA
Takanori Machida; Dai Yamamoto; Mitsugu Iwamoto; Kazuo Sakiyama
2015 20TH ASIA AND SOUTH PACIFIC DESIGN AUTOMATION CONFERENCE (ASP-DAC), IEEE, 6-9, 2015, Peer-reviwed, Low uniqueness and vulnerability to machine-learning attacks are known as two major problems of Arbiter-Based Physically Unclonable Function (APUF) implemented on FPGAs. In this paper, we implement Double APUF (DAPUF) that duplicates the original APUF in order to overcome the problems. From the experimental results on Xilinx Virtex-5, we show that the uniqueness of DAPUF becomes almost ideal, and the prediction rate of the machine-learning attack decreases from 86% to 57%.
International conference proceedings, English - Advanced Fault Analysis Techniques on AES
Kazuo Sakiyama; Takanori Machida; Arisa Matsubara
2015 IEEE INTERNATIONAL SYMPOSIUM ON ELECTROMAGNETIC COMPATIBILITY (EMC), IEEE, 230-234, 2015, Peer-reviwed, Fault analysis research on symmetric-key cipher has been intensively discussed since differential fault analysis (DFA) was proposed in 1997. Output masking for wrong cipher-texts was believed to be the most effective countermeasure of the DFA attacks. However, fault sensitive analysis (FSA), proposed in 2010, can bypass the output-masking countermeasure. Both DFA and FSA require a strict fault injection control with the same plaintext, which is often difficul to realize under a circumstance where faults are randomly injected, e.g., in the case of electromagnetic (EM) fault injections. Although it requires the distribution of faulty ciphertexts, an extended fault analysis technique called NU-FVA, proposed in 2013, can avoid the hardness of the fault injection control. This article reviews the previous fault attacks and discusses their merits and demerits especially focusing on the power of the NU-FVA attack.
International conference proceedings, English - Artifact-Metric-Based Authentication for Bottles of Wine (Short Paper)
Reina Yagasaki; Kazuo Sakiyama
ADVANCES IN INFORMATION AND COMPUTER SECURITY (IWSEC 2015), SPRINGER-VERLAG BERLIN, 9241, Springer-Verlag, 335-344, 2015, Peer-reviwed, The authentication system is an effective measure in avoiding counterfeit products. In order to enhance the security and to reduce the cost, artifact-metrics authentication is expected to replace the existing cryptography-based authentication system since it utilizes the intrinsic individual differences of products. In this paper, we propose a new artifact-metric-based individual authentication system that authenticates bottles of wine. The proposed system takes the light pattern of a light emitting diode transmitted through a bottle of wine as an image, and uses it as a fingerprint. Based on experimental results, we show that the system distinguishes different bottles of wine correctly, and that the authentication is sufficiently tolerant to dirt and flaws on the surface of the bottle.
International conference proceedings, English - A New Arbiter PUF for Enhancing Unpredictability on FPGA
Takanori Machida; Dai Yamamoto; Mitsugu Iwamoto; Kazuo Sakiyama
Scientific World Journal, Hindawi Publishing Corporation, 2015, Article ID 864812, 13 pages, 2015, Peer-reviwed, In general, conventional Arbiter-based Physically Unclonable Functions (PUFs) generate responses with low unpredictability. The N-XOR Arbiter PUF, proposed in 2007, is a well-known technique for improving this unpredictability. In this paper, we propose a novel design for Arbiter PUF, called Double Arbiter PUF, to enhance the unpredictability on field programmable gate arrays (FPGAs), and we compare our design to conventional N-XOR Arbiter PUFs. One metric for judging the unpredictability of responses is to measure their tolerance to machine-learning attacks. Although our previous work showed the superiority of Double Arbiter PUFs regarding unpredictability, its details were not clarified. We evaluate the dependency on the number of training samples for machine learning, and we discuss the reason why Double Arbiter PUFs are more tolerant than the N-XOR Arbiter PUFs by evaluating intrachip variation. Further, the conventional Arbiter PUFs and proposed Double Arbiter PUFs are evaluated according to other metrics, namely, their uniqueness, randomness, and steadiness. We demonstrate that 3-1 Double Arbiter PUF archives the best performance overall.
Scientific journal, English - Fully integrated passive UHF RFID tag for hash-based mutual authentication protocol
Shugo Mikami; Dai Watanabe; Yang Li; Kazuo Sakiyama
Scientific World Journal, Hindawi Publishing Corporation, 2015, Article ID 498610, 11 pages, 2015, Peer-reviwed, Passive radio-frequency identification (RFID) tag has been used in many applications. While the RFID market is expected to grow, concerns about security and privacy of the RFID tag should be overcome for the future use. To overcome these issues, privacy-preserving authentication protocols based on cryptographic algorithms have been designed. However, to the best of our knowledge, evaluation of the whole tag, which includes an antenna, an analog front end, and a digital processing block, that runs authentication protocols has not been studied. In this paper, we present an implementation and evaluation of a fully integrated passive UHF RFID tag that runs a privacy-preserving mutual authentication protocol based on a hash function. We design a single chip including the analog front end and the digital processing block. We select a lightweight hash function supporting 80-bit security strength and a standard hash function supporting 128-bit security strength. We show that when the lightweight hash function is used, the tag completes the protocol with a reader-tag distance of 10 cm. Similarly, when the standard hash function is used, the tag completes the protocol with the distance of 8.5 cm. We discuss the impact of the peak power consumption of the tag on the distance of the tag due to the hash function.
Scientific journal, English - New Side-Channel Analysis Using Clockwise Collision Leakage Model and Weak Keys on Parallelized AES Hardware
Toshiki Nakasone; Yang Li; Kazuo Ohta; Kazuo Sakiyama
電子情報通信学会論文誌(A), J97-A, 11, 695-703, Nov. 2014, Peer-reviwed
Scientific journal, Japanese - Software and hardware co-verification for privacy-enhanced passive UHF RFID tag
Yang Li; Toshiki Naksone; Kazuo Sakiyama
IEEE International Symposium on Electromagnetic Compatibility, Institute of Electrical and Electronics Engineers Inc., 2014-, September, 752-757, 15 Sep. 2014, Peer-reviwed, RFID system is one of the most important components for the construction of the Internet of Things. The wireless communication between the tag reader and the RFID tag is based on electromagnetic radiation, which is fully accessible by adversaries and brings the security and privacy problems. The RFID-based applications that are related to personal information urgently require the practical solution to the privacy protection. This work introduces a software and hardware combined functionality verification for a privacy-preserving RFID design. The target RFID design is the digital part of a passive UHF RFID tag with hash-based mutual authentication protocol and privacy-mode switch. We introduce the setup, the procedures and the results of the performed simulation-based and FPGA-based functionality verification. Finally, we explain the benefits and limitations of the performed experiments.
International conference proceedings, English - A Silicon-level Countermeasure against Fault Sensitivity Analysis and Its Evaluation
Sho Endo; Yang Li; Naofumi Homma; Kazuo Sakiyama; Kazuo Ohta; Daisuke Fujimoto; Makoto Nagata; Toshihiro Katashita; Jean-Luc Danger; Takafumi Aoki
IEEE Trans. Very Large Scale Integr. (VLSI) Syst., IEEE Trans., 23, 8, 1429-1438, Aug. 2014, Peer-reviwed
Scientific journal, English - Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest
Christophe Clavier; Jean-Luc Danger; Guillaume Duc; M. Abdelaziz; Elaabid; Benoît Gérard; Sylvain Guilley; Annelie Heuser; Michael Kasper; Yang Li; Victor Lomné; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama; Laurent Sauvage; Werner Schindler; Marc Stöttinger; Nicolas Veyrat-Charvillon; Matthieu Walle; Antoine Wurcker
J. Cryptographic Engineering, 4, 1, 1-16, Apr. 2014, Peer-reviwed
Scientific journal, English - Power Noise Measurements of Cryptographic VLSI Circuits Regarding Side-Channel Information Leakage
Daisuke Fujimoto; Noriyuki Miura; Makoto Nagata; Yuichi Hayashi; Naofumi Homma; Takafumi Aoki; Yohei Hori; Toshihiro Katashita; Kazuo Sakiyama; Thanh-Ho Le; Julien Bringer; Pirouz Bazargan-Sabet; Shivam Bhasin; Jean-Luc Danger
IEICE TRANSACTIONS ON ELECTRONICS, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E97C, 4, 272-279, Apr. 2014, Peer-reviwed, Power supply noise waveforms within cryptographic VLSI circuits in a 65 Jun CMOS technology are captured by using an on-chip voltage waveform monitor (OCM). The waveforms exhibit the correlation of dynamic voltage drops to internal logical activities during Advance Encryption Standard (AES) processing, and causes side-channel information leakage regarding to secret key bytes. Correlation Power Analysis (CPA) is the method of an attack extracting such information leakage from the waveforms. The frequency components of power supply noise contributing the leakage are shown to be localized in an extremely low frequency region. The level of information leakage is strongly associated with the size of increment of dynamic voltage drops against the Hamming distance in the AES processing. The time window of significant importance where the leakage most likely happens is clearly designated within a single clock cycle in the final stage of AES processing. The on-chip power supply noise measurements unveil the facts about side-channel information leakage behind the traditional CPA with on-board sensing of power supply current through a resistor of 1 ohm.
Scientific journal, English - Practical improvements of side-channel attacks on AES: feedback from the 2nd DPA contest
Christophe Clavier; Jean-Luc Danger; Guillaume Duc; M. Abdelaziz Elaabid; Benoît Gérard; Sylvain Guilley; Annelie Heuser; Michael Kasper; Yang Li; Victor Lomné; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama; Laurent Sauvage; Werner Schindler; Marc Stöttinger; Nicolas Veyrat-Charvillon; Matthieu Walle; Antoine Wurcker
Journal of Cryptographic Engineering, Springer Verlag, 4, 4, 259-274, 2014, Peer-reviwed, Side-channel analyses constitute a major threat for embedded devices, because they allow an attacker to recover secret keys without the device being aware of the sensitive information theft. They have been proved to be efficient in practice on many deployed cryptosystems. Even during the standardization process for the AES, many scientists have raised the attention on the potential vulnerabilities against implementation-level attacks Chari et al. (A Cautionary Note Regarding Evaluation of AES Candidates on Smart-cards, 133–147, 1999). The evaluation of devices against side-channel attacks is now common practice, especially in ITSEFs. This procedure has even been formalized recently Standaert et al. (EUROCRYPT LNCS 5479:443–461, 2009). The framework suggests to estimate the leakage via an information theoretic metric, and the performance of real attacks thanks to either the success rates or the guessing entropy metrics. The DPA contests are a series of international challenges that allow researchers to improve existing side-channel attacks or develop new ones and compare their effectiveness on several reference sets of power consumption traces using a common methodology. In this article, we focus on the second edition of this contest, which targeted a FPGA-based implementation of AES. This article has been written jointly with several of the participants who describe their tactics used in their attacks and their improvements beyond the state of the art. In particular, this feedback puts to the fore some considerations seldom described in the scientific literature, yet relevant to increase the convergence rate of attacks. These considerations concern in particular the correction of acquisition defects such as the drifting side-channel leakage, the identification of the most leaking samples, the order in which subkeys are attacked, how to exploit subkeys that are revealed easily to help retrieve subkeys that leak less, and non-linear leakage models.
Scientific journal, English - Yet another fault-based leakage in non-uniform faulty ciphertexts
Yang Li; Yu-Ichi Hayashi; Arisa Matsubara; Naofumi Homma; Takafumi Aoki; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, 8352, Springer-Verlag, 272-287, 2014, Peer-reviwed, This paper discusses the information leakage that comes from the non-uniform distribution of the faulty calculation results for hardware AES implementations under setup-time violations. For the setup-time violation, it is more difficult to predict the faulty value than the introduced difference itself. Therefore, the faulty calculation results have been always paired with the fault-free calculations as the information leakage. However, the faulty calculation results under statistical analyses can directly leak the secret. This leakage is mainly caused by the circuit structure rather than the transition differences for variant input data. Generally, this work explains the mechanism of the non-uniform distribution of faulty calculation results. For the widely used composite field based AES S-box, we explain and demonstrate that the probability of the emergence of a particular faulty value is much higher than other values. We use the key recovery method proposed by Fuhr et al., and show the successful key recovery using only the faulty calculation results. In addition, against the attack target that encrypts random plaintexts, we extend the attack in case the faults are injected remotely using electromagnetic interference without any injection timing trigger. © 2014 Springer International Publishing Switzerland.
International conference proceedings, English - Privacy-Mode Switching: Toward Flexible Privacy Protection for RFID Tags in Internet of Things
Yang Li; Toshiki Nakasone; Kazuo Ohta; Kazuo Sakiyama
2014 IEEE 11TH CONSUMER COMMUNICATIONS AND NETWORKING CONFERENCE (CCNC), IEEE, 941-942, 2014, Peer-reviwed, The privacy problem becomes the biggest obstacle when applying the RFID technology to personal customers usage in Internet of Things. Privacy protection is in the cost of computational overhead and feasibility loss, and necessary for privacy-sensitive usages. We propose a RFID system in which the privacy protection can be turned on or off by validate authorities. The privacy-mode switching increases diversity of RFID usage, enables RFID recycles, and has limited hardware overhead for RFID tags. Based on a symmetric-key crypto-based mutual authentication protocol called OMHSO, we describe a construction of a RFID system with flexible privacy-mode switching.
International conference proceedings, English - Correlation Power Analysis using Bit-Level Biased Activity Plaintexts against AES Cores with Countermeasures
Daisuke Fujimoto; Noriyuki Miura; Makoto Nagata; Yuichi Hayashi; Naofumi Homma; Takafumi Aoki; Yohei Hori; Toshihiro Katashita; Kazuo Sakiyama; Thanh-Ha Le; Julien Bringer; Pirouz Bazargan-Sabet; Shivam Bhasin; Jean-Luc Danger
2014 INTERNATIONAL SYMPOSIUM ON ELECTROMAGNETIC COMPATIBILITY, TOKYO (EMC'14/TOKYO), IEEE, 14P2-A3, 306-309, 2014, Peer-reviwed, Advanced encryption standard (AES) cores suffer from information leakage through power supply currents, even with the wave dynamic differential logic (WDDL) known as one of the most tolerable countermeasure design styles against side channel attacks (SCA). The set of plaintexts having bitlevel biased activities are produced with a known secret key and used for diagnosing the vulnerability of AES cores in their development phases. The CPA with biased plaintexts revealed 128-bit secret keys with less than 4,000 traces from the WDDL AES core both by the measurements and simulations of power supply currents. The core was physically structured by using a 65-nm CMOS standard cell library and assembled on a test vehicle of "SPACES explorer" having an on-board 1-ohm resistor for measuring power supply currents. The derived knowledge should be useful in driving the design of AES cores to be much less prone to information leakage through power supply current and electromagnetic measurements.
International conference proceedings, English - Software and Hardware Co-Verification for Privacy-Enhanced Passive UHF RFID Tag
Yang Li; Toshiki Naksone; Kazuo Sakiyama
2014 IEEE INTERNATIONAL SYMPOSIUM ON ELECTROMAGNETIC COMPATIBILITY (EMC), IEEE, 752-757, 2014, Peer-reviwed, RFID system is one of the most important components for the construction of the Internet of Things. The wireless communication between the tag reader and the RFID tag is based on electromagnetic radiation, which is fully accessible by adversaries and brings the security and privacy problems. The RFID-based applications that are related to personal information urgently require the practical solution to the privacy protection. This work introduces a software and hardware combined functionality verification for a privacy-preserving RFID design. The target RFID design is the digital part of a passive UHF RFID tag with hash-based mutual authentication protocol and privacy-mode switch. We introduce the setup, the procedures and the results of the performed simulation based and FPGA-based functionality verification. Finally, we explain the benefits and limitations of the performed experiments.
International conference proceedings, English - A technique using PUFs for protecting circuit layout designs against reverse engineering
Dai Yamamoto; Masahiko Takenaka; Kazuo Sakiyama; Naoya Torii
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, 8639, Springer-Verlag, 158-173, 2014, Peer-reviwed, Recently, considerable interests have been focused on Physically Unclonable Functions (PUFs) as an anti-counterfeiting technology for Integrated Circuits (ICs). PUFs are used for more secure authentication mechanisms than conventional ones, and enable us to distinguish genuine from counterfeit ICs. However, sophisticated reverse-engineering approaches, which diminish intellectual property (IP), have still been a big problem for IC designs except PUFs. The IC designs include various circuits such as audio-video-processing circuit, communication circuit, etc., which are based on their manufactures' trade secrets. Hence the counterfeit production and information leakage through the reverse engineering of such valuable circuits are major threats to IC manufactures. In this paper, we use PUFs not for authentication but for protection of IP of IC designs. We propose a new method of the IP protection, by using HCI-SA (Hot Carrier Injection-Sense Amplifier) PUFs proposed in 2013. The HCI-SA PUF, one of the memory-based PUFs, has two great properties: one is that its response has a perfect reliability, and another is that the value of response can be fully controlled by manufactures. We design various logic gates (e.g. NAND, XOR) by using the HCI-SA PUFs, which is completely identical and impossible to be distinguished from the IC layout information. These PUF-based logic gates make ICs more resistant to a reverse-engineering attack. © 2014 Springer International Publishing.
International conference proceedings, English - Security Evaluation of Bistable Ring PUFs on FPGAs using Differential and Linear Analysis
Dai Yamamoto; Masahiko Takenaka; Kazuo Sakiyama; Naoya Torii
FEDERATED CONFERENCE ON COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2014, IEEE, 2, 911-918, 2014, Peer-reviwed, Physically Unclonable Function (PUF) is expected to be an innovation for anti-counterfeiting devices for secure ID generation, authentication, etc. In this paper, we propose novel methods of evaluating the difficulty of predicting PUF responses (i.e. PUF outputs), inspired by well-known differential and linear cryptanalysis. According to the proposed methods, we perform a first third-party evaluation for Bistable Ring PUF (BR-PUF), proposed in 2011. The BR-PUFs have been claimed that they have a resistance against the response predictions. Through our experiments using FPGAs, we demonstrate, however, that BR-PUFs have two types of correlations between challenges and responses, which may cause the easy prediction of PUF responses. First, the same responses are frequently generated for two challenges (i.e. PUF inputs) with small Hamming distance. A number of randomly-generated challenges and their variants with Hamming distance of one generate the same responses with the probability of 0.88, much larger than 0.5 in ideal PUFs. Second, particular bits of challenges in BR-PUFs have a great impact on the responses. The value of responses becomes '1' with the high probability of 0.71 (>0.5) when just particular 5 bits of 64-bit random challenges are forced to be zero or one. In conclusion, the proposed evaluation methods reveal that BR-PUFs on FPGAs have some correlations of challenge-response pairs, which helps an attacker to predict the responses.
International conference proceedings, English - A New Mode of Operation for Arbiter PUF to Improve Uniqueness on FPGA
Takanori Machida; Dai Yamamoto; Mitsugu Iwamoto; Kazuo Sakiyama
FEDERATED CONFERENCE ON COMPUTER SCIENCE AND INFORMATION SYSTEMS, 2014, IEEE, 2, 871-878, 2014, Peer-reviwed, Arbiter-based Physically Unclonable Function (PUF) is one kind of the delay-based PUFs that use the time difference of two delay-line signals. One of the previous work suggests that Arbiter PUFs implemented on Xilinx Virtex-5 FPGAs generate responses with almost no difference, i.e. with low uniqueness. In order to overcome this problem, Double Arbiter PUF was proposed, which is based on a novel technique for generating responses with high uniqueness from duplicated Arbiter PUFs on FPGAs. It needs the same costs as 2-XOR Arbiter PUF that XORs outputs of two Arbiter PUFs. Double Arbiter PUF is different from 2-XOR Arbiter PUF in terms of mode of operation for Arbiter PUF: the wire assignment between an arbiter and output signals from the final selectors located just before the arbiter. In this paper, we evaluate these PUFs as for uniqueness, randomness, and steadiness. We consider finding a new mode of operation for Arbiter PUF that can be realized on FPGA. In order to improve the uniqueness of responses, we propose 3-1 Double Arbiter PUF that has another duplicated Arbiter PUF, i.e. having 3 Arbiter PUFs and output 1-bit response. We compare 3-1 Double Arbiter PUF to 3-XOR Arbiter PUF according to the uniqueness, randomness, and steadiness, and show the difference between these PUFs by considering the mode of operation for Arbiter PUF. From our experimental results, the uniqueness of responses from 3-1 Double Arbiter PUF is approximately 50%, which is better than that from 3-XOR Arbiter PUF. We show that we can improve the uniqueness by using a new mode of operation for Arbiter PUF.
International conference proceedings, English - Single-Chip Implementation and Evaluation of Passive UHF RFID Tag with Hash-Based Mutual Authentication
Yang Li; Shugo Mikami; Dai Watanabe; Kazuo Ohta; Kazuo Sakiyama
Cryptology and Information Security Series, IOS Press, 12, 3-15, 2014, Peer-reviwed, This paper presents a single-chip implementation and evaluation of a passive ultra-high frequency (UHF) RFID tag that uses hash-based mutual authentication protocol. Implementation details of the silicon chip including analog power block, analog clock block, cryptographic block, volatile and non-volatile memory blocks will be introduced as well as the evaluation results of the chip about area, execution time, and power consumption. To the best of our knowledge, this work is the first single-chip implementation and the first feasibility verification of a fully functional passive UHF RFID tag chip running the hash-based mutual authentication protocol with forward privacy-preservation. We expect our experience is helpful for the future design of the privacy-preserving RFID system from both academic and industrial points of view.
Scientific journal, English - Practical DFA strategy for AES under limited-access conditions
Kazuo Sakiyama; Yang Li; Shigeto Gomisawa; Yu-Ichi Hayashi; Mitsugu Iwamoto; Naofumi Homma; Takafumi Aoki; Kazuo Ohta
Journal of Information Processing, Information Processing Society of Japan, 22, 2, 142-151, 2014, Peer-reviwed, Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remotefault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections. © 2014 Information Processing Society of Japan.
Scientific journal, English - Variety enhancement of PUF responses using the locations of random outputting RS latches
Dai Yamamoto; Kazuo Sakiyama; Mitsugu Iwamoto; Kazuo Ohta; Masahiko Takenaka; Kouichi Itoh
Journal of Cryptographic Engineering, 3, 4, 197-211, Nov. 2013, Peer-reviwed, Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, manufactured PUFs are considered to be more secure when the pattern of outputs (the variety of responses) is larger, i.e., the response bit length is longer (e.g., 192-bit response is more secure than 128-bit one). However, the actual bit length is reduced because some response bits are inconsistent (random) for repeated measurements, which are regarded as unnecessary for ID generation and discarded. Latch-based PUFs with N RS latches, for example, generate ideally 2N responses depending on binary values output from RS latches (0/1). However, some RS latches output random responses which are inconsistent and cannot be used for reliable ID generation, so the variety of responses becomes smaller than 2N. In this paper, we propose a novel Latch-based PUF structure, which outputs larger variety of responses by utilizing location information of the RS latches outputting the random responses. Differently from random responses themselves, this location information is determined during a manufacturing process, so almost fixed once PUFs are manufactured. The proposed PUF generates 3N ≈ 21.58N responses by considering random responses as the third stable value: using ternary values (0/1/random). We estimate the variety of responses generated by the proposed PUFs. According to our experiment with 40 FPGAs, a Latch-based PUF with 128 RS latches can improve it from 2116 to 2192.7, this being maximized when the 128 latches outputs 0s, 1s, or random outputs with equal probability. We also show the appropriate RS latch structure for satisfying this condition, and validate it using two kinds of different Xilinx FPGAs: Spartan-3E and Spartan-6. The average error rate of responses is only 5.3 % when the core voltage is changed within the rated voltage range of the FPGAs. Our proposed PUF using ternary values enhances dramatically the variety of responses while keeping the reliability. © 2012 The Author(s).
Scientific journal, English - Exploration of the CC-EMA Attack Towards Efficient Evaluation of EM Information Leakage
Toshiki Nakasone; Kazuo Sakiyama; Yang Li; Kazuo Ohta
International Symposium on Electromagnetic Compatibility (EMC EUROPE) 2013, 411-414, Sep. 2013, Peer-reviwed
International conference proceedings, English - On-chip power noise measurements of cryptographic VLSI circuits and interpretation for side-channel analysis
Daisuke Fujimoto; Noriyuki Miura; Makoto Nagata; Yuichi Hayashi; Naofumi Homma; Yohei Hori; Toshihiro Katashita; Kazuo Sakiyama; Thanh-Ha Le; Julien Bringer; Pirouz Bazargan-Sabet; Jean-Luc Danger
International Symposium on Electromagnetic Compatibility (EMC EUROPE) 2013, 405-410, Sep. 2013, Peer-reviwed
International conference proceedings, English - Meet-in-the-Middle Preimage Attacks Revisited: New Results on MD5 and HAVAL
Yu Sasaki; Wataru Komatsubara; Lei Wang; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
International Conference on Security and Cryptography (SECRYPT’13), SciTePress, SciTePress, 111-122, Jul. 2013, Peer-reviwed
International conference proceedings, English - Key-dependent weakness of AES-based ciphers under clockwise collision distinguisher
Toshiki Nakasone; Yang Li; Yu Sasaki; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7839, Springer-Verlag, 395-409, 2013, Peer-reviwed, In 2011, Li et al. proposed a series of side-channel attacks that are related to a fundamental side-channel leakage source called clockwise collision. This paper discloses the fact that hardware implementations of AES-based ciphers could have weak keys assuming that the leakage of clockwise collision is distinguishable. In order to explain this, we firstly set up an evaluation method by introducing a threshold-based distinguisher that takes an advantage of the locality of ElectroMagnetic (EM) measurements. Secondly, we discuss that the probability of clockwise collision depends on the key values and the byte positions in the AES states. Thirdly, based on practical EM measurements and mathematical analysis, we quantitatively evaluate the relationship between the probability of clockwise collision and the vulnerability to the side-channel attack. Finally, the discussion is extended to the design methodology of AES-based ciphers, i.e., the parameter selection for S-box and ShiftRows. © 2013 Springer-Verlag.
International conference proceedings, English - An extension of fault sensitivity analysis based on clockwise collision
Yang Li; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7763, Springer-Verlag, 46-59, 2013, Peer-reviwed, This paper proposes an extension of fault sensitivity analysis based on clockwise collision. The original FSA attack uses the fault injections to exploit the sensitivity of calculations against the fault injections. While the clockwise collision fault sensitivity analysis (CC-FSA) uses the fault injections to detect the occurrence of the clockwise collision and to recover the secret key. Clockwise collision is a phenomenon for iterative hardware circuits, which leads to nearly impossible setup-time violations. Take an AES S-box as an instance, clockwise collision occurs when the S-box inputs for two consecutive clock cycles are identical in value. As a result, the combinational circuit in the second clock cycle has almost no signal toggle and a negligible critical path delay. This paper proposes and verifies the concept of CC-FSA using the clock-glitch-based fault injections and an unprotected AES implementation. We investigate the key recovery method for CC-FSA with a noisy data set and we consider CC-FSA can help the previous collision-based model-less FSA attack to identify the final 8-bit secret information without additional data and negligible computational overhead. © 2013 Springer-Verlag Berlin Heidelberg.
International conference proceedings, English - Exploring the relations between fault sensitivity and power consumption
Yang Li; Sho Endo; Nicolas Debande; Naofumi Homma; Takafumi Aoki; Thanh-Ha Le; Jean-Luc Danger; Kazuo Ohta; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7864, Springer-Verlag, 137-153, 2013, Peer-reviwed, This paper qualitatively explores the relations between two kinds of side-channel leakages, i.e., the fault sensitivity (FS) and the power consumption. The FS is a relatively new active side-channel leakage, while the power consumption is one of the earliest researched passive side-channel leakage. These two side-channels are closely related with regard to both the security evaluation and the countermeasure proposal. This paper experimentally answers the following important issues such as the relationship between these two side-channels, whether they share the same leakage function and whether they can be protected by the same countermeasure. Based on two FPGA AES implementations without countermeasures, we first confirm a high correlation between the power consumption and the FS. Then, we construct the leakage profiles for the FS and the power consumption to explain the detailed relations between them. We also confirm a successful key recovery using the FS profile as the leakage model for power consumption. Based on these discoveries, we believe that FSA can be used as an evaluation tool to find the first-order leakage with less data-complexity, and it is more reasonable to achieve the countermeasures against FSA and power analysis from different design levels. © 2013 Springer-Verlag Berlin Heidelberg.
International conference proceedings, English - Coupon collector's problem for fault analysis against AES - High tolerance for noisy fault injections
Yu Sasaki; Yang Li; Hikaru Sakamoto; Kazuo Sakiyama
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7859, Springer-Verlag, 213-220, 2013, Peer-reviwed, In this paper, we propose a new technique for Square Differential Fault Analysis (DFA) against AES that can recover a secret key even with a large number of noisy fault injections, while the previous approaches of the Square DFA cannot work with noise. This makes the attack more realistic because assuming the 100% accuracy of obtaining intended fault injections is usually impossible. Our success lies in the discovery of a new mechanism of identifying the right key guess by exploiting the coupon collector's problem and its variant. Our attack parameterizes the number of noisy fault injections. If the number of noisy faults is set to 0, the analysis becomes exactly the same as the previous Square DFAs. Then, our attack can work even with a large number of noisy faults. Thus our work can be viewed as a generalization of the previous Square DFAs with respect to the number of tolerable noisy fault injections. © 2013 Springer-Verlag.
International conference proceedings, English - A comparative study of stream ciphers and hash functions for RFID authentications
Shugo Mikami; Dai Watanabe; Kazuo Sakiyama
Cryptology and Information Security Series, 11, 83-94, 2013, Peer-reviwed, RFID tags are extensively used in many applications, even though RFID systems suffer from security and privacy risks, such as data forgery and tracking. RFID authentication protocols and lightweight cryptographic algorithms have been developed to overcome these risks. Saarinen et al. have studied some design requirements for the lightweight cryptographic algorithms from the viewpoint of implementation [33]. They have proposed lightweight stream ciphers to generate Tag-IDs. However, the Tag-ID length they evaluated is too short to realize secure RFID authentications and compact implementations of the lightweight hash functions are inappropriate for generating the Tag-IDs because they take a large number of clock cycles. In this paper, we evaluate hardware performance of certain lightweight stream ciphers for generating long Tag-IDs defined in RFID standards, such as the EPC Data Standard and ISO/IEC 15963. We evaluate hardware performance of certain lightweight hash functions with parallel implementation to meet a low area requirement and to achieve high speed performance. We show that as the Tag-IDs become longer, the hash functions take a large number of clock cycles while the stream ciphers take smaller number of clock cycles. Our results reveal that the light weight stream ciphers are suitable for generating the Tag-IDs for RFID applications which require quick responses. © 2013 The authors and IOS Press. All rights reserved.
Scientific journal, English - A New Type of Fault-Based Attack: Fault Behavior Analysis
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E96A, 1, 177-184, Jan. 2013, Fault-based attacks are very powerful to recover the secret key for cryptographic implementations. In this work, we consider the faulty output value under a certain fault injection intensity as a new type of leakage called faulty behavior. We examine the data-dependency of the faulty behavior and propose a related side-channel attack called fault behavior analysis (FBA). To verify the validity of the proposed attack, we first show that our attack can work effectively on AES-COMP of SASEBO-R. Then we show how to apply the similar attack on two AES implementations with masking countermeasures, i.e., AES-MAO and AES-TI. Finally we compare the proposed FBA attack with the DFA attack and the FSA attack, trying to complete the research map for the fault-based attack based on setup-time violations.
Scientific journal, English - Correlation power analysis and countermeasure on the stream cipher enocoro-128v2
Shugo Mikami; Hirotaka Yoshida; Dai Watanabe; Kazuo Sakiyama
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, Institute of Electronics, Information and Communication, Engineers, IEICE, E96-A, 3, 697-704, 2013, Peer-reviwed, Enocoro-128v2 is a lightweight stream cipher submitted to Cryptography Research and Evaluation Committees (CRYPTREC). In this paper, we first describe a side channel attack on Enocoro-128v2. We show that all secret key bytes of Enocoro-128v2 can be recovered by correlation power analysis, and it is shown by an experiment that around 6000 traces are needed to recover the secret key on SASEBO-GII (Side-channel Attack Standard Evaluation Board). We second propose a countermeasure with threshold implementation technique, which allows Enocoro-128v2 to be resistant against correlation power analysis as long as less than 105 traces are used. Copyright © 2013 The Institute of Electronics, Information and Communication Engineers.
Scientific journal, English - Boomerang Distinguishers for Full HAS-160 Compression Function
Yu Sasaki; Lei Wang; Yasuhiro Takasaki; Kazuo Sakiyama; Kazuo Ohta
International Workshop on Security 2012 (IWSEC’12), LNCS 7631, Springer-Verlag, 170-181, Nov. 2012, Peer-reviwed
International conference proceedings, English - Fault Sensitivity Analysis Using Multiple Factors
Ayaka Koike; Yang Li; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama
電子情報通信学会論文誌(A), The Institute of Electronics, Information and Communication Engineers, 95, 10, 751-755, Oct. 2012, Peer-reviwed, 暗号実装の耐タンパー性を確保するためには,故障発生時の評価が不可欠である.数ある故障誘発要因の中で,特に本論文では暗号デバイスに供給するクロック信号と電流及びデバイス動作時の環境温度を複合的に利用した故障感度解析を提案する.
Scientific journal, Japanese - Fair and Consistent Hardware Evaluation of Fourteen Round Two SHA-3 Candidates
Miroslav Knezevic; Kazuyuki Kobayashi; Jun Ikegami; Shin'ichiro Matsuo; Akashi Satoh; Uenal Kocabas; Junfeng Fan; Toshihiro Katashita; Takeshi Sugawara; Kazuo Sakiyama; Ingrid Verbauwhede; Kazuo Ohta; Naofumi Homma; Takafumi Aoki
IEEE TRANSACTIONS ON VERY LARGE SCALE INTEGRATION (VLSI) SYSTEMS, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 20, 5, 827-840, May 2012, Peer-reviwed, The first contribution of our paper is that we propose a platform, a design strategy, and evaluation criteria for a fair and consistent hardware evaluation of the second-round SHA-3 candidates. Using a SASEBO-GII field-programmable gate array (FPGA) board as a common platform, combined with well defined hardware and software interfaces, we compare all 256-bit version candidates with respect to area, throughput, latency, power, and energy consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specification for the SHA-3 module on our testing platform. The second contribution is that we provide both FPGA and 90-nm CMOS application-specific integrated circuit (ASIC) synthesis results and thereby are able to compare the results. Our third contribution is that we release the source code of all the candidates and by using a common, fixed, publicly available platform, our claimed results become reproducible and open for a public verification.
Scientific journal, English - New Fault-Based Side-Channel Attack Using Fault Sensitivity
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 7, 1, 88-97, Feb. 2012, Peer-reviwed, This paper proposes a new fault-based attack called fault sensitivity analysis (FSA) attack. In the FSA attack, fault injections are used to test out the sensitive information leakage called fault sensitivity. Fault sensitivity means the critical fault injection intensity that corresponds to the threshold between devices' normal and abnormal behaviors. We demonstrate that without using the values of the faulty outputs, attackers can obtain the information of the secret key based on the data-dependency of the collected fault sensitivity data. This paper explains the successful FSA attacks against three Advanced Encryption Standard (AES) hardware implementations, where two of them are resistant to the differential fault analysis. This paper also discusses the countermeasures against the proposed FSA attacks.
Scientific journal, English - Information-Theoretic Approach to Optimal Differential Fault Analysis
Kazuo Sakiyama; Yang Li; Mitsugu Iwamoto; Kazuo Ohta
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 7, 1, 109-120, Feb. 2012, Peer-reviwed, This paper presents a comprehensive analysis of differential fault analysis (DFA) attacks on the Advanced Encryption Standard (AES) from an information-theoretic perspective. Injecting faults into cryptosystems is categorized as an active attack where attackers induce an error in operations to retrieve the secret internal information, e. g., the secret key of ciphers. Here, we consider DFA attacks as equivalent to a special kind of passive attack where attackers can obtain leaked information without measurement noise. The DFA attacks are regarded as a conversion process from the leaked information to the secret key. Each fault model defines an upper bound for the amount of leaked information. The optimal DFA attacks should be able to exploit fully the leaked information in order to retrieve the secret key with a practical level of complexity. This paper discusses a new DFA methodology to achieve the optimal DFA attack by deriving the amount of the leaked information for various fault models from an information-theoretic perspective. We review several previous DFA attacks on AES variants to check the optimality of their attacks. We also propose improved DFA attacks on AES-192 and AES-256 that reach the theoretical limits.
Scientific journal, English - Fault injection and key retrieval experiments on an evaluation board
Junko Takahashi; Toshinori Fukunaga; Shigeto Gomisawa; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Information Security and Cryptography, Springer International Publishing, 17, 313-331, 2012, Peer-reviwed, This chapter presents fault injection experiments using a side-channel evaluation board called SASEBO, which was developed to unify testing environments for side-channel analysis. We describe experiments where faults were injected into a cryptographic LSI mounted on a SASEBO board using a clock glitch. In this experiment, the faults can be induced at any desired point in time during the computation of an algorithm. We show the results of injecting faults into block cipher and public key modules implemented on the LSI. We also show the key retrieval from standard ciphers using the faulty outputs obtained in these experiments. This work contributes to the study of how a fault is injected into a target device, such as an LSI mounted on an evaluation board, and verifies various theoretical fault analyses using an experimental environment.
In book, English - Boomerang distinguishers for full HAS-160 compression function
Yu Sasaki; Lei Wang; Yasuhiro Takasaki; Kazuo Sakiyama; Kazuo Ohta
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7631, 156-169, 2012, Peer-reviwed, This paper studies a boomerang-attack-based distinguisher against full steps of the compression function of HAS-160, which is the hash function standard in Korea. The attack produces a second-order collision for the full steps of the compression function with a complexity of 2 76.06, which is faster than the currently best-known generic attack with a complexity of 2 80. Previously Dunkelman et al. in 2009 applied a boomerang-based key-recovery attack on the internal block cipher of HAS-160. Because the goal of their attack is different from ours, the attack on the compression function has been reconstructed and optimized from scratch. As a result of the exhaustive search of the message difference, we found that the same message difference as theirs is the best choice for the first subcipher. We then propose some improvement to construct a differential characteristic from the message difference, which the probability of the characteristic increases from 2 -47 to 2 -44. Thus our new characteristic also improves their key-recovery attack on the internal block cipher of HAS-160. © Springer-Verlag Berlin Heidelberg 2012.
International conference proceedings, English - A study on computational formal verification for practical cryptographic protocol: The case of synchronous RFID authentication
Yoshikazu Hanatanii; Miyako Ohkubo; Shin'Ichiro Matsuo; Kazuo Sakiyama; Kazuo Ohta
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7126, Springer-Verlag, 70-87, 2012, Peer-reviwed, Formal verification of cryptographic protocols has a long history with a great number of successful verification tools created. Recent progress in formal verification theory has brought more powerful tools capable of handling computational assumption, which leads to more reliable verification results for information systems. In this paper, we introduce an effective scheme and studies on applying computational formal verification toward a practical cryptographic protocol. As a target protocol, we reconsider a security model for RFID authentication with a man-in-the-middle adversary and communication fault. We define three model and security proofs via a game-based approach that, in a computational sense, makes our security models compatible with formal security analysis tools. Then we show the combination of using a computational formal verification tool and handwritten verification to overcome the computational tool's limitations. We show that the target RFID authentication protocol is robust against the above-mentioned attacks, and then provide game-based (handwritten) proofs and their verification via CryptoVerif. © 2012 Springer-Verlag.
International conference proceedings, English - New truncated differential cryptanalysis on 3D block cipher
Takuma Koyama; Lei Wang; Yu Sasaki; Kazuo Sakiyama; Kazuo Ohta
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7232, Springer-Verlag, 109-125, 2012, Peer-reviwed, This paper presents 11- and 13-round key-recovery attacks on block cipher 3D with the truncated differential cryptanalysis, while the previous best key-recovery attack broke only 10 rounds with the impossible differential attack. 3D is an AES-based block cipher proposed at CANS 2008, which operates on 512-bit blocks and a 512-bit key, and consists of 22 rounds. It was previously believed that the truncated differential cryptanalysis could not extend the attack more than 5 rounds. However, by carefully analyzing the data processing part and key schedule function simultaneously, we show the attack to 11-round 3D with 2 251 chosen plaintext (CP), 2 288 computations, and 2 128 memory. Additionally, the time complexity is improved up to 2 113 by applying the early aborting technique. By utilizing the idea of neutral bit, we attack 13-round 3D with 2 469 CP, 2 308 computations, and 2 128 memory. © 2012 Springer-Verlag.
International conference proceedings, English - Three-subset meet-in-the-middle attack on reduced XTEA
Yu Sasaki; Lei Wang; Yasuhide Sakai; Kazuo Sakiyama; Kazuo Ohta
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7374, Springer-Verlag, 138-154, 2012, Peer-reviwed, This paper presents an improved single-key attack on a block-cipher XTEA by using the three-subset meet-in-the-middle (MitM) attack. Firstly, a technique on a generic block-cipher is discussed. It points out that the previous work applying the splice-and-cut technique to the three-subset MitM attack contains incomplete arguments, and thus it requires a very large data complexity, which is close to the code book. This paper gives a corrected procedure to keep the data complexity small. Secondly, the three-subset MitM attack is applied for reduced-round XTEA, which is a 64-bit block-cipher with 64-round Feistel network and a 128-bit key. 25 rounds are attacked with 9 known plaintexts and 2 120.40 XTEA computations, while the previous best single-key attack only reaches 23 rounds. In the chosen-plaintext model, the attack is extended to 28 rounds with 2 37 chosen-plaintexts and 2 120.38 computations. © 2012 Springer-Verlag.
International conference proceedings, English - Measurement of Side-Channel Information from Cryptographic Devices on Security Evaluation Platform: Demonstration of SPACES Project
Sho Endo; Yu-ichi Hayashi; Naofumi Homma; Takafumi Aoki; Toshihiro Katashita; Yohei Hori; Kazuo Sakiyama; Makoto Nagata; Jean-Luc Danger; Thanh-Ha Le; Pirouz Bazargan Sabet
2012 PROCEEDINGS OF SICE ANNUAL CONFERENCE (SICE), SOC INSTRUMENT CONTROL ENGINEERS JAPAN, 313-316, 2012, Peer-reviwed, The SPACES project is a Japanese-French joint research project that aims to establish a new security evaluation methodology for cryptographic devices. We introduce one of the SPACES project outcomes associated with the development of the security evaluation platform for cryptographic devices. The new feature of the proposed system is to include a newly-developed Side-channel Attack Standard Evaluation Board (SASEBO) and a fault -injection module based on a glitchy-clock generator implemented in an FPGA on the SASEBO. We also show that we can efficiently collect and analyze the side-channel information with the proposed system.
International conference proceedings, English - An Efficient Countermeasure against Fault Sensitivity Analysis Using Configurable Delay Blocks
Sho Endo; Yang Li; Naofumi Homma; Kazuo Sakiyama; Kazuo Ohta; Takafumi Aoki
2012 WORKSHOP ON FAULT DIAGNOSIS AND TOLERANCE IN CRYPTOGRAPHY (FDTC), IEEE, 95-102, 2012, Peer-reviwed, In this paper, we present an efficient countermeasure against Fault Sensitivity Analysis (FSA) based on a configurable delay blocks (CDBs). FSA is a new type of fault attack which exploits the relationship between fault sensitivity and secret information. Previous studies reported that it could break cryptographic modules equipped with conventional countermeasures against Differential Fault Analysis (DFA) such as redundancy calculation, Masked AND-OR and Wave Dynamic Differential Logic (WDDL). The proposed countermeasure can detect both DFA and FSA attacks based on setup time violation faults. The proposed ideas are to use a CDB as a time base for detection and to combine the technique with Li's countermeasure concept which removes the dependency between fault sensitivities and secret data. Post-manufacture configuration of the delay blocks allows minimization of the overhead in operating frequency which comes from manufacture variability. In this paper, we present an implementation of the proposed countermeasure, and describe its configuration method. We also investigate the hardware overhead of the proposed countermeasure implemented in ASIC for an AES module and demonstrate its validity through an experiment using a prototype FPGA implementation.
International conference proceedings, English - Polynomial-advantage cryptanalysis of 3D cipher and 3D-based hash function
Lei Wang; Yu Sasaki; Kazuo Sakiyama; Kazuo Ohta
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 7631, Springer-Verlag, 170-181, 2012, Peer-reviwed, This paper evaluates a block cipher mode, whose round functions of both the key schedule and the encryption process are independent of the round indexes. Previously related-key attack has been applied to such block cipher mode, and it can work no matter how many rounds are iterated in the cipher. This paper presents an accelerated key-recovery attack on this block cipher mode in the single-key setting. Similarly, our attack can also work no matter how many rounds are iterated in the cipher. More interestingly, the effectiveness of our attack, e.g. The relative advantage, increases with the number of rounds. 3D is a dedicated block cipher following the target mode. We apply the key-recovery attack to 3D cipher, and extend it to collision and preimage attacks on 3D-based hash functions. For a l-round instance of 3D (l is recommended as 22 by the designer), the complexity of recovering the secret key is 2 512√ l/2 data, 2 512√l/2 offline computation, and 2 512√l/2 memory requirement. And the success probability is 0.63. Thus compared with the brute-force attack, the complexity is accelerated by a factor of 0.315 *√l/2 in the sense of total computations (including both online and offline computations) under the same success probability 0.63. The total computations of finding collision and preimage on 3D-based hash functions are 2 257/l and 2 513/l, namely accelerated by a factor of in the sense of total computations under the same success probability. Moreover, differently from the key-recovery attack, the collision and preimage attacks don't need to increase the memory requirement compared with the brute-force attack. Finally we stress that all our attacks are polynomial-advantage attacks. © Springer-Verlag Berlin Heidelberg 2012.
International conference proceedings, English - Meet-in-the-Middle (Second) Preimage Attacks on Two Double-Branch Hash Functions RIPEMD and RIPEMD-128
Lei Wang; Yu Sasaki; Wataru Komatsubara; Kazuo Sakiyama; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E95A, 1, 100-110, Jan. 2012, Peer-reviwed, Even though meet-in-the-middle preimage attack framework has been successfully applied to attack most of narrow-pipe hash functions, it seems difficult to apply this framework to attack double-branch hash functions. Only few results have been published on this research. This paper proposes a refined strategy of applying meet-in-the-middle attack framework to double-branch hash functions. The main novelty is a new local-collision approach named one-message-word local collision. We have applied our strategy to two double-branch hash functions RIPEMD and RIPEMD-128, and obtain the following results.
On RIPEMD, We find a pseudo-preimage attack on 47-step compression function, where the full version has 48 steps, with a complexity of 2(119). It can be converted to a second preimage attack on 47-step hash function with a complexity of 2(124.5). Moreover, we also improve previous preimage attacks on (intermediate) 35-step RIPEMD, and reduce the complexity from 2(113) to 2(96).
On RIPEMD-128, We find a pseudo-preimage on (intermediate) 36-step compression function, where the full version has 64 steps, with a complexity of 2(123). It can1 be converted to a preimage attack on (intermediate) 36-step hash function with a complexity of 2(126.5).
Both RIPEMD and RIPEMD-128 produce 128-bit digests. Therefore our attacks are faster than the brute-force attack, which means that our attacks break the theoretical security bound of the above step-reduced variants of those two hash functions in the sense of (second) preimage resistance. The maximum number of the attacked steps on both those two hash functions is 35 among previous works based to our best knowledge. Therefore we have successfully increased the number of the attacked steps. We stress that our attacks does not break the security of full-version RIPEMD and RIPEMD-128. But the security mergin of RIPEMD becomes very narrow. On the other hand, RIPEMD-128 still has enough security margin.
Scientific journal, English - Toward Effective Countermeasures against an Improved Fault Sensitivity Analysis
Yang Li; Kazuo Ohta; Kazuo Sakiyama
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E95A, 1, 234-241, Jan. 2012, Peer-reviwed, This paper proposes the countermeasures against an improved fault sensitivity analysis. Our countermeasure is proposed based on the WDDL technique due to its built-in resistance against both the power-based attack and differential fault analysis. At CHES 2010, Li et al. proposed the FSA attack on WDDL-AES. The vulnerability of WDDL-AES in their attack mainly comes from the implementation deficiency rather than the WDDL technique itself. This paper first proposes an improved fault sensitive analysis that can threat a well-implemented WDDL-AES based on the input-data dependency for the critical path delay of WDDL S-box. Then we discuss the possibility of efficient countermeasures by modifying the WDDL circuit with a limited overhead. The countermeasures are discussed based on either modifying the dual-rail to single-rail converter or the introduction of the enable signal.
Scientific journal, English - Differential Fault Analysis on Stream Cipher MUGI
Junko Takahashi; Toshinori Fukunaga; Kazuo Sakiyama
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E95A, 1, 242-251, Jan. 2012, Peer-reviwed, This paper proposes a differential fault analysis on the stream cipher MUGI, which uses two kinds of update functions of an intermediate state. MUGI was proposed by Hitachi, Ltd. in 2002 and is specified as ISO/IEC 18033-4 for keystream generation. Differential fault analysis (DFA) is a type of fault analysis, which is considered to be a serious threat against secure devices such as smart cards. DFA on MUGI was first proposed at ICISC 2010 [25]; however, the attack condition for the successful attack such as the position into which the fault is injected was restricted. In this paper, we extend the attack methods which are more practical, based on a one-byte and a multi-byte fault models using the relationship between two kinds of update functions that are mutually dependent. In the proposed attack, the attacker can know the position affected by the fault injection even if he has no control of the timing of the fault injection. As a result, a 128-bit secret key can be recovered using 13 pairs of correct and faulty outputs on average.
Scientific journal, English - Intentional Electromagnetic Interference for Fault Analysis on AES Block Cipher IC
Yu-ichi Hayashi; Shigeto Gomisawa; Yang Li; Naofumi Homma; Kazuo Sakiyama; Takafumi Aoki; Kazuo Ohta
International Workshop on Electromagnetic Compatibility of Integrated Circuits (EMCCOMPO'11), 235-240, Nov. 2011, Peer-reviwed
International conference proceedings, English - First Experimental Results of Correlation-Enhanced EMA Collision Attack
Toshiki Nakasone; Daisuke Nakatsu; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Poster Session, CHES2011, LNCS 6917, Springer-Verlag, XXX, Sep. 2011, Peer-reviwed
International conference proceedings, English - Tripartite modular multiplication
Kazuo Sakiyama; Miroslav Knezevic; Junfeng Fan; Bart Preneel; Ingrid Verbauwhede
INTEGRATION-THE VLSI JOURNAL, ELSEVIER SCIENCE BV, 44, 4, 259-269, Sep. 2011, Peer-reviwed, This paper presents a new modular multiplication algorithm that allows one to implement modular multiplications efficiently. It proposes a systematic approach for maximizing a level of parallelism when performing a modular multiplication. The proposed algorithm effectively integrates three different existing algorithms, a classical modular multiplication based on Barrett reduction, the modular multiplication with Montgomery reduction and the Karatsuba multiplication algorithms in order to reduce the computational complexity and increase the potential of parallel processing. The algorithm is suitable for both hardware implementations and software implementations in a multiprocessor environment. To show the effectiveness of the proposed algorithm, we implement several hardware modular multipliers and compare the area and performance results. We show that a modular multiplier using the proposed algorithm achieves a higher speed comparing to the modular multipliers based on the previously proposed algorithms. (C) 2011 Elsevier B.V. All rights reserved.
Scientific journal, English - Preimage Attacks on 5-Pass HAVAL Reduced to 158-Steps and One-Block 3-Pass HAVAL
Yasuhide Sakai; Yu Sasaki; Lei Wang; Kazuo Ohta; Kazuo Sakiyama
Industrial Track Session, ACNS2011, 14 pages, Jun. 2011, Peer-reviwed
International conference proceedings, English - Combination of SW Countermeasure and CPU Modification on FPGA against Power Analysis
Daisuke Nakatsu; Yang Li; Kazuo Sakiyama; Kazuo Ohta
INFORMATION SECURITY APPLICATIONS, SPRINGER-VERLAG BERLIN, 6513, Springer-Verlag, 258-272, 2011, Peer-reviwed, This paper presents a design flow for secure software (SW) implementations of cryptographic algorithms against Side-Channel Attacks (SCAs) by using a CPU modification. The development of countermeasures to increase resistance against the SCAs in SW implementations is a topic of ongoing research. Researchers have proposed SW-level countermeasures in order to defeat the SCAs. However, we notice that more secure SW implementations are possible with an additional support from a hardware (HW) level countermeasure such as partial CPU modifications. This paper proposes a co-design approach of SW-level countermeasures and CPU modifications to defeat the SCAs on Field Programmable Gate Arrays (FPGA). As a case study of evaluating an effectiveness of the combination of our SW-/HW-level countermeasures, the S-box algorithm proposed by Coron et al. [1] is used. According to our experimental results, we find that the algorithm can be performed with a higher resistance against power analysis by applying our countermeasures. Our proposed design flow is applicable to various kinds of algorithms as well.
International conference proceedings, English - Fault Analysis on Stream Cipher MUGI
Junko Takahashi; Toshinori Fukunaga; Kazuo Sakiyama
INFORMATION SECURITY AND CRYPTOLOGY - ICISC 2010, SPRINGER-VERLAG BERLIN, 6829, Springer-Verlag, 420-+, 2011, Peer-reviwed, This paper proposes differential fault analysis, which is a well-known type of fault analysis, on a stream cipher MUGI, which uses two kinds of update functions of an intermediate state. MUM was proposed by Hitachi, Ltd. in 2002 and it is specified as ISO/IEC 18033-4 for keystream generation. Fault analysis is a side-channel attack that uses the faulty output obtained by inducing faults into secure devices. To the best knowledge of the authors, this is the first paper that proposes applying fault analysis to MUM. The proposed attack uses the relation between two kinds of the update functions that are mutually dependent. As a result, our attack can recover a 128-bit secret key using 12.54 pairs of correct and faulty outputs on average within 1 sec.
International conference proceedings, English - (Second) Preimage Attacks on Step-Reduced RIPEMD/RIPEMD-128 with a New Local-Collision Approach
Lei Wang; Yu Sasaki; Wataru Komatsubara; Kazuo Ohta; Kazuo Sakiyama
TOPICS IN CRYPTOLOGY - CT-RSA 2011, SPRINGER-VERLAG BERLIN, 6558, Springer-Verlag, 197-+, 2011, Peer-reviwed, This paper uses new types of local collisions named one-message-word local collisions to construct meet-in-the-middle preimage attacks on two double-branch hash functions RIPEMD and RIPEMD-128, and obtains the following results.
1) A pseudo-preimage and second preimage attacks on the first 47 steps of RIPEMD (full version: 48 steps) are proposed with complexities of 2(119) and 2(124.5) compression function computations, respectively. The number of the attacked steps is greatly increased from previous preimage attacks on the first 33 steps and intermediate 35 steps.
2) A pseudo-preimage and preimage attacks on intermediate 36 steps of RIPEMD-128 (full version: 64 steps) are proposed with complexities of 2(123) and 2(126.5) compression function computations, respectively, while previous attacks can work at most intermediate 35 steps.
International conference proceedings, English - Revisit fault sensitivity analysis on WDDL-AES
Yang Li; Kazuo Ohta; Kazuo Sakiyama
2011 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2011, 148-153, 2011, Peer-reviwed, This paper revisits and improves the fault sensitivity analysis (FSA) attack on WDDL-AES. At CHES 2010, the FSA attack on WDDL-AES was proposed by Li et al. based on the delay timing difference for complementary wires. In their attack, the vulnerability of WDDL-AES mainly comes from the implementation deficiency rather than the WDDL technique itself. On the contrary, we explain that a well-implemented WDDL-AES also has the vulnerability against the FSA attack due to the input-data dependency for the critical delay of the WDDL S-box. We explain the observed ciphertext-bit dependency for the fault sensitivity (FS) data when the clock glitch is injected at the final AES round. By proposing a new distinguisher, our FSA attack can successfully retrieve the secret key information for WDDL-AES on SASEBO-R. © 2011 IEEE.
International conference proceedings, English - Fault sensitivity analysis against elliptic curve cryptosystems
Hikaru Sakamoto; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Proceedings - 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2011, 11-20, 2011, Peer-reviwed, In this paper, we present a fault-based security evaluation for an Elliptic Curve Cryptography (ECC) implementation using the Montgomery Powering Ladder (MPL). We focus in particular on the López-Dahab algorithm, which is used to calculate a point on an elliptic curve efficiently without using the y - coordinate. Several previous fault analysis attacks cannot be applied to the ECC implementation employing the López-Dahab algorithm in a straight-forward manner. In this paper, we evaluate the security of the López-Dahab algorithm using Fault Sensitivity Analysis (FSA). Although the initial work on FSA was applied only to an Advanced Encryption Standard (AES) implementation, we apply the technique to the ECC implementation. Consequently, we found a vulnerability to FSA for the ECC implementation using the López-Dahab algorithm. © 2011 IEEE.
International conference proceedings, English - On the Power of Fault Sensitivity Analysis and Collision Side-Channel Attacks in a Combined Setting
Amir Moradi; Oliver Mischke; Christof Paar; Yang Li; Kazuo Ohta; Kazuo Sakiyama
CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2011, SPRINGER-VERLAG BERLIN, 6917, Springer-Verlag, 292-+, 2011, Peer-reviwed, At CHES 2010 two powerful new attacks were presented, namely the Fault Sensitivity Analysis and the Correlation Collision Attack. This paper shows how these ideas can be combined to create even stronger attacks. Two solutions are presented; both extract leakage information by the fault sensitivity analysis method while each one applies a slightly different collision attack to deduce the secret information without the need of any hypothetical leakage model. Having a similar fault injection method, one attack utilizes the non-uniform distribution of faulty ciphertext bytes while the other one exploits the data-dependent timing characteristics of the target combination circuit. The results when attacking several AES ASIC cores of the SASEBO LSI chips in different process technologies are presented. Successfully breaking the cores protected against DPA attacks using either gate-level countermeasures or logic styles indicates the strength of the attacks.
International conference proceedings, English - Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches
Dai Yamamoto; Kazuo Sakiyama; Mitsugu Iwamoto; Kazuo Ohta; Takao Ochiai; Masahiko Takenaka; Kouichi Itoh
CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2011, SPRINGER-VERLAG BERLIN, 6917, Springer-Verlag, 390-+, 2011, Peer-reviwed, Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, PUFs are considered to be more secure the larger their output entropy. However, the entropy of conventional PUFs is lower than the output bit length, because some output bits are random numbers, which are regarded as unnecessary for ID generation and discarded. We propose a novel PUF structure based on a Butterfly PUF with multiple RS latches, which generates larger entropy by utilizing location information of the RS latches generating random numbers. More specifically, while conventional PUFs generate binary values (0/1), the proposed PUF generates ternary values (0/1/random) in order to increase entropy. We estimate the entropy of the proposed PUF. According to our experiment with 40 FPGAs, a Butterfly PUF with 128 RS latches can improve entropy from 116 bits to 192.7 bits, this being maximized when the frequency of each ternary value is equal. We also show the appropriate RS latch structure for satisfying this condition, and validate it through an FPGA experiment.
International conference proceedings, English - Experimental Verification of Super-Sbox Analysis - Confirmation of Detailed Attack Complexity
Yu Sasaki; Naoyuki Takayanagi; Kazuo Sakiyama; Kazuo Ohta
ADVANCES IN INFORMATION AND COMPUTER SECURITY, SPRINGER-VERLAG BERLIN, 7038, Springer-Verlag, 178-+, 2011, Peer-reviwed, This paper implements the super-sbox analysis on 8-round AES proposed by Gilbert and Peyrin in order to verify its correctness and the attack cost. The attack consists of three parts; the first outbound phase, inbound phase with a super-sbox technique, and the second outbound phase. Gilbert and Peyrin estimated that the attack would require 2(48) computational cost and 2(32) memory, which could be feasible but not easy to practically implement. In this research, we first analyze the relationship among memory, computational cost, and the number of solutions in the inbound phase, and then show that the tradeoff exists for the super-sbox analysis. With this tradeoff, we implement the attack for each of the outbound phase independently so that the cost for the entire attack can be estimated by the experiments. As a result of our experiment, we show that the computational cost to obtain a pair of values satisfying the inbound phase is approximately 4 times higher and the freedom degrees are 4 times smaller than the previous estimation, which indicates that applying the super-sbox analysis is harder than expected.
International conference proceedings, English - An Efficient Authentication for Lightweight Devices by Perfecting Zero-Knowledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E94A, 1, 92-103, Jan. 2011, Peer-reviwed, We present a new methodology for constructing an efficient identification scheme, and based on it, we propose a lightweight identification scheme whose computational and storage costs are sufficiently low even for cheap devices such as RFID tags. First, we point out that the efficiency of a scheme with statistical zero-knowledgeness can be significantly improved by enhancing its zero-knowledgeness to perfect zero-knowledge. Then, we apply this technique to the Girault-Poupard-Stern (GPS) scheme which has been standardized by ISO/IEC. The resulting scheme shows a perfect balance between communication cost, storage cost, and circuit size (computational cost), which are crucial factors for implementation on RFID tags. Compared to GPS, the communication and storage costs are reduced, while the computational cost is kept sufficiently low so that it is implementable on a circuit nearly as small as GPS. Under standard parameters, the prover's response is shortened 80 bits from 275 bits to 195 bits and in application using coupons, storage for one coupon is also reduced 80 bits, whereas the circuit size is estimated to be larger by only 335 gates. Hence, we believe that the new scheme is a perfect solution for fast authentication of RFID tags.
Scientific journal, English - Power Analysis against a DPA-Resistant S-Box Implementation Based on the Fourier Transform
Yang Li; Kazuo Sakiyama; Shinichi Kawamura; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E94A, 1, 191-199, Jan. 2011, Peer-reviwed, This paper shows two power analysis attacks against a software implementation of a first-order DPA resistant S-box algorithm that is based on the discrete Fourier Transform (DFT). The DPA resistant S-box algorithm based on DFT was proposed by Prouff et al. in 2006 and improved by Coron et al. in 2008, respectively. In our attacks against the improved one, we pre-process the power traces by separating them into two subgroups, so that each has a biased mask. For the separated power traces, two post analysis methods are proposed to identify the key. One is based on DPA attack against one subgroup, and the other utilizes the difference of means for two subgroups and a pattern matching. Finally, we compare these two attack methods and propose an algorithm-level countermeasure to enhance the security of S-box calculation based on the DFT.
Scientific journal, English - New Approach of Super-Sbox Analysis on AES-Based Permutations: Applications to ECHO and Grøstl
Yu Sasaki; Li Yang; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
Advances in Cryptology -- ASIACRYPT'10, LNCS 6477, Springer-Verlag, 38-55, Dec. 2010, Peer-reviwed
International conference proceedings, English - Cryptanalysis of Two MD5-Based Authentication Protocols: APOP and NMAC
Lei Wang; Kazuo Ohta; Yu Sasaki; Kazuo Sakiyama; Noboru Kunihiro
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E93D, 5, 1087-1095, May 2010, Peer-reviwed, Many hash-based authentication protocols have been proposed, and proven secure assuming that underlying hash functions are secure. On the other hand, if a hash function compromises, the security of authentication protocols based on this hash function becomes unclear. Therefore, it is significantly important to verify the security of hash-based protocols when a hash function is broken.
In this paper, we will re-evaluate the security of two MD5-based authentication protocols based on a fact that MD5 cannot satisfy a required fundamental property named collision resistance. The target protocols are APOP (Authenticated Post Office Protocol) and NMAC (Nested Message Authentication Code), since they or their variants are widely used in real world. For security evaluation of APOP, we will propose a modified password recovery attack procedure, which is twice as fast as previous attacks. Moreover, our attack is more realistic, as the probability of being detected is lower than that of previous attacks. For security evaluation of MD5-based NMAC, we will propose a new key-recovery attack procedure, which has a complexity lower than that of previous attack. The complexity of our attack is 2(76), while that of previous attack is 2(100).**Moreover, our attack has another interesting point. NMAC has two keys: the inner key and the outer key. Our attack can recover the outer key partially without the knowledge of the inner key.
Scientific journal, English - Improving Efficiency of an 'On the Fly' Identification Scheme by Perfecting Zero-Knowledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
TOPICS IN CRYPTOLOGY - CT-RSA 2010, PROCEEDINGS, SPRINGER-VERLAG BERLIN, 5985, Springer-Verlag, 284-+, 2010, Peer-reviwed, We present a new methodology for constructing an efficient identification scheme, and based on it, we propose a lightweight identification scheme whose computational and storage costs are sufficiently low even for cheap devices such as RFID tags. First, we point out that the efficiency of a scheme with statistical zero-knowledgeness can be significantly improved by enhancing its zero-knowledgeness to perfect zero-knowledge. Then, we apply this technique to the Girault-Poupard-Stern (GPS) scheme which has been standardized by ISO/IEC.
The resulting scheme shows a perfect balance between communication cost, storage cost, and circuit size (computational cost), which are crucial factors for implementation on RFID tags. Compared to GPS, the communication and storage costs are reduced, while the computational cost is kept sufficiently low so that it is implementable on a circuit nearly as small as GPS. Under standard parameters, the prover's response is shortened 80 bits from 275 bits to 195 bits and in application using coupons, storage for one coupon is also reduced 80 bits, whereas the circuit size is estimated to be larger by only 328 gates. Hence, we believe that the new scheme is a perfect solution for fast authentication of RFID tags.
International conference proceedings, English - Improved Countermeasure against Address-bit DPA for ECC Scalar Multiplication
Masami Izumi; Jun Ikegami; Kazuo Sakiyama; Kazuo Ohta
2010 DESIGN, AUTOMATION & TEST IN EUROPE (DATE 2010), IEEE, 981-984, 2010, Peer-reviwed, Messerges, Dabbish and Sloan proposed a DPA attack which analyzes the address values of registers [1]. This attack is called the Address-bit DPA (ADPA) attack. As countermeasures against ADPA, Itoh, Izu and Takenaka proposed algorithms that randomizes address bits [2]. In this paper, we point out that one of their countermeasures has vulnerability even if the address bits are uniformly randomized. When a register is overwritten by the same data as one stored in the register during a data move process, the power consumption is lower than the case of being overwritten by the different data. This fact enables us to separate the power traces. As a result, in the case of the algorithm proposed in [2], we could invalidate the randomness of the random bits and perform ADPA to retrieve a secret key. Moreover, for the purpose of overcoming the vulnerability, we propose a new countermeasure algorithm.
International conference proceedings, English - Power Variance Analysis Breaks a Masked ASIC Implementation of AES
Yang Li; Kazuo Sakiyama; Lejla Batina; Daisuke Nakatsu; Kazuo Ohta
2010 DESIGN, AUTOMATION & TEST IN EUROPE (DATE 2010), IEEE, 1059-1064, 2010, Peer-reviwed, To obtain a better trade-off between cost and security, practical DPA countermeasures are not likely to deploy full masking that uses one distinct mask bit for each signal. A common approach is to use the same mask on several instances of an algorithm. This paper proposes a novel power analysis method called Power Variance Analysis (PVA) to reveal the danger of such implementations. PVA uses the fact that the side-channel leakage of parallel circuits has a big variance when they are given the same but random inputs. This paper introduces the basic principle of PVA and a series of PVA experiments including a successful PVA attack against a prototype RSL-AES implemented on SASEBO-R.
International conference proceedings, English - Prototyping platform for performance evaluation of SHA-3 candidates
Kazuyuki Kobayashi; Jun Ikegami; Miroslav Kneževíc; Eric Xu Guo; Shin'ichiro Matsuo; Sinan Huang; Leyla Nazhandali; Ünal Kocabaş; Junfeng Fan; Akashi Satoh; Ingrid Verbauwhede; Kazuo Sakiyama; Kazuo Ohta
Proceedings of the 2010 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2010, 60-63, 2010, Peer-reviwed, The objective of the SHA-3 NIST competition is to select, from multiple competing candidates, a standard algorithm for cryptographic hashing. The selected winner must have adequate cryptographic properties and good implementation characteristics over a wide range of target platforms, including both software and hardware. Performance evaluation in hardware is particularly challenging because of the large design space, wide range of target technologies, and multitude of optimization criteria. We describe the efforts of three research groups to evaluate SHA-3 candidates using a common prototyping platform. Using a SASEBO-GII FPGA board as a starting point, we evaluate the performance of the 14 remaining SHA-3 candidates with respect to area, throughput, and power consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specifications for the SHA-3 module on the SASEBO testing board. ©2010 IEEE.
International conference proceedings, English - Fault Sensitivity Analysis
Yang Li; Kazuo Sakiyama; Shigeto Gomisawa; Toshinori Fukunaga; Junko Takahashi; Kazuo Ohta
CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2010, SPRINGER-VERLAG BERLIN, 6225, Springer-Verlag, 320-+, 2010, Peer-reviwed, This paper proposes a new fault-based attack called the Fault Sensitivity Analysis (FSA) attack, which unlike most existing fault-based analyses including Differential Fault Analysis (DFA) does not use values of faulty ciphertexts. Fault sensitivity means the critical condition when a faulty output begins to exhibit some detectable characteristics, e.g., the clock frequency when fault operation begins to occur. We explain that the fault sensitivity exhibits sensitive-data dependency and can be used to retrieve the secret key. This paper presents two practical FSA attacks against two AES hardware implementations on SASEBO-R, PPRM1-AES and WDDL-AES. Different from previous work, we show that WDDL-AES is not perfectly secure against setup-time violation attacks. We also discuss a masking technique as a potential countermeasure against the proposed fault-based attack.
International conference proceedings, English - Non-full-active Super-Sbox Analysis: Applications to ECHO and Grostl
Yu Sasaki; Yang Li; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
ADVANCES IN CRYPTOLOGY - ASIACRYPT 2010, SPRINGER-VERLAG BERLIN, 6477, Springer-Verlag, 38-+, 2010, Peer-reviwed, In this paper, we present non-full-active Super-Sbox analysis which can detect non-ideal properties of a class of AES-based permutations with a low complexity. We apply this framework to SHA-3 round-2 candidates ECHO and Grostl. The first application is for the full-round (8-round) ECHO permutation, which is a building block for 256-bit and 224-bit output sizes. By combining several observations specific to ECHO, our attack detects a non-ideal property with a time complexity of 2(182) and 2(37) amount of memory. The complexity, especially in terms of the product of time and memory, is drastically reduced from the previous best attack which required 2(512) x 2(512). Note that this result does not impact the security of the ECHO compression function nor the overall hash function. We also show that our method can detect non-ideal properties of the 8-round Grostl-256 permutation with a practical complexity, and finally show that our approach improves a semi-free-start collision attack on the 7-round Grostl-512 compression function. Our approach is based on a series of attacks on AES-based hash functions such as rebound attack and Super-Sbox analysis. The core idea is using a new differential path consisting of only non-full-active states.
International conference proceedings, English - On Clock-Based Fault Analysis Attack for an AES Hardware Using RSL
Kazuo Sakiyama; Kazuo Ohta
IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES, IEICE-INST ELECTRONICS INFORMATION COMMUNICATIONS ENG, E93A, 1, 172-179, Jan. 2010, Peer-reviwed, As one of the logic-level countermeasures against DPA (Differential Power Analysis) attacks, Random Switching Logic (RSL) was proposed by Suzuki, Sacki and Ichikawa in 2004 [9]. The RSL technique was applied to AES hardware and a prototype chip was implement with a 0.13-mu m standard CMOS library for evaluating the DPA resistance [10]. Although the main purpose of using RSL is to resist the DPA attacks, our experimental results of Clock-based Fault Analysis (CFA) show that one can reveal the secret information from the prototype chip. This paper explains the mechanism of the CFA attack and discusses the reason for the success of the attack against a prototype implementation of AES with RSL (RSL-AES). Furthermore, we consider an ideal RSL-AES implementation that counteracts the CFA attacks.
Scientific journal, English - A New Approach for Implementing the MPL Method toward Higher SPA Resistance
Masami Izumi; Kazuo Sakiyama; Kazuo Ohta
2009 INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY (ARES), VOLS 1 AND 2, IEEE, 181-186, 2009, Peer-reviwed, Recent years, the information security is emphasized with a development of Internet systems. In. the measures as securing digital information, there are cryptosystems that protect secrecy of digital documents and digital signature scheme that ensure validity of digital documents. In. the case of reality, i.e. hardware devices are used in cryptosystems, there is a possibility, that secret information leaks via side-channel. Simple Power Analysis (SPA) attacks are one of the side-channel attacks. To prevent a SPA, one of the side-channel attacks, the Montgomery Powering Ladder (MPL) method has been considered as one of the countermeasures. In this paper we show that a naive implementation of the MPL method is vulnerable for SPA attacks by observing the power consumption of the controller block of the RSA hardware. Furthermore, in order to avoid such information leakage, we propose a new hardware architecture for RSA using the MPL method to enhance SPA resistance.
International conference proceedings, English - Fault Analysis Attack against an AES Prototype Chip Using RSL
Kazuo Sakiyama; Tatsuya Yagi; Kazuo Ohta
TOPICS IN CRYPTOLOGY - CT-RSA 2009, PROCEEDINGS, SPRINGER-VERLAG BERLIN, 5473, Springer-Verlag, 429-443, 2009, Peer-reviwed, This paper reports a successful Fault Analysis (FA) attack against a prototype AES (Advanced Encryption Standard) hardware implementation using a logic-level countermeasure called Random Switching Logic (RSL). The idea of RSL was proposed as one of the most effective countermeasures for preventing Differential Power Analysis (DPA) attacks. The RSL technique was applied to AES and a prototype ASIC was implement with a 0.13-mu m standard CMOS library. Although the main purpose of using RSL is to enhance the DPA resistance, our evaluation results for the ASIC reveal that the DPA countermeasure of RSL can negatively affect the resistance against FA attacks. We show that the circuits using RSL has a potential vulnerability against F A attacks by increasing the clock frequency.
International conference proceedings, English - Bit-Free Collision: Application to APOP Attack
Lei Wang; Yu Sasaki; Kazuo Sakiyama; Kazuo Ohta
ADVANCES IN INFORMATION AND COMPUTER SECURITY, PROCEEDINGS, SPRINGER-VERLAG BERLIN, 5824, Springer-Verlag, 3-21, 2009, Peer-reviwed, Thus paper proposes a new variant of collisions oil hash functions named bit-free collision, which can be applied to reduce the number of chosen challenges ill password recovery attacks oil hash-based challenge and response protocols, such as APOP (Authentication Post Office Protocol). Ill all previous APOP attacks, the attacker needs to impersonate the server and to send poisoned chosen challenges to the user. Impersonating the Server takes a risk that the user may find out lie is being attacked Hence, it is important for the attacker to reduce the number of impersonation ill order to lower the probability that the attack will be detected. To achieve this, reducing the number of chosen challenges is necessary This paper is the first approach to improve previous APOP attacks based oil this observation to our best knowledge With t-bit-free collisions presented in this paper, the number of chosen challenges to recover each password character Call be reduced by approximately a factor of 2(t). Though our attack utilizing t-bit-free collisions needs higher offline complexity than previous attacks, the offline computation call be finished ill practical time, if the attacker call obtain reasonable computation power Ill this research, we generate I.-bit-free collisions oil MD5 practically As a result, the number of challenges for password recovery attacks oil real APOP is approximately half reduced. Of independent interest, we apply the bit-free-collision attack oil a simpler hash function MD4, and show that 3-bit-free collisions call be generated practically.
International conference proceedings, English - Security Evaluation of a DPA-Resistant S-Box Based on the Fourier Transform
Yang Li; Kazuo Sakiyama; Shinichi Kawamura; Yuichi Komano; Kazuo Ohta
INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, SPRINGER-VERLAG BERLIN, 5927, Springer-Verlag, 3-+, 2009, Peer-reviwed, At CHES 2006. Prouff et al proposed a novel S-box calculation based on the discrete Fourier transform as a first-order DPA countermeasure At CHES 2008, Coron et al. showed that the original countermeasure can be broken by first-order DPA due to a biased mask and they proposed an improved algorithm This paper shows that there is still a flaw in the Colon's S-box algorithm with respect to a practical software implementation We pie-process the power traces to separate them into two subgroups. each has a biased mask For the separated power traces, we propose two post analysis methods to identify the key One is based on CPA attack against one subgroup. and the other is utilizing the difference of means for two subgroups and a pattern matching. Finally, we compare these two attack methods and propose an algorithm level countermeasure to enhance the security of Coron's S-box
International conference proceedings, English - Elliptic-curve-based security processor for RFID
Yong Ki Lee; Kazuo Sakiyama; Lejla Batina; Ingrid Verbauwhede
IEEE TRANSACTIONS ON COMPUTERS, IEEE COMPUTER SOC, 57, 11, 1514-1527, Nov. 2008, Peer-reviwed, Radio Frequency IDentification (RFID) tags need to include security functions, yet at the same time, their resources are extremely limited. Moreover, to provide privacy, authentication, and protection against tracking of RFID tags without losing the system scalability, a public-key-based approach is inevitable. In this paper, we present an architecture of a state-of-the-art processor for RFID tags with an Elliptic Curve (EC) processor over GF(2(163)). It shows the plausibility of meeting both security and efficiency requirements even in a passive RFID tag. The proposed processor is able to perform EC scalar multiplications and general modular arithmetic (additions and multiplications), which are needed for the cryptographic protocols. As we work with large numbers, the register file is the most critical component in the architecture. By combining several techniques, we are able to reduce the number of registers from nine to six in the EC processor. To obtain an efficient modulo arithmetic, we introduce a redundant modular operation. Moreover, the proposed architecture can support multiple cryptographic protocols. The synthesis results with a 0.13-mu m CMOS technology show that the gate area of the most compact version is 12.5 Kgates.
Scientific journal, English - Elliptic curve cryptography on embedded multicore systems
Junfeng Fan; Kazuo Sakiyama; Ingrid Verbauwhede
DESIGN AUTOMATION FOR EMBEDDED SYSTEMS, SPRINGER, 12, 3, 231-242, Sep. 2008, Peer-reviwed, The increasing use of network-connected embedded devices and online transactions creates a growing demand of network security for embedded systems. The security requirements, such as authentication, confidentiality and integrity, always make computationally intensive processes and can easily become the bottleneck of the related applications. In this paper we implement Elliptic Curve Cryptography (ECC) (Miller in Lecture Notes in Computer Science, vol. 218, pp. 417-426, 1985; Koblitz in Math. Comput. 48:203-209, 1987) on an embedded multicore system, and explore the task scheduling methods in different levels. First, we propose an instruction scheduling method that utilizes all the cores to perform one modular operation in parallel. Second, we perform multiple modular operations with multiple cores in parallel. The performance of those two implementations is compared and a scheduling method combining these two types of parallelism is proposed. We discuss the details of our proposed method by using an FPGA implementation of ECC over a prime field.
Scientific journal, English - Does The Montgomery Powering Ladder Method Really Offer SPA Resistance?
Masami Izumi; Kazuo Ohta; Kazuo Sakiyama
TriSAI 2008, 328-333, 2008
International conference proceedings, English - FPGA design for algebraic tori-based Public-Key Cryptography
Junfeng Fan; Lejla Batina; Kazuo Sakiyama; Ingrid Verbauwhede
2008 DESIGN, AUTOMATION AND TEST IN EUROPE, VOLS 1-3, IEEE, 1134-1139, 2008, Peer-reviwed, Algebraic torus-based cryptosystems are an alternative for Public-Key Cryptography (PKC). It maintains the security of a larger group while the actual computations are performed in a subgroup. Compared with RSA for the same security level, it allows faster exponentiation and much shorter bandwidth for the transmitted data. In this work we implement a torus-based cryptosystem, the so-called CEILIDH, on a multicore platform with an FPGA. This platform consists of a Xilinx MicroBlaze core and a multicore coprocessor The platform supports CEILIDH, RSA and ECC over prime fields. The results show that one 170-bit torus T(6) exponentiation requires 20 ms, which is 5 times faster than 1024-bit RSA implementation on the same platform.
International conference proceedings, English - On the High-Throughput Implementation of RIPEMD-160 Hash Algorithm
M. Knezevic; K. Sakiyama; Y. K. Lee; I. Verbauwhede
2008 INTERNATIONAL CONFERENCE ON APPLICATION-SPECIFIC SYSTEMS, ARCHITECTURES AND PROCESSORS, IEEE, 85-+, 2008, Peer-reviwed, In this paper we present two new architectures of the RIPEMD-160 hash algorithm for high throughput implementations. The first architecture achieves the iteration bound of RIPEMD-160, i.e. it achieves a theoretical upper bound on throughput at the micro-architecture level. The second architecture is designed by performing a gate level optimization and achieves a better performance than the first one at the cost of a larger gate area. Throughputs of 3.122 Gbps and 624 Mbps are achieved, with and without pipelining, respectively.
International conference proceedings, English - Modular reduction in GF(2(n)) without pre-computational phase
M. Knezevic; K. Sakiyama; J. Fan; I. Verbauwhede
ARITHMETIC OF FINITE FIELDS, PROCEEDINGS, SPRINGER-VERLAG BERLIN, 5130, Springer-Verlag, 77-87, 2008, Peer-reviwed, In this study we show how modular multiplication with Barrett and Montgomery reductions over certain finite fields of characteristic 2 can be implemented efficiently without using a pre-computational phase. We extend the set of moduli that is recommended by Standards for Efficient Cryptography (SEC) by defining two distinct sets for which either Barrett or Montgomery reduction is applicable. As the proposed algorithm is very suitable for a fast modular multiplication, we propose an architecture for the fast modular multiplier that can efficiently be used without pre-computing the inverse of the modulus.
International conference proceedings, English - HW/SW co-design for public-key cryptosystems on the 8051 micro-controller
K. Sakiyama; L. Batina; B. Preneel; I. Verbauwhede
COMPUTERS & ELECTRICAL ENGINEERING, PERGAMON-ELSEVIER SCIENCE LTD, 33, 5-6, 324-332, Sep. 2007, Peer-reviwed, it is a challenge to implement large word length public-key algorithms on embedded systems. Examples are smartcards, RF-ID tags and mobile terminals. This paper presents a HW/SW co-design solution for RSA and Elliptic Curve Cryptography (ECC) over GF(p) on a 12 MHz 8-bit 8051 micro-controller. The hardware coprocessor has a Modular Arithmetic Logic Unit (MALU) of which the digit size (c is variable. It can be adapted to the speed and bandwidth of the microcontroller to which it is connected. The HW/SW co-design space exploration is based on the GEZEL system-level design environment. It allows the designer to find the best performance-area combination for the digit size. As a case study of an FPGA prototyping, 160-bit ECC over GF(p) (ECC-160p) was implemented on Xilinx Virtex-11 PRO (XC2VP30). The results show that one point multiplication takes only 130ms including all communications between the 8051 and the coprocessor. The performance is 40 times faster than the most optimized SW implementation on a small CPU in literature. This is achieved by the HW/SW co-design exploration in order to find the optimized digit size of the MALU. On the other hand, the design of ECC-160p maintains a high level of flexibility by using coprocessor instructions. Our proposed architecture proves that HW/SW co-design provides a high performance close to ASIC solutions with a flexible feature of SW even on a small CPU. (C) 2007 Elsevier Ltd. All rights reserved.
Scientific journal, English - Multicore curve-based cryptoprocessor with reconfigurable modular arithmetic logic units over GF (2(n))
Kazuo Sakiyama; Lejla Batina; Bart Preneel; Ingrid Verbauwhede
IEEE TRANSACTIONS ON COMPUTERS, IEEE COMPUTER SOC, 56, 9, 1269-1282, Sep. 2007, Peer-reviwed, This paper presents a reconfigurable curve-based cryptoprocessor that accelerates scalar multiplication of Elliptic Curve Cryptography (ECC) and HyperElliptic Curve Cryptography (HECC) of genus 2 over GF(2(n)). By allocating alpha copies of processing cores that embed reconfigurable Modular Arithmetic Logic Units (MALUs) over GFd(2(n)), the scalar multiplication of ECC/HECC can be accelerated by exploiting Instruction-Level Parallelism (ILP). The supported field size can be arbitrary up to alpha(n + 1) - 1. The superscaling feature is facilitated by defining a single instruction that can be used for all field operations and point/divisor operations. In addition, the cryptoprocessor is fully programmable and it can handle various curve parameters and arbitrary irreducible polynomials. The cost, performance, and security trade-offs are thoroughly discussed for different hardware configurations and software programs. The synthesis results with a 0.13-mu m CMOS technology show that the proposed reconfigurable cryptoprocessor runs at 292 MHz, whereas the field sizes can be supported up to 587 bits. The compact and fastest configuration of our design is also synthesized with a fixed field size and irreducible polynomial. The results show that the scalar multiplication of ECC over GF(2(163)) and HECC over GF(2(83)) can be performed in 29 and 63 mu s, respectively.
Scientific journal, English - High-performance public-key cryptoprocessor for wireless mobile applications
Kazuo Sakiyama; Lejla Batina; Bart Preneel; Ingrid Verbauwhede
MOBILE NETWORKS & APPLICATIONS, SPRINGER, 12, 4, 245-258, Aug. 2007, Peer-reviwed, We present a high-speed public-key cryptoprocessor that exploits three-level parallelism in Elliptic Curve Cryptography (ECC) over GF(2(n)). The proposed cryptoprocessor employs a Parallelized Modular Arithmetic Logic Unit (P-MALU) that exploits two types of different parallelism for accelerating modular operations. The sequence of scalar multiplications is also accelerated by exploiting Instruction-Level Parallelism (ILP) and processing multiple P-MALU instructions in parallel. The system is programmable and hence independent of the type of the elliptic curves and scalar multiplication algorithms. The synthesis results show that scalar multiplication of ECC over GF(2(163)) on a generic curve can be computed in 20 and 16 mu s respectively for the binary NAF (Non-Adjacent Form) and the Montgomery method. The performance can be accelerated furthermore on a Koblitz curve and reach scalar multiplication of 12 mu s with the TNAF (tau-adic NAF) method. This fast performance allows us to perform over 80,000 scalar multiplications per second and to enhance security in wireless mobile applications.
Scientific journal, English - Reconfigurable modular arithmetic logic unit supporting high-performance RSA and ECC over GF(p)
K. Sakiyama; N. Mentens; L. Batina; B. Preneel; I. Verbauwhede
INTERNATIONAL JOURNAL OF ELECTRONICS, TAYLOR & FRANCIS LTD, 94, 5, 501-514, May 2007, Peer-reviwed, This paper presents a reconfigurable hardware architecture for public-key cryptosystems. By changing the connections of coarse grain carry-save adders (CSAs), the datapath provides high performance modular operations that call be used for both RSA and elliptic Curve cryptography (ECC). In addition, we introduce reconfigurable flip-flops in order to make an optimal choice of hardware resources. The proposed datapath is implemented with a 0.25-mu m complementary metal oxide semiconductor (CMOS) technology and on a field programmable gate array (FPGA). We compare the performance of modular exponentiation for RSA and scalar multiplication for ECC based on the prototype implementation. The results show that higher performance is obtained for ECC on the same hardware platform.
Scientific journal, English - Efficient Pipelining for Modular Multiplication Architectures in Prime Fields
Nele Mentens; Kazuo Sakiyama; Bart Preneel; Ingrid Verbauwhede
GLSVLSI'07: PROCEEDINGS OF THE 2007 ACM GREAT LAKES SYMPOSIUM ON VLSI, ASSOC COMPUTING MACHINERY, 534-539, 2007, Peer-reviwed, This paper presents a pipelined architecture of a modular Montgomery multiplier, which is suitable to be used in public key coprocessors. Starting from a baseline implementation of the Montgomery algorithm, a more compact pipelined version is derived. The design makes use of 16-bit integer multiplication blocks that are available oil recently manufactured FPGAs. The critical path is optimized by omitting the exact computation of intermediate results in the Montgomery algorithm using a 6-2 carry-save notation. This results in a high-speed architecture, which outperforms previously designed Montgomery multipliers. Because a very popular application of Montgomery multiplication is public key cryptography, we compare our implementation to the state-of-the-art in Montgomery multipliers on the basis of performance results for 1024-bit RSA.
International conference proceedings, English - Side-channel Resistant System-level Design Flow for Public-key Cryptography
Kazuo Sakiyama; Elke De Mulder; Bart Preneel; Ingrid Verbauwhede
GLSVLSI'07: PROCEEDINGS OF THE 2007 ACM GREAT LAKES SYMPOSIUM ON VLSI, ASSOC COMPUTING MACHINERY, 144-147, 2007, Peer-reviwed, In this paper, we propose a new design methodology to assess the risk for side-channel attacks, more specifically timing analysis and simple power analysis, at an early design stage. This method is illustrated with the design of an elliptic curve cryptographic processor. It also allows to evaluate the quality of countermeasures against these attacks by evaluating hamming distances for each signal and each register in a partial functional domain (e.g. datapath or controller). Thus a first order side-channel-resistant design can be obtained with system-level design in which the simulation can run faster than conventional HDL simulations.
International conference proceedings, English - Public-key cryptography on the top of a needle
Lejla Batina; Nele Mentens; Kazuo Sakiyarna; Bart Preneel; Ingrid Verbauwhede
2007 IEEE INTERNATIONAL SYMPOSIUM ON CIRCUITS AND SYSTEMS, VOLS 1-11, IEEE, 1831-1834, 2007, Peer-reviwed, This work describes the smallest known hardware implementation for Elliptic/Hyperelliptic Curve Cryptography (ECC/HECC). We propose two solutions for Public-key Cryptography (PKC), which are based on arithmetic on elliptic/hyperelliptic curves. One solution relies on ECC over binary fields F(2)n where n is a composite number of the form 2p (p is a prime) and another on HECC on curves of genus 2 over F(2p). This implies the same arithmetic unit for both cases which supports arithmetic in a field F(2p). Our best solution that still results in a feasible performance features less than 5 kgates with an average power consumption smaller than 10 mu W.
International conference proceedings, English - A side-channel attack resistant programmable PKC coprocessor for embedded applications
Nele Mentens; Kazuo Sakiyama; Lejla Batina; Bart Preneel; Ingrid Verbauwhede
IC-SAMOS: 2007 INTERNATIONAL CONFERENCE ON EMBEDDED COMPUTER SYSTEMS: ARCHITECTURES, MODELING AND SIMULATION, PROCEEDINGS, IEEE, 194-+, 2007, Peer-reviwed, This paper describes the design of a programmable coprocessor for Public Key Cryptography (PKC) on an FPGA. The implementation provides a very broad range of functions together with countermeasures against Side-Channel Analysis (SCA) attacks. The functions are implemented in a hierarchical manner, where all levels are accessible by the user. This makes the coprocessor very flexible and particularly suitable to be used in embedded environments where the border between hardware and software needs to be decided depending on the application. Especially for RSA, the resulting implementation on an XC3S5000 FPGA, from the low-cost Spartan series of XiIinx, shows comparable performance figures compared to the state-of-the-art in PKC coprocessors.
International conference proceedings, English - Montgomery modular multiplication algorithm on multi-core systems
Junfeng Fan; Kazuo Sakiyama; Ingrid Verbauwhede
2007 IEEE WORKSHOP ON SIGNAL PROCESSING SYSTEMS, VOLS 1 AND 2, IEEE, 261-266, 2007, Peer-reviwed, In this paper, we investigate the efficient software implementations of the Montgomery modular multiplication algorithm on a multi-core system. A HW/SW co-design technique is used to find the efficient system architecture and the instruction scheduling method. We first implement the Montgomery modular multiplication on a multi-core system with general purpose cores. We then speed up it by adopting the Multiply-Accumulate (MAC) operation in each core. As a result, the performance can be improved by a factor of 1.53 and 2.15 when 256-bit and 1024-bit Montgomery modular multiplication being performed, respectively.
International conference proceedings, English - HW/SW Co-design for Accelerating Public-key Cryptosystems over GF(p) on the 8051 μ-controller
Kazuo Sakiyama; Lejla Batina; Bart Preneel; Ingrid Verbauwhede
World Automation Congress (WAC'06), Special Session on Information Security and Hardware Implementations, 6 pages, Jul. 2006, Peer-reviwed
International conference proceedings, English - Reconfigurable modular arithmetic logic unit for high-performance Public-Key cryptosystems
K. Sakiyama; N. Mentens; L. Batina; B. Preneel; I. Verbauwhede
RECONFIGURABLE COMPUTING: ARCHITECTURES AND APPLICATIONS, SPRINGER-VERLAG BERLIN, 3985, Springer-Verlag, 347-357, 2006, Peer-reviwed, This paper presents a reconfigurable hardware architecture for Public-key cryptosystems. By changing the connections of coarse grain Carry-Save Adders (CSAs), the datapath provides a high performance for both RSA and Elliptic Curve Cryptography (ECC). In addition, we introduce another reconfigurability for the flip-flops in order to make the best of hardware resources. The results of FPGA implementation show that better performance is obtained for ECC on the same hardware platform.
Scientific journal, English - Fast dual-field modular arithmetic logic unit and its hardware implementation
Kazuo Sakiyama; Bart Preneel; Ingrid Verbauwhede
2006 IEEE INTERNATIONAL SYMPOSIUM ON CIRCUITS AND SYSTEMS, VOLS 1-11, PROCEEDINGS, IEEE, 787-+, 2006, Peer-reviwed, We propose a fast Modular Arithmetic Logic Unit (MALU) that is'scalable in the digit size (d) and the field size (k). The datapath of MALU has chains of Carry Save Adders (CSAs) to speed up the large integer arithmetic operations over GF(p) and GF(2(m)). It is well suited and very efficient for the modular multiplication and addi tion/su b traction which are the computational kernels of Elliptic Curve and Hyperelliptic Curve Cryptography (EUECC). While maintaining the scalability and multi-function, we obtain a throughput of 205 Mbps and 388 Mbps with a clock rate of 110 MHz for 256-bit GF(p) and GF(2(239)) respectively on FPGA prototyping.
International conference proceedings, English - A parallel processing hardware architecture for Elliptic Curve Cryptosystems
Kazuo Sakiyama; Elke De Mulder; Bart Preneel; Ingrid Verbauwhede
2006 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING, VOLS 1-13, IEEE, 3355-3358, 2006, Peer-reviwed, We propose a parallel processing crypto-processor for Elliptic Curve Cryptography (ECC) to speed tip EC point multiplication. The processor consists of a controller that dynamically checks instruction-level parallelism (ILP) and multiple sets of modular arithmetic logic units accelerating modular operations. A case study of HW design with the proposed architecture shows that EC point multiplication over GF(p) and GF(2(m)) can be improved by a factor of 1.6 compared to the case of using single processing element.
International conference proceedings, English - <bold>FPGA-ORIENTED SECURE DATA PATH DESIGN: IMPLEMENTATION OF A PUBLIC KEY COPROCESSOR</bold>
Nele Mentens; Kazuo Sakiyama; Lejla Batina; Ingrid Verbauwhede; Bart Preneel
2006 INTERNATIONAL CONFERENCE ON FIELD PROGRAMMABLE LOGIC AND APPLICATIONS, PROCEEDINGS, IEEE, 133-138, 2006, Peer-reviwed, This paper introduces a secure FPGA implementation of a coprocessor for public key cryptography. It supports Elliptic Curve Cryptography (ECC) as well as the older RSA standard. When choosing adequate key lengths, RSA and ECC are assumed to be secure from an algorithmic point of view. On the other hand, an implementation of these algorithms should also guarantee side-channel security. This feature does not only cause an inevitable performance degradation, but also an area increase. We overcome these drawbacks by fitting the public key architecture and algorithms into a coprocessor that optimally exploites the dedicated features on a Spartan XC3S4000. Although this is a very low-cost FPGA, the performance results of our implementation meet the requirements of a broad range of high-end applications.
International conference proceedings, English - Reconfigurable architectures for curve-based cryptography on embedded micro-controllers
Leila Batina; Alireza Hodjat; David Hwang; Kazuo Sakiyama; Ingrid Verbauwhede
2006 INTERNATIONAL CONFERENCE ON FIELD PROGRAMMABLE LOGIC AND APPLICATIONS, PROCEEDINGS, IEEE, 667-670, 2006, Peer-reviwed, This paper discusses architectures for embedded security to enable various cryptographic services at low cost. To realize the large bit-lengths and complex arithmetic on an 8-bit embedded micro-controller, several hardware acceleration options for Elliptic and Hyperelliptic Curve Cryptography (ECC and BECC) are studied and systematically evaluated. Two key factors influence the performance: one is the communication interface i.e. I/O transfers between processor and co-processor and the other one is the boundary between hardware and software. Our experiments are run on an 8051 and an AVR micro-controller with the crypto co-processors implemented on a FPGA.
International conference proceedings, English - Low-cost elliptic curve cryptography for wireless sensor networks
Lejla Batina; Nele Mentens; Kazuo Sakiyama; Bart Preneel; Ingrid Verbauwhede
SECURITY AND PRIVACY IN AD-HOC AND SENSOR NETWORKS, SPRINGER-VERLAG BERLIN, 4357, Springer-Verlag, 6-+, 2006, Peer-reviwed, This work describes a low-cost Public-Key Cryptography work describes a low-cost Public-Key Cryptography (PKC) based solution for security services such as key-distribution and authentication as required for wireless sensor networks. We propose a custom hardware assisted approach to implement Elliptic Curve Cryptography (ECC) in order to obtain stronger cryptography as well as to minimize the power. Our compact and low-power ECC processor contains a Modular Arithmetic Logic Unit (MALU) for ECC field arithmetic. The best solution features 6718 gates for the MALU and control unit (data memory not included) in 0.13 mu m CMOS technology over the field F(2)131, which provides a reasonable level of security for the time being. In this case the consumed power is less than 30 mu W when operating frequency is 500 kHz.
International conference proceedings, English - Superscalar coprocessor for high-speed curve-based cryptography
K. Sakiyama; L. Batina; B. Preneel; I. Verbauwhede
CRYPTOGRAPHIC HARDWARE AND EMBEDDED SYSTEMS - CHES 2006, PROCEEDINGS, SPRINGER-VERLAG BERLIN, 4249, Springer-Verlag, 415-429, 2006, Peer-reviwed, We propose a superscalar coprocessor for high-speed curvebased cryptography. It accelerates scalar multiplication by exploiting instruction-level parallelism (ILP) dynamically and processing multiple instructions in parallel. The system-level architecture is designed so that the coprocessor can fully utilize the superscalar feature. The implementation results show that scalar multiplication of Elliptic Curve Cryptography (ECC) over GF(2(163)), Hyperelliptic Curve Cryptography (HECC) of genus 2 over GF(2(83)) and ECC over a composite field, GF((2(83))(2)) can be improved by a factor of 1.8, 2.7 and 2.5 respectively compared to the case of a basic single-scalar architecture. This speed-up is achieved by exploiting parallelism in curve-based cryptography. The coprocessor deals with a single instruction that can be used for all field operations such as multiplications and additions. In addition, this instruction only allows one to compute point/divisor operations. Furthermore, we provide also a fair comparison between the three curve-based cryptosystems.
Scientific journal, English - Efficient and secure fingerprint verification for embedded devices
Shenglin Yang; Kazuo Sakiyama; Ingrid Verbauwhede
EURASIP JOURNAL ON APPLIED SIGNAL PROCESSING, HINDAWI PUBLISHING CORP, 2006, 1-11, 2006, Peer-reviwed, This paper describes a secure and memory-efficient embedded fingerprint verification system. It shows how a fingerprint verification module originally developed to run on a workstation can be transformed and optimized in a systematic way to run real-time on an embedded device with limited memory and computation power. A complete fingerprint recognition module is a complex application that requires in the order of 1000 M unoptimized floating-point instruction cycles. The goal is to run both the minutiae extraction and the matching engines on a small embedded processor, in our case a 50 MHz LEON-2 softcore. It does require optimization and acceleration techniques at each design step. In order to speed up the fingerprint signal processing phase, we propose acceleration techniques at the algorithm level, at the software level to reduce the execution cycle number, and at the hardware level to distribute the system work load. Thirdly, a memory trace map-based memory reduction strategy is used for lowering the system memory requirement. Lastly, at the hardware level, it requires the development of specialized coprocessors. As results of these optimizations, we achieve a 65% reduction on the execution time and a 67% reduction on the memory storage requirement for the minutiae extraction process, compared against the reference implementation. The complete operation, that is, fingerprint capture, feature extraction, and matching, can be done in real-time of less than 4 seconds.
Scientific journal, English - Embedded Software Integration for Coarse-grain Reconfigurable Systems
Patrick Schaumont; Kazuo Sakiyama; Alireza Hodjat; Ingrid Verbauwhede
IEEE 18th International Parallel and Distributed Processing Symposium (IPDPS'04), 137-142, Apr. 2004, Peer-reviwed
International conference proceedings, English - Finding the best system design flow for a high-speed JPEG encoder
K Sakiyama; PR Schaumont; IM Verbauwhede
ASP-DAC 2003: PROCEEDINGS OF THE ASIA AND SOUTH PACIFIC DESIGN AUTOMATION CONFERENCE, IEEE, 577-578, 2003, Peer-reviwed, 26 students at the University of California, Los Angeles (UCLA) studied system level design methodologies through the design of a high-speed JPEG encoder. The results produced by 5 different design flows onto various target platforms demonstrate the high impact of tools on design quality.
International conference proceedings, English - Teaching trade-offs in system-level design methodologies
K Sakiyama; P Schaumont; D Hwang; Verbauwhede, I
2003 IEEE INTERNATIONAL CONFERENCE ON MICROELECTRONIC SYSTEMS EDUCATION, PROCEEDINGS, IEEE COMPUTER SOC, 62-63, 2003, Peer-reviwed, This paper summarizes two graduate-level class projects in EE201A/EEE298 (VLSI Architectures and Design Methods) at the University of California, Los Angeles (UCLA). The purpose of the class is to explore the impact of system-level optimization for various target platforms using EDA.
International conference proceedings, English - Design flow for HW/SW acceleration transparency in the thumbpod secure embedded system
D Hwang; P Schaumont; Y Fan; A Hodjat; BC Lai; K Sakiyama; SL Yang; Verbauwhede, I
40TH DESIGN AUTOMATION CONFERENCE, PROCEEDINGS 2003, ASSOC COMPUTING MACHINERY, 60-65, 2003, Peer-reviwed, This paper describes a case study and design flow of a secure embedded system called ThumbPod, which uses cryptographic and biometric signal processing acceleration. It presents the concept of HW/SW acceleration transparency, a systematic method to accelerate Java functions in both software and hardware. An example of acceleration transparency for a Rijndael encryption function is presented. The embedded prototype hardware platform is also described. Acceleration transparency yields software and hardware performance gains of 333X.
International conference proceedings, English - Testing ThumbPod: Softcore bugs are hard to find
P Schaumont; K Sakiyama; Y Fan; D Hwang; S Yang; A Hodjat; B Lai; Verbauwhede, I
EIGHTH IEEE INTERNATIONAL HIGH-LEVEL DESIGN VALIDATION AND TEST WORKSHOP, PROCEEDINGS, IEEE, 77-82, 2003, Peer-reviwed, We present the debug and test strategies used in the ThumbPod system for Embedded Fingerprint Authentication. ThumbPod uses multiple levels of programming (Java, C and hardware) with a hierarchy of programmable architectures (KVM on top of a SPARC core on top of an FPGA). The ThumbPod project teamed up seven graduate students in the concurrent development and verification of all these programming layers. We pay special attention to the strengths and weaknesses of our bottom-up testing approach.
International conference proceedings, English - A compact and efficient fingerprint verification system for secure embedded devices
SL Yang; K Sakiyama; IM Verbauwhede
CONFERENCE RECORD OF THE THIRTY-SEVENTH ASILOMAR CONFERENCE ON SIGNALS, SYSTEMS & COMPUTERS, VOLS 1 AND 2, IEEE, 2058-2062, 2003, Peer-reviwed, Creating a biometric verification system in a resource-constrained embedded environment is a challenging problem. This paper describes an efficient fingerprint verification module, which is part of an embedded device called ThumbPod. The whole fingerprint verification algorithm runs on a 50MHz fixed-point processor. As the result of our SW/HW optimizations, we achieve 55.6% and 60.0% execution time reduction for the minutiae extraction and the matching, respectively, compared to a traditional implementation reference. The complete process finishes in less than 5 seconds.
International conference proceedings, English - ZnF2:Gd thin film electroluminescent device
YJ Cho; T Hirakawa; K Sakiyama; H Okamoto; Y Hamakawa
APPLIED SURFACE SCIENCE, ELSEVIER SCIENCE BV, 113, 1997, 705-708, Apr. 1997, Peer-reviwed, ZnF2:Gd thin-film electroluminescent (EL) devices are known to emit intense ultraviolet (UV) light of a spectrum peaking at 311.5 nm, due to the P-6(7/2)-S-8(7/2) transition of Gd3+ ion. The UV emission is utilized as the excitation source for blue-emitting phosphors, realizing blue-emitting EL/PL hybrid device. Through a systematic optimization of UV emitting EL device as well as the phosphor materials, a maximum luminance of 10 cd/m(2) and a maximum efficiency of 0.015 lm/W have been achieved to the EL/PL hybrid device. Full color emission devices using red, green and blue phosphors are also reported.
Scientific journal, English - ZnF2: Gd thin film electroluminescent device
Young-Jae Cho; Takasi Hirakawa; Kazuo Sakiyama; Hiroaki Okamoto; Yoshihiro Hamakawa
Applied Surface Science, Elsevier, 113-114, 705-708, 1997, Peer-reviwed, ZnF2:Gd thin-film electroluminescent (EL) devices are known to emit intense ultraviolet (UV) light of a spectrum peaking at 311.5 nm, due to the 6P7/2-8S7/2 transition of Gd3+ ion. The UV emission is utilized as the excitation source for blue-emitting phosphors, realizing blue-emitting EL/PL hybrid device. Through a systematic optimization of UV emitting EL device as well as the phosphor materials, a maximum luminance of 10 cd/m2 and a maximum efficiency of 0.015 lm/W have been achieved to the EL/PL hybrid device. Full color emission devices using red, green and blue phosphors are also reported.
Scientific journal, English - EL/PL hybrid device enhanced by UV emission from ZnF2:Gd thin film electroluminescence
Young-Jae Cho; Takashi Hirakawa; Kazuo Sakiyama; Hiroaki Okamoto; Yoshihiro Hamakawa
Journal of the Korean Physical Society, 30, 1997, S65-S68, Jan. 1997, Peer-reviwed
Scientific journal, English - ZnF2:Gd UV Emitting Electroluminescent Device
Young-Jae Cho; Takashi Hirakawa; Kazuo Sakiyama; Hiroaki Okamoto; Yoshihiro Hamakawa
8th International Workshop on Electroluminescence; in "Inorganic and Organic Electroluminescence," eds. R. Mauch and H.-E. Gumlich (Wissenschaft und Technik Verlag, 347-350, Aug. 1996, Peer-reviwed
International conference proceedings, English
MISC
- 軽量暗号Asconの実装性能に関する調査及び評価
崎山 一男
Sep. 2023, CRYPTREC外部評価報告書, Japanese, Technical report - 軽量暗号の実装性能に関する調査及び評価(NIST軽量暗号コンペティションファイナリスト)
崎山 一男
Dec. 2022, CRYPTREC外部評価報告書, Technical report - 組込機器のセキュリティを脅かすレーザーフォールト攻撃
菅原健; 崎山一男
Jun. 2019, レーザー学会誌, 77, 6, 305-309, Japanese, Introduction other - レーザーフォールト攻撃対策である電源遮断回路実装時のサイドチャネル耐性評価
郡 義弘; 藤本大介; 林 優一; 三浦典之; 永田 真; 崎山一男
Mar. 2018, Summary national conference - A-7-13 Security Evaluation of Double Arbiter PUF Using Deep Learning
Yashiro Risa; Machida Takanori; Iwamoto Mitsugu; Sakiyama Kazuo
The Institute of Electronics, Information and Communication Engineers, 01 Mar. 2016, Proceedings of the IEICE Engineering Sciences Society/NOLTA Society Conference, 2016, 99-99, Japanese, 2189-700X, 110010023138, AA12732012 - Faster Implementation Idea of Pairing Hardware with Parallel RNS Architecture
Daisuke Fujimoto; Tadanori Teruya; Kazuo Sakiyama; Naofumi Homma; Makoto Ikeda; Makoto Nagata; Tsutomu Matsumoto
Jan. 2016, 2016 Symposium on Cryptography and Information Security, 2016, 2C4-3, Japanese - Security of Block Ciphers: From Algorithm Design to Hardware Implementation
Kazuo Sakiyama; Yu Sasaki; Yang Li
A comprehensive evaluation of information security analysis spanning the intersection of cryptanalysis and side-channel analysis Written by authors known within the academic cryptography community, this book presents the latest developments in current research Unique in its combination of both algorithmic-level design and hardware-level implementation
this all-round approach - algorithm to implementation - covers security from start to completion Deals with AES (Advanced Encryption standard), one of the most used symmetric-key ciphers, which helps the reader to learn the fundamental theory of cryptanalysis and practical applications of side-channel analysis., John Wiley and Sons Ltd, 24 Jul. 2015, Security of Block Ciphers: From Algorithm Design to Hardware Implementation, 1-295, English, Others, 84949883783 - Consideration on Side-Channel Information Toward Authentication
MATSUBARA Arisa; LI Yang; HAYASHI Yu-ichi; SAKIYAMA Kazuo
Recently, authentication using near field communication is widely spread for entrance and exit control and electronic money systems. However a threat of relay attack is often pointed out. Relay attack enables an attacker to camouflage the location by developing another communication channel instead of the legitimate one. In this paper, we propose an authentication method using side-channel information, and verify the usability of it based on fundamental experiments. When a cryptographic device is working, side-channel information is leaked as a power consumption and an electromagnetic wave, which is unique information depending on secret key. Utilizing such uniqueness for communication between prover and verifier, we aim at realizing an efficient distance bounding mechanism in the RFID-based authentication system., The Institute of Electronics, Information and Communication Engineers, 03 Jul. 2014, IEICE technical report. Social Implications of Technology and Information Ethics, 114, 116, 1-8, Japanese, 0913-5685, 110009945623, AA11651731 - Consideration on Side-Channel Information Toward Authentication
Arisa Matsubara; Yang LI; Yu-ichi Hayashi; Kazuo Sakiyama
Recently, authentication using near field communication is widely spread for entrance and exit control and electronic money systems. However a threat of relay attack is often pointed out. Relay attack enables an attacker to camouflage the location by developing another communication channel instead of the legitimate one. In this paper, we propose an authentication method using side-channel information, and verify the usability of it based on fundamental experiments. When a cryptographic device is working, side-channel information is leaked as a power consumption and an electromagnetic wave, which is unique information depending on secret key. Utilizing such uniqueness for communication between prover and verifier, we aim at realizing an efficient distance bounding mechanism in the RFID-based authentication system., Information Processing Society of Japan (IPSJ), 26 Jun. 2014, IPSJ SIG Notes, 2014, 1, 1-8, Japanese, 0919-6072, 110009804637, AA11235941 - Practical DFA Strategy for AES Under Limited-access Conditions
Kazuo Sakiyama; Yang Li; Shigeto Gomisawa; Yu-ichiHayashi; Mitsugu Iwamoto; Naofumi Homma; Takafumi Aoki; Kazuo Ohta
Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remote-fault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.22(2014) No.2 (online)DOI http://dx.doi.org/10.2197/ipsjjip.22.142------------------------------Secret data in embedded devices can be revealed by injecting computational faults using the fault analysis attacks. The fault analysis researches on a cryptographic implementation by far first assumed a certain fault model, and then discussed the key recovery method under some assumptions. We note that a new remote-fault injection method has emerged, which is threatening in practice. Due to its limited accessibility to cryptographic devices, the remote-fault injection, however, can only inject uncertain faults. In this surroundings, this paper gives a general strategy of the remote-fault attack on the AES block cipher with a data set of faulty ciphertexts generated by uncertain faults. Our method effectively utilizes all the information from various kinds of faults, which is more realistic than previous researches. As a result, we show that it can provide a decent success probability of key identification even when only a few intended faults are available among 32 millions fault injections.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.22(2014) No.2 (online)DOI http://dx.doi.org/10.2197/ipsjjip.22.142------------------------------, 15 Feb. 2014, 情報処理学会論文誌, 55, 2, English, 1882-7764, 110009665014, AN00116647 - ハッシュ関数SHA-224, SHA-512/224, SHA-512/256 及び SHA-3 (Keccak) に関する実装評価
崎山 一男
Feb. 2014, CRYPTREC外部評価報告書, Technical report - チップ内外での電源電圧取得によるサイドチャネル漏洩情報の一考察
藤本 大介; 田中 大智; 三浦 典之; 永田 真; 林 優一; 本間 尚文; 青木 孝文; 堀 洋平; 片下 敏広; 﨑山 一男; Thanh-Ha Le; Julien Bringer; Pirouz Bazargan-Sabet; Shivam Bhasin; Jean-Luc Danger
Jan. 2014, 暗号と情報セキュリティシンポジウム, 2A3-3 - On Side-Channel Information Using Signal Toggles in AES Circuit
MATSUBARA Arisa; KUAI Yunfeng; LI Yang; NAKASONE Toshiki; OHTA Kazuo; SAKIYAMA Kazuo
Side-channel attack recovers secret information utilizing extraneous information that leaks from cryp-tographic devices. At COSADE 2013, it has been shown that power consumption and signal delay from two AES hardware implementations, AES-COMP and AES-PPRM1, have a high correlation. In the case of AES-PPRM1, this is because Hamming weight of input values of combinatorial circuit for S-box is considered to be a good model for both side-channel information. However, it is not clear the reason why power consumption and signal delay of AES-COMP has a high correlation. In this paper, we clarify the reason by reconsidering the behavior of signal toggles in the combinatorial circuit. As a result of simulation, we show that a high correlation between power consumption and signal delay stems from the number of signal toggles of output value for S-box circuits and clarify its mechanism., The Institute of Electronics, Information and Communication Engineers, 18 Jul. 2013, 電子情報通信学会技術研究報告 = IEICE technical report : 信学技報, 113, 138, 331-338, Japanese, 0913-5685, 110009773125, AA12526316 - On Side-Channel Information Using Signal Toggles in AES Circuit
松原 有沙; カイ 云峰; 李 陽; 中曽根 俊貴; 太田 和夫; 崎山 一男
11 Jul. 2013, 研究報告セキュリティ心理学とトラスト(SPT), 2013, 49, 1-8, Japanese, 170000077675 - On Side-Channel Information Using Signal Toggles in AES Circuit
松原 有沙; カイ 云峰; 李 陽; 中曽根 俊貴; 太田 和夫; 崎山 一男
サイドチャネル攻撃は,消費電力や電磁波などのデバイスから漏洩する副次的な情報を用いて秘密情報を復元する攻撃のことである.COSADE 2013 で,AES 暗号実装の一種である AES-COMP と AES-PPRM1 において,消費電力と故障感度の相関が高いことが示された.AES-PPRM1においては,S-box の組み合せ回路に対する入力値のハミング重みが,消費電力と信号遅延量の両方のサイドチャネル情報に対する良いモデルとなっていることが理由と考えられる.しかしながら,AES-COMPに関しては,消費電力と故障感度の相関が高い理由は明らかではない.そこで本稿では,組み合せ回路の信号遷移回数を再考し,消費電力と信号遅延量との相関を詳しく調査する.シミュレーションによる結果として,AES-COMPとAES-PPRM1の両方において,消費電力と信号遅延量の高相関が,S-box 回路の出力信号の遷移回数に起因することを示し,その理由を明らかとする.Side-channel attack recovers secret information utilizing extraneous information that leaks from cryp tographic devices. At COSADE 2013, it has been shown that power consumption and signal delay from two AES hardware implementations, AES-COMP and AES-PPRM1, have a high correlation. In the case of AES-PPRM1, this is because Hamming weight of input values of combinatorial circuit for S-box is considered to be a good model for both side-channel information. However, it is not clear the reason why power consumption and signal delay of AES-COMP has a high correlation. In this paper, we clarify the reason by reconsidering the behavior of signal toggles in the combinatorial circuit. As a result of simulation, we show that a high correlation between power consumption and signal delay stems from the number of signal toggles of output value for S-box circuits and clarify its mechanism., 11 Jul. 2013, 研究報告コンピュータセキュリティ(CSEC), 2013, 49, 1-8, Japanese, 170000077612, AA11235941 - D-19-13 Toward Flexible Privacy Protection for RFID Tags Using Privacy-Mode Switching
Li Yang; Sakamoto Hikaru; Nishikado Iwamasa; Saito Takafumi; Ohta Kazuo; Sakiyama Kazuo
The Institute of Electronics, Information and Communication Engineers, 05 Mar. 2013, Proceedings of the IEICE General Conference, 2013, 2, 216-216, English, 110009711965, AN10471452 - A-7-9 IMPROVED PATTERN MATCHING KEY GENERATION USING PUF
Komano Yuichi; Ohta Kazuo; Sakiyama Kazuo; Iwamoto Mitsugu
The Institute of Electronics, Information and Communication Engineers, 06 Mar. 2012, Proceedings of the IEICE General Conference, 2012, 177-177, Japanese, 110009460698, AN10471452 - Break Masked AES Implementations Using Fault Sensitivity and Faulty Ciphertext Review of Presentation at CHES2011
LI Yang; OHTA Kazuo; SAKIYAMA Kazuo
At CHES 2010, a novel side-channel analysis called fault sensitivity analysis (FSA) has been proposed. The essence of the FSA attack is the exploration of the relationship between the fault injection intensity and the occurrence of the faulty calculation. The originally proposed FSA attack is based on the dependency between the intermediate value and the delay timing for the combinational circuit, and can successfully recover the secret key of 128-bit AES. After that, the FSA attack has been improved from the following two directions, which have been presented at CHES 2011. 1) The break of all the AES cores for SASEBO-R by applying the FSA attack proposed at CHES 2010. 2) The enhancement of the FSA attack by additionally analyzing of the faulty ciphertext that have not been used in the original FSA attack. In this paper, the result of breaking all the AES cores on the SASEBO-R will be explained at first, and then the enhanced FSA attack using faulty ciphertext will be reported in detail especially. In 2), for the AES implementation with masking-based side-channel countermeasures, we successfully find the dependency between the unmasked S-box input and the distribution of the values for a byte of the faulty ciphertext. Based on this factor, we demonstrate how to successfully recover the difference between the secret key bytes for the Masked-AND AES implementation and the AES-Threshold on SASEBO-R., The Institute of Electronics, Information and Communication Engineers, 07 Dec. 2011, Technical report of IEICE. ISEC, 111, 337, 25-25, Japanese, 110009466595, AN10060811 - Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches
YAMAMOTO Dai; SAKIYAMA Kazuo; IWAMOTO Mitsugu; OTA Kazuo; OCHIAI Takao; TAKENAKA Masahiko; ITOH Kouichi
Physical Unclonable Functions (PUFs) are expected to represent an important solution for secure ID generation and authentication etc. In general, PUFs are considered to be more secure the larger their output entropy. However, the entropy of conventional PUFs is lower than the output bit length, because some output bits are random numbers, which are regarded as unnecessary for ID generation and discarded. We propose a novel PUF structure based on a Butterfly PUF with multiple RS latches, which generates larger entropy by utilizing location information of the RS latches generating random numbers. More specifically, while conventional PUFs generate binary values (0/1), the proposed PUF generates ternary values (0/1/random) in order to increase entropy. We estimate the entropy of the proposed PUF. According to our experiment with 40 FPGAs, a Butterfly PUF with 128 RS latches can improve entropy from 116 bits to 192.7 bits, this being maximized when the frequency of each ternary value is equal. We also show the appropriate RS latch structure for satisfying this condition, and validate it through an FPGA experiment., The Institute of Electronics, Information and Communication Engineers, 07 Dec. 2011, Technical report of IEICE. ISEC, 111, 337, 29-29, English, 110009466597, AN10060811 - Fault Sensitivity Analysis Against Elliptic Curve Cryptosystems Using Clockwise Collisions
SAKAMOTO Hikaru; LI Yang; OHTA Kazuo; SAKIYAMA Kazuo
In this paper, we propose a new fault analysis attack technique using Clockwise Collision. Generally, for the combinational circuit in a synchronous design, if signal states of consecutive two cycles are same, the delay time of the second cycle is zero. Focusing on this fact, for the fault attack using setup time violation, we find out that it is difficult for an attacker to induce a fault in the operation in which Clockwise Collision occurs. As a case study, we apply this technique to Elliptic Curve Cryptography (ECC) implementation using Lopez-Dahab algorithm. Consequently, we succeeded in identifying the secret key. Our proposed attack technique is valid even if the Z coordinate of the input point is randomized. Therefore, we show that this technique is more powerful than the previous attack technique using Fault Sensitivity Analysis., The Institute of Electronics, Information and Communication Engineers, 14 Nov. 2011, IEICE technical report. Life intelligence and office information systems, 111, 286, 101-108, Japanese, 0913-5685, 110009465967, AA1240564X - New Differential Fault Analysis on Trivium Based on Setup-Time Violations
LI Qi; GOMISAWA Shigeto; IWAMOTO Mitsugu; OHTA Kazuo; SAKIYAMA Kazuo
This paper presents new differential fault analysis (DFA) on a stream cipher Trivium based on setup-time violations. Trivium is a hardware-oriented synchronous stream cipher, designed by De Canniere and Preneel in 2005. In 2008, Hojsik and Rudolf first presented differential fault analysis of Trivium and proposed two types of DFA on Trivium. Setup-time violations are common fault injection methods for hardware implementations. We show that we have succeeded in injecting faults into FPGA on SASEBO-GII in which Trivium is implemented, and in obtaining 147 out of 288 secret bits with 93 fault injections at different rounds. According to our experiments, we found it is difficult to inject 1-bit errors into random positions of the registers of Trivium at a specific round that was proposed in the previous work of Hojsik and Rudolf., The Institute of Electronics, Information and Communication Engineers, 24 Feb. 2011, IEICE technical report, 110, 444, 333-339, English, 0913-5685, 110008688483, AA11840009 - New Differential Fault Analysis on Trivium Based on Setup-Time Violations
LI Qi; GOMISAWA Shigeto; IWAMOTO Mitsugu; OHTA Kazuo; SAKIYAMA Kazuo
This paper presents new differential fault analysis (DFA) on a stream cipher Trivium based on setup-time violations. Trivium is a hardware-oriented synchronous stream cipher, designed by De Canniere and Preneel in 2005. In 2008, Hojsik and Rudolf first presented differential fault analysis of Trivium and proposed two types of DFA on Trivium. Setup-time violations are common fault injection methods for hardware implementations. We show that we have succeeded in injecting faults into FPGA on SASEBO-GII in which Trivium is implemented, and in obtaining 147 out of 288 secret bits with 93 fault injections at different rounds. According to our experiments, we found it is difficult to inject 1-bit errors into random positions of the registers of Trivium at a specific round that was proposed in the previous work of Hojsik and Rudolf., The Institute of Electronics, Information and Communication Engineers, 24 Feb. 2011, IEICE technical report, 110, 443, 333-339, English, 0913-5685, 110008689715, AN10060811 - A general construction method of visual secret sharing scheme with share rotations
IWMAOTO Mitsugu; LI Yang; SAKIYAMA Kazuo; OHTA Kazuo
In this paper, we discuss a visual secret sharing scheme with multiple secret images including share rotation operations with arbitrary degrees, as an extension of the S-extended (n,n) visual secret sharing scheme proposed by Droste. As a result, it is pointed out that the proposed visual secret sharing scheme can be naturally derived from the S-extended (n,n) visual secret sharing scheme., The Institute of Electronics, Information and Communication Engineers, 03 Sep. 2010, Technical report of IEICE. ISEC, 110, 200, 67-74, English, 0913-5685, 110008108065, AN10060811 - CryptoVerifを用いたRFID向け相互認証プロトコルの安全性証明の検討
花谷嘉一; 花谷嘉一; 大久保美也子; 松尾真一郎; 太田和夫; 崎山一男
2010, 日本応用数理学会年会講演予稿集, 2010, 1345-3378, 201002280594575828 - A Novel Construction Method for Visual Secret Sharing Schemes Allowing Rotation of Shares
LI Yang; IWAMOTO Mitsugu; OHTA Kazuo; SAKIYAMA Kazuo
In 2006, Iwamoto et al. introduced a visual secret sharing (VSS) schemes that allows rotation operation for shares in decryption. However, the proposed construction method is complicated and it only deals with 180-degree rotation. In this paper, based on the change of the expression of subpixels, the rotation angle for shares is extended into degrees besides 180-degree. Especially, a new VSS scheme, in which two shares can decrypt multiple secret images with appropriate rotation angles, is proposed in this paper. The proposed construction approach overcomes the shortcomings of the one proposed by Li et al.. It satisfies the information theoretical security and is simpler than preview works. Besides, it is also possible to extend the proposed schemes into n shares., The Institute of Electronics, Information and Communication Engineers, 15 May 2009, IEICE technical report, 109, 42, 29-36, English, 0913-5685, 110007161998, AN10060811 - 暗号への脅威「サイドチャネル攻撃」とその対策
﨑山 一男; 太田 和夫
岩波書店, Oct. 2008, 「科学」報告・解説, 78, 10, ?-1083, Japanese, Introduction other, 0022-7625, 40016240456, AN00036810 - 現代暗号を脅かす「サイドチャネル攻撃」とは
Kazuo Sakiyama; Kazuo Ohta
Oct. 2008, Science Journal KAGAKU, 78, 10, 1080-1083, Japanese, Introduction other
Books and other publications
- Encyclopedia of Cryptography, Security and Privacy (S. Jajodia, P. Samarati, M. Yung editors)
Kazuo Sakiyama; Yang Li
Contributor, Fault Sensitivity Analysis, 1162, Springer, 12 Jul. 2024, 3030715205 - 電子情報通信学会 知識ベース
崎山一男
Contributor, 1群(信号・システム)- 3編(暗号理論)-14章(サイドチャネル攻撃と耐タンパー技術), 電子情報通信学会, Jul. 2019 - 暗号ハードウェアのセキュリティ
﨑山, 一男; 菅原, 健; 李, 陽
Japanese, Joint work, vii, 178p, コロナ社, Jun. 2019, 9784339028942 - IoT時代の電磁波セキュリティ : 21世紀の社会インフラを電磁波攻撃から守るには(電気学会電気システムセキュリティ特別技術委員会;電気学会スマートグリッドにおける電磁的セキュリティ特別調査専門委員会 編)
崎山一男; 林優一
Japanese, Contributor, 付録 電磁的情報漏えい: B 暗号モジュールを搭載したハードウェアからの情報漏えいの可能性の検討, xv, 346p, 科学情報出版, Apr. 2018, 9784904774663 - Security of block ciphers : from algorithm design to hardware implementation
Sakiyama, Kazuo; Sasaki, Yu; Li, Yang
English, Joint work, 320, John Wiley & Sons, 25 Apr. 2016, 9781118660010 - Advances in Information and Computer Security: 8th International Workshop on Security, IWSEC 2013, Okinawa, Japan, November 18-20, 2013, Proceedings (K. Sakiyama, and M.Terada editors)
English, Editor, 332, Springer, 09 Oct. 2013, 364241382X - ユニーク&エキサイティングサイエンス(梶谷 誠 監修)
崎山 一男
Japanese, Contributor, 第2章 暗号がつなぐ人と人工物とのコミュニケーション: 暗号とプライバシーとRFIDシステム, 3冊, 近代科学社, Apr. 2013, 9784764904422 - Fault Analysis in Cryptography (Marc Joye and Michael Tunstall editors)
Junko Takahashi; Toshinori Fukunaga; Shigeto Gomisawa; Yang Li; Kazuo Sakiyama; Kazuo Ohta
English, Contributor, Fault Injection and Key Retrieval Experiments on Evaluation Board, 372, Springer, 22 Jun. 2012, 9783642296550 - Secure integrated circuits and systems (Ingrid M.R. Verbauwhede editor)
Lejla Batina; Kazuo Sakiyama
English, Contributor, Compact Public-key Implementations for RFID and Sensor Nodes, x, 246 p., Springer, Feb. 2010, 9780387718279 - Secure integrated circuits and systems (Verbauwhede, Ingrid M. R. editor)
Kazuo Sakiyama; Lejla Batina
English, Contributor, Arithmetic for Public-key Cryptography, x, 246 p., Springer, Feb. 2010, 9780387718279 - Digital Systems and Applications (Oklobdzija, Vojin G. editor)
Lejla Batina; Kazuo Sakiyama; Ingrid Verbauwhede
English, Contributor, Architectures for Public-key Cryptography, 988, CRC Press, 26 Nov. 2007, 9780849386190
Lectures, oral presentations, etc.
- コンポーザブルセキュリティによる暗号回路の高位合成
楊明宇; 比留間絃斗; 崎山一男; 李陽, 原祐子
Oral presentation, ハードウェアセキュリティ研究会, VLD2023-138, HWS2023-98 (2024-03)
Mar. 2024 - MLP のハミング距離モデルに基づくサイドチャネル攻撃に対する 加算マスキング対策の提案
天野龍乃如; 崎山一男; 宮原大輝; 李陽
Oral presentation, IEICE 総合大会
Mar. 2024 - スクリーミングチャネルから漏洩した情報を用いた物理認証システムの提案
野村麻友; 迫琉奈; 松川侑生; 宮原大輝; 李陽; 崎山一男
Oral presentation, 2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024 - TI-AES に使用する擬似乱数生成器の物理安全性への影響
原田優咲; 塚原麻輝; 宮原大輝; 李陽; 原祐子; 崎山一男
Oral presentation, 2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024 - Implementation of Multiplicative Masked AES S-Box for M&M Scheme
Oral presentation, 2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024 - 高シェア数状況下でのt検定による安全性評価の有効性について
胡宇暘; 宮原大輝; 崎山一男; 李陽
Oral presentation, Japanese, 2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024 - 画面のスペクトル分布を用いた新たなQR コードの提案
須長淳也; 嶋野裕一郎; 宮原大輝; 李陽; 崎山一男
Oral presentation, 2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024 - 故障感度情報を用いたt検定によるAESハードウェアの安全性評価
古野亨紀; 佐藤泰雅; 平田遼; 宮原大輝; 李陽; 崎山一男
Oral presentation, 2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024 - トークンコントラクトを応用した競馬投票システムの検討
上段浩輝; 李陽; 崎山一男; 宮原大輝
Keynote oral presentation, 2024年暗号と情報セキュリティシンポジウム (SCIS’24)
Jan. 2024 - NFTを利用した競馬投票システムの一考察
上段浩輝; 李陽; 崎山一男; 宮原大輝
Oral presentation, IEICE2023年ソサイエティ大会
Sep. 2023 - ディスプレイが発するスペクトル分布を用いた認証方式の提案
須長淳也; 宮原大輝; 李陽; 崎山一男
Oral presentation, IEICE2023年ソサイエティ大会
Sep. 2023 - 乱数性に対するTI-AESの一様性に関する基礎評価
原田優咲; 塚原麻輝; 宮原大輝; 李陽; 原祐子; 崎山一男
Oral presentation, IEICE2023年ソサイエティ大会
Sep. 2023 - 軽量暗号Asconに対するスクリーミングチャネル解析実験
迫琉奈; 粕谷桃伽; 松川侑生; 宮原大輝; 李陽; 崎山一男
Oral presentation, IEICE2023年ソサイエティ大会
Sep. 2023 - スクリーミングチャネルを用いた認証システムの一考察
野村麻友; 粕谷桃伽; 松川侑生; 宮原大輝; 李陽; 崎山一男
Oral presentation, IEICE2023年ソサイエティ大会
Sep. 2023 - 天秤ベース秘密計算に対する計算モデルの構築
金子尚平; 李陽; 崎山一男; 宮原大輝
Oral presentation, マルチメディア、分散、協調とモバイル(DICOMO2023)シンポジウム
Jan. 2023 - Attention-Based Non-Profiled SCA on ASCAD Database
Enhao Xu; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Oral presentation, 2023年暗号と情報セキュリティシンポジウム (SCIS’23)
Jan. 2023 - 電力サイドチャネル攻撃に対して堅牢なARX型暗号回路の高位合成
稲垣沙耶; 楊明宇; 李陽; 崎山一男; 原祐子
Oral presentation, 2023年暗号と情報セキュリティシンポジウム (SCIS’23)
Jan. 2023 - TI技術によりシェア化されたAES S-boxの故障感度解析手法
佐藤泰雅; 古野亨紀; 平田遼; 宮原大輝; 李陽; 崎山一男
Oral presentation, 2023年暗号と情報セキュリティシンポジウム (SCIS’23)
Jan. 2023 - 天秤とコインを使った秘密計算
吉田深月; 金子尚平; 李陽; 崎山一男; 宮原大輝
Oral presentation, 2023年暗号と情報セキュリティシンポジウム (SCIS’23)
Jan. 2023 - 相互補助相関電力解析の正解鍵順位と鍵復元率の調査
西澤慧悟; 崎山一男; 原祐子, 李陽
Oral presentation, 2023年暗号と情報セキュリティシンポジウム (SCIS’23)
Jan. 2023 - シミュレーションによるニューラルネットワークの乗算に対するサイドチャネル攻撃の考察
天野龍乃如; 崎山一男; 原祐子, 李陽
Oral presentation, 2023年暗号と情報セキュリティシンポジウム (SCIS’23)
Jan. 2023 - Screaming channelsの漏洩モデルの実験的検証
松川侑生; 崎山一男; 菅原健, 李陽
Oral presentation, 2023年暗号と情報セキュリティシンポジウム (SCIS’23)
Jan. 2023 - 軽量暗号の実装性能に関する調査及び評価(NIST軽量暗号コンペティションファイナリスト)
崎山 一男
CRYPTREC外部評価報告書
Dec. 2022
Dec. 2022 Dec. 2022 - Entropy-Based Fault Analysis on M&M AES Block Cipher
Haruka Hirata; Svetla Nikova; Li Yang; Kazuo Sakiyama
Poster presentation, English, Smart Card Research and Advanced Application Conference (CARDIS2022), International conference
Nov. 2022 - ハイパースペクトルカメラを用いた指紋の付着時期推定
工藤紗織; 嶌野雅久; 崎山一男; 宮原大輝
Invited oral presentation, Japanese, IEICE2022年ソサイエティ大会, Domestic conference
Sep. 2022 - TI技術を用いたAES S-boxの故障感度の評価
佐藤泰雅; 古野亨紀; 平田遼; 宮原大輝; 崎山一男
Invited oral presentation, Japanese, IEICE2022年ソサイエティ大会, Domestic conference
Sep. 2022 - AES暗号に対する非プロファイリング深層学習攻撃の再現実験
荻原実那; 李陽; 宮原大輝; 﨑山一男
Invited oral presentation, Japanese, IEICE2022年ソサイエティ大会, Domestic conference
Sep. 2022 - サイドチャネル攻撃と偽コイン問題の関連性
吉田深月; 宮原大輝; 崎山一男
Invited oral presentation, Japanese, IEICE2022年ソサイエティ大会, Domestic conference
Sep. 2022 - 少命令セット組込みプロセッサにおけるARX型暗号アルゴリズムの実装と評価
楊明宇; 卯木あゆ美; 李陽; 崎山一男; 原祐子
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - 電磁波サイドチャネルとスクリーミングチャネルの同時収集攻撃の検証
松川侑生; 杉本悠馬; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - 確率モデルと実験による増分故障解析の安全性評価
加藤光; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - RISC−VとSubRISC+におけるLED暗号のBitslice実装の評価
渡辺陸; 楊明宇; 原祐子; 崎山一男; 李陽
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - プロービング攻撃による漏洩情報を用いたAES鍵復元アルゴリズムの改良
植村友紀; 渡邉洋平; 李陽; 三浦典之; 岩本貢; 崎山一男; 太田和夫
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - M&Mにより対策されたAES暗号ハードウェアの乱数依存性について
塚原麻輝; 平田遼; 宮原大輝; 李陽; 崎山一男
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - ハイパースペクトルカメラによるカードベース暗号の安全性評価に向けた基礎的検討
嶌野雅久; 宮原大輝; 崎山一男
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - NIST軽量暗号最終候補におけるソフトウェア実装性能の評価
北原知明; 日良僚太; 原祐子; 宮原大輝; 李陽; 崎山一男
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - パイプライン化されたAES S-boxへのフォールト攻撃に対する安全性評価
平田遼; 宮原大輝; 李陽; 三浦典之; 崎山一男
Oral presentation, Japanese, 2022年暗号と情報セキュリティシンポジウム(SCIS2022), Domestic conference
Jan. 2022 - サイドチャネル攻撃の並列実装におけるシステムノイズの評価
工藤 黎; 菅原健; 崎山一男; 原祐子, 李陽
Poster presentation, Japanese, ハードウェアセキュリティフォーラム2021, Domestic conference
Dec. 2021 - ローリングシャッター効果を用いた音声情報復元とその評価
星野翔; 嶋野裕一郎; 崎山一男
Oral presentation, Japanese, コンピュータセキュリティシンポジウム2021(CSS2021), Domestic conference
Oct. 2021 - ミクスチャ差分を用いた暗号解析のLED64への適用
高見豪; 菅原健; 崎山一男; 李陽
Invited oral presentation, Japanese, IEICE2021年ソサイエティ大会, Domestic conference
Sep. 2021 - M&Mにより対策されたAES暗号ハードウェアへの故障利用解析に向けた基礎実験
古野亨紀; 平田遼; 李陽; 崎山一男
Invited oral presentation, Japanese, IEICE2021年ソサイエティ大会, Domestic conference
Sep. 2021 - M&Mにより対策されたAES暗号ハードウェアに対するt検定
塚原麻輝; 平田遼; 李陽; 崎山一男
Invited oral presentation, Japanese, IEICE2021年ソサイエティ大会, Domestic conference
Sep. 2021 - NIST軽量暗号最終候補におけるAD長と平文長に対するレイテンシの測定
北原知明; 日良僚太; 原祐子; 李陽; 崎山一男
Invited oral presentation, Japanese, IEICE2021年ソサイエティ大会, Domestic conference
Sep. 2021 - ローリングシャッター方式のカメラを用いた音声情報の復元実験
嶋野裕一郎; 星野翔; 崎山一男
Invited oral presentation, Japanese, IEICE2021年ソサイエティ大会, Domestic conference
Sep. 2021 - 高位合成による軽量暗号ChaskeyのFPGA実装およびサイドチャネル攻撃耐性の評価
稲垣 沙耶; 楊 明宇; 李 陽; 崎山 一男; 原 祐子
Oral presentation, Japanese, ハードウェアセキュリティ研究会, Domestic conference
Mar. 2021 - [招待講演]Simple Electromagnetic Analysis Against Activation Functions of Deep Neural Networks (from AIHWS 2020)
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Invited oral presentation, Japanese, ISEC2021-9, Domestic conference
Mar. 2021 - M&Mにより対策されたAES暗号ハードウェアに対するサイドチャネル攻撃
平田遼; 羽田野凌太; 李陽; 三浦典之; 崎山一男
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - NIST軽量暗号第2ラウンド候補のソフトウェア実装に向けた調査
日良僚太; 李陽; 原祐子; 崎山一男
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - 塗布剤による個人情報の秘匿性評価
畑碧; 崎山一男
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - ローリングシャッター効果を用いたLEDデバイスの物理指紋抽出に関する基礎的実験
星野翔; 崎山一男
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - Pushing the Limits of Simple Electromagnetic Analysis Against Similar Activation Functions
Go Takatoi; Takeshi Sugawara; Kazuo Sakiyama; Yuko Hara-Azumi; Yang Li
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - サイドチャネル攻撃の並列実装におけるシステムノイズの評価: 遺伝的アルゴリズムとの比較
工藤黎; 菅原健; 崎山一男; 原祐子, 李陽
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - FPGAを用いた秘匿アクセラレーションの実装評価(II)
高木翼; 李陽; 崎山一男; 菅原健; 梨本翔永; 鈴木大輔
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - AES鍵スケジュールからの固定ビット数漏洩を用いた鍵復元アルゴリズムの性能評価
植村友紀; 渡邉洋平; 李陽; 三浦典之; 岩本貢; 崎山一男; 太田和夫
Oral presentation, Japanese, 2021年暗号と情報セキュリティシンポジウム(SCIS2021), Domestic conference
Jan. 2021 - NIST軽量暗号の第2ラウンド候補の軽量実装に向けた分類と比較
日良僚太; 李陽; 原祐子; 崎山一男
Oral presentation, Japanese, IEICE2020年ソサイエティ大会, Domestic conference
Sep. 2020 - M&Mにより対策されたAESハードウェアの安全性評価について
平田遼; 羽田野凌太; 李陽; 三浦典之; Svetla Nikova
Oral presentation, Japanese, IEICE2020年ソサイエティ大会, Domestic conference
Sep. 2020 - LEDの個体識別における温度変化の影響
土屋彩夏; 藤聡子; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, ICSS2019-72, Domestic conference
Jul. 2020 - 順序回路への故障注入に起因した不均一な頻度分布を持つ誤り出力を用いた故障利用解析
岡本拓実; 藤本大介; 崎山一男; 李陽, 林優一
Oral presentation, Japanese, HWS2019-101, Domestic conference
May 2020 - 気泡検出器を用いたゼロ知識非破壊検査
品川和雅; 三浦典之; 岩本貢; 崎山一男; 太田和夫
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - 鍵のランダムな漏洩に対する AES 鍵スケジュール復元アルゴリズム
植村友紀; 李陽; 三浦典之; 岩本貢; 崎山一男; 太田和夫
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - RG-DTM PUFに対するDeep Learningを用いたクローニング攻撃
八代理紗; 堀洋平; 片下敏宏; 汐崎充; 崎山一男
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - 調光機能のある LEDの個体識別
藤聡子; 土屋彩夏; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - FPGAを用いた秘匿アクセラレーションの実装評価
高木翼; 李陽; 崎山一男; 菅原健; 梨本翔永; 鈴木大輔
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - ARM Cortex-M0におけるSAEAESの小型実装
薮茉莉花; 崎山一男; 菅原健
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - 無線通信から収集した電磁波を用いたテンプレート攻撃研究
杉本悠馬; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - AESへの5ラウンドの物理攻撃の可能性の考察
高見豪; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - レーザー検知回路から漏洩するサイドチャネル情報の考察
羽田野凌太; 平田遼; 松田航平; 三浦典之; 李陽; 崎山一男
Oral presentation, Japanese, 2020年暗号と情報セキュリティシンポジウム(SCIS2020), Domestic conference
Jan. 2020 - AESに対する5ラウンド攻撃の物理攻撃への応用検討
高見豪; 菅原健; 崎山一男; 李陽
Oral presentation, Japanese, IEICE2019年ソサイエティ大会, Domestic conference
Sep. 2019 - 積分球による光量の均一化に基づくLEDの個体識別
土屋彩夏; 藤聡子; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, IEICE2019年ソサイエティ大会, Domestic conference
Sep. 2019 - ARM Cortex-M0 におけるAES暗号化処理の小型実装
薮茉莉花; 崎山一男; 菅原健
Oral presentation, Japanese, IEICE2019年ソサイエティ大会, Domestic conference
Sep. 2019 - レーザー光を使った音情報の漏洩に対する安全性評価
星野翔; 椎名瞭; 松村竜我; 崎山一男
Oral presentation, Japanese, IEICE2019年ソサイエティ大会, Domestic conference
Sep. 2019 - AES暗号への9ラウンド差分故障解析の攻撃耐性の評価
杉本博英; 羽田野凌太; 庄司奈津; 崎山一男
Oral presentation, Japanese, IEICE2019年ソサイエティ大会, Domestic conference
Sep. 2019 - LED光源を用いた光サイドチャネル認証装置
椎名瞭; 菅原健; 松村竜我; 崎山一男
Oral presentation, Japanese, IEICE2019年ソサイエティ大会, Domestic conference
Sep. 2019 - レーザーフォールト注入攻撃への対策が施されたAES暗号チップの脆弱性評価
羽田野凌太; 李陽; 多田捷; 松田航平; 三浦典之; 菅原健; 崎山一男
Oral presentation, Japanese, IEICE2019年ソサイエティ大会, Domestic conference
Sep. 2019 - Invited Talk: Deep Learning for Security Evaluation of Physically Unclocable Function
Kazuo Sakiyama
Invited oral presentation, English, International Conference on Advanced Computing and Applications (ACOMP 2018), International conference
Jul. 2019 - Anti-tamper cryptographic hardware with analog electronics
Kazuo Sakiyama
Public discourse, English, Mini Symposium: Crypto for long-term security and privacy
22 Mar. 2019 - Investigation of Information Leakage from A Laser Fault Injection Sensor
Yang Li; Natsu Shoji; Takeshi Sugawara; Kazuo Sakiyama
Oral presentation, English, IEICE2019年総合大会, Domestic conference
Mar. 2019 - A TEG Chip of Arbiter PUF for Efficient Simulation Model
Risa Yashiro; Takeshi Sugawara; Mitsuru Shiozaki; Takeshi Fujino; Kazuo Sakiyama
Oral presentation, English, In Conference Record of International Conference on Computer and Communication Systems (ICCCS’19), International conference
Feb. 2019 - 分光スペクトルを用いたLEDの個体識別における電流変化の影響
藤聡子; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, 2019年暗号と情報セキュリティシンポジウム(SCIS2019), Domestic conference
Jan. 2019 - ハイパースペクトルカメラを用いた液晶ディスプレイの個体差に関する基礎的研究
堀越健太郎; 崎山一男
Oral presentation, Japanese, 2019年暗号と情報セキュリティシンポジウム(SCIS2019), Domestic conference
Jan. 2019 - FPGA搭載サーバにおける秘匿アクセラレーション
鈴木大輔; 梨本翔永; 永塚智之; 高木翼; 李陽; 崎山一男; 菅原健
Oral presentation, Japanese, 2019年暗号と情報セキュリティシンポジウム(SCIS2019), Domestic conference
Jan. 2019 - SDAccel環境を用いたAES暗号CTRモードの高性能実装
高木翼; 崎山一男; 菅原健; 梨本翔永; 鈴木大輔
Oral presentation, Japanese, 2019年暗号と情報セキュリティシンポジウム(SCIS2019), Domestic conference
Jan. 2019 - Keynote: Towards Resilient IoT System – How to Evaluate Information Leakage
Kazuo Sakiyama
Invited oral presentation, English, The First International Workshop on Hardware Oriented Cybersecurity (HwSec2018), Invited, International conference
19 Dec. 2018 - Keynote: Hardware Security and IoT Ecosystem
Kazuo Sakiyama
Keynote oral presentation, English, International Conference on Advanced Computing and Applications (ACOMP 2018), International conference
28 Nov. 2018 - Hardware Implementations of ECC
Kazuo Sakiyama
Public discourse, English, Autumn school, 22nd Workshop on Elliptic Curve Cryptography
17 Nov. 2018 - 分光器を用いたLEDの個体識別に向けた基礎的研究
藤聡子; 李陽; 﨑山一男; 菅原健
Oral presentation, Japanese, IEICE2018ソサイエティ大会, Domestic conference
Sep. 2018 - 様々な実験条件におけるジャイロセンサのセンサなりすまし攻撃に関する基礎的検討
西山優太; 李陽; 﨑山一男; 菅原健
Oral presentation, Japanese, IEICE2018ソサイエティ大会, Domestic conference
Sep. 2018 - Arbiter PUFへのサイドチャネルモデリング攻撃の実装と応用
八代理沙; 藤聡子; 菅原健; 﨑山一男
Oral presentation, Japanese, IEICE2018ソサイエティ大会, Domestic conference
Sep. 2018 - AES暗号への故障差分攻撃のモデル化と攻撃回数の評価
羽田野凌太; 庄司奈津; 李陽; 菅原健; 﨑山一男
Oral presentation, Japanese, IEICE2018ソサイエティ大会, Domestic conference
Sep. 2018 - AESの指定したラウンド間差分の平文探索アルゴリズムの改良
伊藤俊輔; 菅原健; 﨑山一男; 李陽
Oral presentation, Japanese, IEICE2018ソサイエティ大会, Domestic conference
Sep. 2018 - Arbiter PUFに対する攻撃手法に関する一考察
八代理沙; 菅原健; 﨑山一男
Invited oral presentation, Japanese, 情報処理学会DAシンポジウム2018, Domestic conference
Aug. 2018 - レーザー故障注入攻撃対策を備えた暗号ICの設計手法
松田航平; 藤井達哉; 庄司奈津; 菅原健; 﨑山一男; 林優一; 永田真; 三浦典之
Invited oral presentation, Japanese, 情報処理学会DAシンポジウム2018, Domestic conference
Aug. 2018 - A Case Study of Row Hammer under Different Refresh Rates
Erina Tatsumi; Kazuo Sakiyama; Takeshi Sugawara
Poster presentation, English, IWSEC2018, International conference
Aug. 2018 - 基盤電流センサと電源瞬断回路を利用した小面積レーザーフォールト注入攻撃対策
松田航平; 藤井達哉; 庄司奈津; 菅原健; 﨑山一男; 林優一; 永田真; 三浦典之
Oral presentation, Japanese, ハードウェアセキュリティ研究会(HWS), Domestic conference
Apr. 2018 - レーザーフォールト攻撃対策である電源遮断回路実装時のサイドチャネル耐性評価
郡義弘; 藤本大介; 林優一; 三浦典之; 永田真; 﨑山一男
Oral presentation, Japanese, ハードウェアセキュリティ研究会(HWS), Domestic conference
Mar. 2018 - IC内部の回路構成変更が秘密鍵の習得性に与える影響の評価
郡義弘; 藤本大介; 林優一; 﨑山一男; 三浦典之; 永田真
Poster presentation, Japanese, IEICE2018総合大会, Domestic conference
Mar. 2018 - センサフュージョンの攻撃耐性に関するセキュリティ評価
梨本翔永; 鈴木大輔; 菅原健; 﨑山一男
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - ブロック暗号へのプロービング攻撃における鍵復元効率の正確な評価モデル
庄司奈津; 菅原健; 岩本貢; 﨑山一男
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - フォルト検出センサを悪用した非侵襲プロービング攻撃
菅原健; 庄司奈津; 﨑山一男; 松田航平; 三浦典之; 永田真
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - パブリッククラウド上のFPGAにおける悪性ハードウェア
菅原健; 﨑山一男; 梨本翔永; 永塚智之
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - デバイスドライバを用いたRow Hammerのテストツール
辰巳恵里奈; 菅原健; 﨑山一男
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - 光に重畳したサイドチャネル情報に関する基礎的な解析
松村竜我; 菅原健; 﨑山一男
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - C66xDSPにおけるペアリングの高速実装
松原祐衣子; 宮元景冬; 菅原健; 﨑山一男
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - PUF応用に向けた新たな物理仮定と端末認証方式への応用
駒野雄一; 岩本貢; 太田和夫; 﨑山一男
Oral presentation, Japanese, 2018年暗号と情報セキュリティシンポジウム(SCIS2018), Domestic conference
Jan. 2018 - WHO WILL FAULT SENSORS BE HELPFUL FOR?
Kazuo Sakiyama
Public discourse, English, COSIC Seminar
03 Nov. 2017 - An Evaluation of Ineffective Fault Analysis on AES using Single-Bit Bit-Set/Reset Faults
Natsu Shoji; Ryuga Matsumura; Takeshi Sugawara; Kazuo Sakiyama
Poster presentation, English, IWSEC2017, International conference
Aug. 2017 - 光を用いたサイドチャネル認証
松村竜我; 庄司奈津; 菅原健; 崎山一男
Oral presentation, Japanese, コンピュータセキュリティシンポジウム2017(CSS2017)デモンストレーション(ポスター)セッション, Domestic conference
Jan. 2017 - Raw Hammerの見える化
辰巳恵里奈; 菅原健; 崎山一男
Oral presentation, Japanese, コンピュータセキュリティシンポジウム2017(CSS2017)デモンストレーション(ポスター)セッション, Domestic conference
Jan. 2017 - TI社DSP TMS320C6678における高速な剰余乗算アルゴリズムの実装評価
宮元景冬; 﨑山一男
Oral presentation, Japanese, 2016年暗号と情報セキュリティシンポジウム(SCIS2017), Domestic conference
Jan. 2017 - XORモデルを用いたサイドチャネル認証
粕谷桃伽; 町田卓謙; 﨑山一男
Oral presentation, Japanese, 2016年暗号と情報セキュリティシンポジウム(SCIS2017), Domestic conference
Jan. 2017 - 基板電流検知回路を用いたレーザーフォールト注入攻撃対策のオーバーヘッド推定
松田航平; 三浦典之; 永田真; 林優一; 藤井達哉; 﨑山一男
Oral presentation, Japanese, 電子情報通信学会総合大会, Domestic conference
Jan. 2017 - RowHammerに関する基礎実験
辰巳恵里奈; 菅原健; 﨑山一男
Oral presentation, Japanese, ハードウェアセキュリティ研究会(HWS), Domestic conference
Jan. 2017 - ダイオードレーザーを用いた光によるサイドチャネル認証
松村竜我; 庄司奈津; 菅原健; 﨑山一男
Oral presentation, Japanese, ハードウェアセキュリティ研究会(HWS), Domestic conference
Jan. 2017 - 誤り暗号文を使わないAESへの故障利用攻撃
庄司奈津; 松村竜我; 菅原健; 﨑山一男
Oral presentation, Japanese, ハードウェアセキュリティ研究会(HWS), Domestic conference
Jan. 2017 - DSPC6678における剰余乗算の高速実装評価
宮元 景冬; 﨑山 一男
Poster presentation, Japanese, ハードウェアセキュリティフォーラム2016, Domestic conference
Dec. 2016 - Q-class Authentication System Using DAPUF
Risa Yashiro; Mitsugu Iwamoto; Kazuo Sakiyama
Poster presentation, English, AsianHOST2016, International conference
Dec. 2016 - Authentication Using Physical
Momoka Kasuya; Kauo Sakiyama
Poster presentation, English, AsianHOST2016, International conference
Dec. 2016 - 認証の枠組みを用いたサイドチャネル攻撃に必要な波形数の導出
粕谷 桃伽; 崎山一男
Oral presentation, Japanese, IEICE2016年ソサエティ大会, Domestic conference
Sep. 2016 - Deep Learningを用いたRSAに対する単純電磁波解析
八代理沙; 藤井達哉; 岩本貢; 崎山一男
Oral presentation, Japanese, IEICE2016年ソサエティ大会, Domestic conference
Sep. 2016 - 基板電位変動モニタリングによるレーザーフォールト注入攻撃対策
松田航平; 三浦典之; 永田真; 林優一; 藤井達哉; 崎山一男
Poster presentation, Japanese, IEICE2016年ソサエティ大会, Domestic conference
Sep. 2016 - 基板電位変動モニタリングによるレーザーフォールト注入攻撃対策
松田航平; 三浦典之; 永田 真; 林 優一; 藤井達哉; 矢ヶ崎玲奈; 崎山一男
Oral presentation, Japanese, LSIとシステムのワークショップ2016, Domestic conference
May 2016 - サイドチャネル情報における固有性解析
粕谷桃伽; 町田卓謙; 崎山一男
Poster presentation, Japanese, IEICE2016年総合大会, Domestic conference
Mar. 2016 - Deep Learningを用いたDouble Arbiter PUFの安全性評価
八代理沙; 町田卓謙; 岩本貢; 崎山一男
Oral presentation, Japanese, IEICE2016年総合大会, Domestic conference
Mar. 2016 - サイドチャネル認証におけえる識別可能なデバイス数
粕谷桃伽; 町田卓謙; 崎山一男
Oral presentation, Japanese, 2016年暗号と情報セキュリティシンポジウム(SCIS2016)
Jan. 2016 - レーザーフォールド注入時のIC基板電位変動のオンチップ測定
松田航平; 三浦典之; 永田真; 藤井達哉; 矢ヶ崎玲奈; 崎山一男
Oral presentation, Japanese, 2016年暗号と情報セキュリティシンポジウム(SCIS2016)
Jan. 2016 - 並列化RNSアーキテクチャによる高速ペアリング実装に関する検討
藤本大介; 照屋唯紀; 永田真; 本間尚文; 池田誠; 松本勉; 崎山一男
Oral presentation, Japanese, 2016年暗号と情報セキュリティシンポジウム(SCIS2016)
Jan. 2016 - AES暗号化回路からの全ラウンド漏洩電磁波を用いたサイドチャネル認証
粕谷桃伽; 藤井達哉; 町田卓謙; 崎山一男
Public symposium, Japanese, Hot Channel Workshop 2015, Invited, Tohoku Univ., Tokyo Japan, Domestic conference
09 Oct. 2015 - レーザーフォルト注入時のIC基板電位変動のオンチップ測定
松田 航平; 三浦 典之; 永田 真; 林 優一; 藤井 達哉; 崎山 一男
Public symposium, Japanese, Hot Channel Workshop 2015, Invited, Touhoku Univ., Tokyo Japan, Domestic conference
08 Oct. 2015 - DE0-nanoを用いたサイドチャネル認証
藤井達哉; 粕谷桃伽; 町田卓謙; 崎山一男
Oral presentation, Japanese, コンピュータセキュリティシンポジウム2015 (CSS2015), 長崎市, Domestic conference
Oct. 2015 - 漏洩電磁波を用いたサイドチャネル認証の基礎実験
粕谷桃伽; 町田卓謙; 崎山一男
Oral presentation, Japanese, IEICE2015年ソサイエティ大会, IEICE, 仙台市, Domestic conference
Sep. 2015 - Hardware Implementations of ECC
Kazuo Sakiyama
Oral presentation, English, Summer school on real-world crypto and privacy, Invited, Šibenik Croatia, International conference
04 Jun. 2015 - 暗号ハードウェアからの情報漏洩
崎山一男
Others, Japanese, 日本学術振興会シリコン超集積化システム第165委員会, Invited, Kyoto,Japan, Domestic conference
15 May 2015 - ランダム故障混入時のAES暗号回路への故障利用攻撃
松原有沙; 町田卓謙; 崎山一男
Poster presentation, Japanese, IEICE2015年総合大会(学生ポスターセッション), Kusatsu-shi,Shiga, Domestic conference
Mar. 2015 - 物理特性の変更が可能なRO-PUF
川述優; 崎山一男
Poster presentation, Japanese, IEICE2015年総合大会(学生ポスターセッション), Kusatsushi,Shiga, Domestic conference
Mar. 2015 - Android端末に向けた新たな認証システム
酒井芳章; 崎山一男
Poster presentation, Japanese, IEICE2015年総合大会(学生ポスターセッション), Kusatsushi,Shiga, Domestic conference
Mar. 2015 - ワイン瓶の透過光を用いた人工物メトリクスに関する研究
矢ヶ崎玲奈; 崎山一男
Poster presentation, Japanese, IEICE2015年総合大会, Domestic conference
Mar. 2015 - Fault Analysis for Cryptosystems: Introduction to Differential Fault Analysis and Fault Sensitivity Analysis
Kazuo Sakiyama
Public discourse, English, Tutorial-4: Hardware Trust in VLSI Design and Implementations, Asia and South Pacific Design Automation Conference (ASP-DAC’15), Invited, International conference
Jan. 2015 - AESハードウェア実装の任意ラウンドにおける消費電力制御
カイ 云峰; 李 陽; 町田 卓謙; 崎山 一男
Oral presentation, Japanese, 2015年暗号と情報セキュリティシンポジウム (SCIS2015), Kokura Kitakyuushu-shi, Domestic conference
Jan. 2015 - サイドチャネル認証の為の漏洩モデルに関する一考察
松原 有沙; 町田 卓謙; 林優一; 崎山 一男
Oral presentation, Japanese, 2015年暗号と情報セキュリティシンポジウム(SCIS2015)
Jan. 2015 - Single-Chip Implementation and Evaluation of Passive UHF RFID Tag with Hash-Based Mutual Authentication
李陽; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014, Invited, Chofu(UEC), Domestic conference
07 Oct. 2014 - ガラスのムラを用いた人工物メトリクスの研究
矢ヶ崎玲奈; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014, Invited, Chofu(UEC), Domestic conference
07 Oct. 2014 - サイドチャネル情報を用いた認証の実現に向けて
松原有沙; 町田卓謙; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014, Chofu(UEC), Domestic conference
06 Oct. 2014 - バッファを用いた軽量擬似乱数生成器のグリッチ削減方法とハードウェア実装評価
三上修吾; 渡辺大; 崎山一男
Oral presentation, Japanese, コンピュータセキュリティシンポジウム 2014(CSS2014), IWSEC, Sapporo, Domestic conference
Oct. 2014 - サイドチャネル認証に向けた基礎的考察
松原有沙; 李陽; 林優一; 崎山一男
Oral presentation, Japanese, ISEC2014, ISEC, Hakodate, Japan, Domestic conference
Jul. 2014 - Toward Practical Solution to Unsuccessful Write Operation on Non-Volatile Memory of Passive RFID Tags
Yang Li; Kazuo Sakiyama
Poster presentation, English, ASIACCS2014, Kyoto,Japan, International conference
Jun. 2014 - RFIDシステムにおけるリレー攻撃対策
李陽; 三上修吾; 渡辺大; 太田和夫; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014, Invited, Sendai(Tohoku Univ.), Domestic conference
23 Apr. 2014 - RFIDシステムにおけるリレー攻撃対策
李陽; 三上修吾; 渡辺大; 太田和夫; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014, Invited, Sendai(Tohoku Univ.), Domestic conference
23 Apr. 2014 - Single-Chip Implementation and Evaluation of A Privacy-Enhanced RFID Tag
李陽; 崎山一男
Oral presentation, English, Hot Channel Workshop 2014, Invited, 仙台, Domestic conference
22 Apr. 2014 - バッファを用いた軽量擬似乱数生成器のグリッチ削減方法と実装評価
三上修吾; 渡辺大; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014, Invited, Sendai(Tohoku Univ.), Domestic conference
22 Apr. 2014 - FPGA実装されたArbiter-based PUFのユニーク性向上に向けた実装法の検討
町田卓謙; 山本大; 岩本貢; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2014, Invited, 仙台, Domestic conference
22 Apr. 2014 - ICT国際PBL(4):ディジタル信号処理
福井言葉; 船橋鴻志; 高橋謙三; 山尾泰; 小島年春; 崎山一男
Oral presentation, Japanese, IEICE2014年総合大会, 新潟, Domestic conference
Mar. 2014 - ICT国際PBL (3):ハッシュ関数SHA-256の高速実装
中曽根俊貴; 崎山一男
Oral presentation, Japanese, IEICE2014年総合大会, 新潟, Domestic conference
Mar. 2014 - ICT国際PBL (2):無線ネットワークによるロボットカー制御プロジェクト
大竹健太; 稲毛契; 戴競擇; 藤井威生; 山尾泰; 崎山一男
Oral presentation, Japanese, IEICE2014年総合大会, 新潟, Domestic conference
Mar. 2014 - ICT国際PBL (1):国際性と実践力に優れた高度専門人材育成
稲毛契; 藤井威生; 高橋謙三; 山尾泰; 崎山一男
Oral presentation, Japanese, IEICE2014年総合大会, 新潟, Domestic conference
Mar. 2014 - バッファを用いた軽量擬似乱数生成器のハードウェア実装と評価
三上修吾; 渡辺大; 崎山一男
Oral presentation, Japanese, 2014年 暗号と情報セキュリティシンポジウム (SCIS2014), Domestic conference
Jan. 2014 - FPGA実装されたArbiter PUFのユニーク性向上に向けた一考察
町田卓謙; 山本大; 岩本貢; 崎山一男
Oral presentation, Japanese, 2014年 暗号と情報セキュリティシンポジウム (SCIS2014), Domestic conference
Jan. 2014 - チップ内外での電源電圧取得によるサイドチャネル漏洩情報の一考察
藤本大介; 田中大智; 三浦典之; 永田真; 林優一; 本間尚文; 青木孝文; 堀洋平; 片下敏広; 崎山一男; Thanh-Ha Le; Julien Bringer; Pirouz Bazargan-Sabet; Shivam Bhasin; Jean-Luc Danger
Oral presentation, Japanese, 2014年 暗号と情報セキュリティシンポジウム (SCIS2014), Domestic conference
Jan. 2014 - FPGA上のArbiter PUFに対する機械学習攻撃の新たなモデル作成に向けて
町田卓謙; 中曽根俊貴; 岩本貢; 崎山一男
Oral presentation, Japanese, Hot Channel Workshop 2013, 神戸, Domestic conference
26 Nov. 2013 - Introduction to IAIK Demotag and Related Experiments on It
李陽; 崎山一男
Oral presentation, English, Hot Channel Workshop 2013, Kobe,Japan, Domestic conference
25 Nov. 2013 - Toward Applications of SRAM Retention Time as Battery-Less Timer for RFID Tags
Yang Li; Toshiki Nakasone; Kazuo Sakiyama
Poster presentation, English, IWSEC2013 (Nov., 2013), Okinawa,Japan, International conference
Nov. 2013 - A New Model of Modeling Attacks against Arbiter PUF on FPGA
Takanori Machida; Toshiki Nakasone; Mitsugu Iwamoto; Kazuo Sakiyama
Poster presentation, English, IWSEC2013, Okinawa,Japan, International conference
Nov. 2013 - 暗号システムへの故障利用解析
崎山一男
Oral presentation, Japanese, 2013年電子情報通信学会ソサイエティ大会, 福岡, Domestic conference
19 Sep. 2013 - 暗号システムへの故障利用解析
崎山一男
Oral presentation, Japanese, 2013年電子情報通信学会ソサイエティ大会, 電子情報通信学会, 福岡, Domestic conference
19 Sep. 2013 - AES暗号回路における信号遷移回数を用いたサイドチャネル情報に関する考察
松原有沙; 云峰, 李陽; 中曽根俊貴; 太田和夫; 崎山一男
Oral presentation, Japanese, ISEC2013-45(研究会),電子情報通信学会
Jul. 2013 - Arbiter PUFのFPGA実装における評価手法と脆弱性
町田卓謙; 中曽根俊貴; 崎山一男
Oral presentation, Japanese, ISEC2013-18(研究会),電子情報通信学会
Jul. 2013 - Toward Practically Secure and Flexible RFID Tags
李陽; 中曽根俊貴; 崎山一男
Public symposium, English, Hot Channel Workshop 2013 (2013年4月12日), Hot Channel Workshop 2013, 東京
Apr. 2013 - NU-FVAに基づく新たな鍵復元攻撃について,”
松原有沙; 李陽; 太田和夫; 崎山一男
Public symposium, Japanese, Hot Channel Workshop 2013 (2013年4月11日), Hot Channel Workshop 2013, 東京
Apr. 2013 - OSKプロトコル向け軽量暗号アルゴリズムの実装評価
三上修吾; 渡辺大; 崎山一男
Public symposium, Japanese, Hot Channel Workshop 2013 (2013年4月11日), Hot Channel Workshop 2013, 東京
Apr. 2013 - PUFを用いる鍵生成方法とその安全性
駒野雄一; 太田和夫; 崎山一男; 岩本貢
Public symposium, Japanese, Hot Channel Workshop 2013, (2013年4月11日)., Hot Channel Workshop 2013, 東京
Apr. 2013 - 故障混入時のAES暗号ハードウェアの脆弱性について
松原有沙; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, IEICE2013年総合大会(学生ポスターセッション)
Mar. 2013 - クーポンコレクタ問題を利用したノイズに強い飽和フォールト攻撃
佐々木悠; 李陽; 阪本光; 崎山一男
Oral presentation, Japanese, IEICE2013年総合大会
Mar. 2013 - システム上にあるSRAMの電荷保持時間とPUF特性を利用したDoS攻撃対策
中曽根俊貴; 李陽; 崎山一男
Oral presentation, Japanese, IEICE2013年総合大会
Mar. 2013 - Toward Flexible Privacy Protection for RFID Tags Using Privacy-Mode Switching
Yang Li; Hikaru Sakamoto; Iwamasa Nishikado; Takafumi Saito; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, IEICE2013年総合大会
Mar. 2013 - Two Topics in Cryptographic Hardware: Coupon DFA and Secure RFID
Yang Li; Kazuo Sakiyama
Public symposium, Japanese, Compview暗号理論ワークショップ2013, Compview暗号理論ワークショップ2013, 東京
Feb. 2013 - Mechanism Analysis for Non-Uniform Mapping of Faulty S-box –Case Study of AES-COMP–
松原有沙; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - CC-EMAとCEMAの攻撃性能の比較
中曽根俊貴; 李陽; 佐々木悠; 岩本貢; 太田和夫; 崎山一男
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - Mechanism Analysis for Non-Uniform Mapping of Faulty S-box –Case Study of AES-COMP–
松原有沙; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - 巡回シフトを用いたPUFに基づくパターン照合鍵生成システムの実装評価
岩井佑樹; 福島崇文; 森山大輔; 松尾真一郎; 駒野雄一; 岩本貢; 太田和夫; 崎山一男
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - レスポンス数の向上手法を適用したラッチPUFのASIC実装評価
山本大; 崎山一男; 岩本貢; 太田和夫; 武仲正彦; 伊藤孝一; 鳥居直哉
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - RFID認証プロトコル向け軽量暗号アルゴリズムの実装評価
三上修吾; 渡辺大; 本間尚文; 崎山一男
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - PUF出力の一部を用いるパターン照合鍵生成システム
駒野雄一; 太田和夫; 岩本貢; 崎山一男
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - 故障感度隠蔽のための効率的な対策とその評価
遠藤翔; 李陽; 本間尚文; 崎山一男; 藤本大介; 永田真; 太田和夫; 青木孝文
Oral presentation, Japanese, 2013年 暗号と情報セキュリティシンポジウム (SCIS'13)
Jan. 2013 - Key Recovery with Less Power Traces Using DPA Contest Data
Yang Li; Daisuke Nakatsu; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Poster Session, CHES2012
Sep. 2012 - Locality Randomization for EMA-Resistant AES Hardware
Toshiki Nakasone; Daisuke Nakatsu; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Triangle Symposium on Advanced ICT 2012 (TriSAI 2012)
Sep. 2012 - 故障感度解析とその応用について
Kazuo Sakiyama
Public symposium, Japanese, 16回情報科学研究科セミナー@JAIST, 16回情報科学研究科セミナー@JAIST, 東京
Mar. 2012 - Fault Behavior Analysis
Kazuo Sakiyama
Public symposium, Japanese, Compview暗号理論ワークショップ2012, Compview暗号理論ワークショップ2012, 東京
Feb. 2012 - PUFを用いる証明可能安全なパターン照合鍵生成方法
駒野雄一; 太田和夫; 﨑山一男; 岩本貢
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - 54ステップのSHA-0への原像攻撃
小松原航; 王磊; 佐々木悠; 﨑山一男; 太田和夫
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - Threshold Implementation を利用したストリーム暗号Enocoro-128 v2の相関電力解析対策
三上修吾; 吉田博隆; 渡辺大; 﨑山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - Access-Driven Cache Attackの自動的な攻撃評価手法の提案
高橋順子; 阪本光; 福永利徳; 冨士仁; 﨑山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - テンプレートを利用した時系列電力解析
中津大介; 李陽; 太田和夫; 﨑山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - IRドロップを利用した故障感度解析と高温環境下における影響
小池彩歌; 李陽; 中津大介; 太田和夫; 﨑山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - クロック間衝突を利用した電磁波解析
中曽根俊貴; 中津大介; 李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - Sensitive-Data Dependency of Faulty Behavior and Its Application
李陽; 太田和夫; 崎山一男
Oral presentation, Japanese, 2012年 暗号と情報セキュリティシンポジウム (SCIS'12)
Jan. 2012 - 国際会議CHES2011 報告
伊豆哲也; 猪俣敦夫; 桶屋勝幸; 川端健; 駒野雄一; 﨑山一男; 酒見由美; 佐藤証; 須賀祐治; 高木剛; 高橋順子; 角尾幸保; 盛合志帆; 堀洋平; 本間尚文; 渡辺大
Oral presentation, English, ISEC2011-66,ISEC研究会
Dec. 2011 - [招待講演]マスク対策AESに対する誤り暗号文を用いた故障感度解析~CHES2011での発表のレビュー~
李陽; 太田和夫; 﨑山一男
Oral presentation, English, ISEC2011-66,ISEC研究会
Dec. 2011 - [招待講演]Uniquness Enhancement of PUF Responces Based on the Locations of Random Outputting RS Latches
山本大; 﨑山一男; 岩本貢; 太田和夫; 落合隆夫; 武仲正彦; 伊藤孝一
Oral presentation, English, ISEC2011-66,ISEC研究会
Dec. 2011 - クロック間衝突を用いた楕円曲線暗号実装に対する故障感度解析
阪本光; 李陽; 太田和夫; 﨑山一男
Oral presentation, English, ISEC2011-49
Nov. 2011 - First Experimental Results of Correlation-Enhanced EMA Collision Attack
Toshiki Nakasone; Daisuke Nakatsu; Yang Li; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Poster Session, CHES2011
Sep. 2011 - Rebound Attack on 3D Block Cipher,” In Proc. Triangle Symposium on Advanced ICT 2011 (TriSAI’11)
Takuma Koyama; Yu Sasaki; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2010 (TriSAI 2011)
Aug. 2011 - Preimage Attacks on 5-Pass HAVAL Reduced to 158-Steps and One-Block 3-Pass HAVAL
Yasuhide Sakai; Yu Sasaki; Lei Wang; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Industrial Track Session, ACNS2011
Jun. 2011 - New Differential Fault Analysis on Trivium Based on Setup-Time Violations
Qi Li; Shigeto Gomisawa; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, ISEC2010-122
Mar. 2011 - Fault Sensitivity Analysis
Kazuo Sakiyama
Public symposium, Japanese, Compview暗号理論ワークショップ2011, Compview暗号理論ワークショップ2011, 東京
Feb. 2011 - Joux-Lucksの3-collisions探索アルゴリズムに関する計算量の詳細な検討
名渕大樹; 岩本貢; 﨑山一男; 太田和夫
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - 158stepの5-pass HAVALと1-Block 3-pass HAVALへの原像攻撃
酒井靖英; 佐々木悠; 王磊; 﨑山一男; 太田和夫
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - AES-128 に対する複数ラウンドCPA
中津大介; 太田和夫; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - 再暗号化鍵匿名性を満たすIDベースプロキシ再暗号化方式
松田和也; 川合豊; 﨑山一男; 太田 和夫
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - MAC-MD5へのフォールト解析攻撃
五味澤重友; 王磊; 太田和夫; 山口和彦; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - 楕円曲線暗号実装に対するFault Sensitivity Analysis
阪本光; 李陽; 太田和夫; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - Self-Template Fault Sensitivity Analysis
李陽; 太田和夫; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - 電磁波解析における局所性と放射磁界方向について
落合隆夫; 山本大; 伊藤孝一; 武仲正彦; 鳥居直哉; 内田大輔; 永井利明; 若菜伸一; 岩本貢; 太田和夫; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - 7 及び8 ラウンド既知鍵AES識別機の実装
高柳真如; 佐々木悠; 李陽; 太田和夫; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - 故障感度解析を利用したPUFの実現について
岩井祐樹; 太田和夫; 﨑山一男
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - ラッチの乱数出力位置を利用したPUFによるID生成/認証システムの信頼性向上手法
山本大; 﨑山一男; 岩本貢; 太田和夫; 落合隆夫; 武仲正彦; 伊藤孝一
Oral presentation, English, 2011年 暗号と情報セキュリティシンポジウム (SCIS'11)
Jan. 2011 - A New Fault Analysis Attack (joint work with Yang Li and Kazuo Ohta)
Kazuo Sakiyama
Public symposium, English, 2010 Japan-Taiwan Joint Research Symposium on Cryptography and Next IT-society, 2010 Japan-Taiwan Joint Research Symposium on Cryptography and Next IT-society, 東京
Nov. 2010 - Cryptanalysis and Side-channel Analysis - Approach to Optimal Differential Fault Analysis (joint work with Yang Li and Kazuo Ohta)
Kazuo Sakiyama
Public symposium, English, Forum Math-for-Industry 2010, Forum Math-for-Industry 2010, 東京
Oct. 2010 - Another Differential Fault Analysis on Trivium
Qi Li; Kazuo Sakiyama; Lei Wang; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2010 (TriSAI 2010)
Oct. 2010 - Effective Verification for Known- Key Distinguisher by Using Extended Differential Path
Naoyuki Takayanagi; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2010 (TriSAI’10)
Oct. 2010 - CryptoVerifを用いたRFID向け相互認証プロトコルの安全性証明の検討
花谷嘉一; 大久保美也子; 松尾真一郎; 太田和夫; 崎山一男
Oral presentation, English, 日本応用数理学会2010年度年会 FAISセッション
Sep. 2010 - 回転操作が可能な視覚復号型秘密分散法の一般的構成法
岩本貢; 李陽; 崎山一男; 太田和夫
Oral presentation, English, ISEC2010-49
Sep. 2010 - New Non-Ideal Properties of AES-Based Permutations: Applications to ECHO and Grøstl
Yu Sasaki; Yang Li; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, The Second SHA-3 Candidate Conference
Aug. 2010 - New Non-Ideal Properties of AES-Based Permutations: Applications to ECHO and Grøstl
Yu Sasaki; Yang Li; Lei Wang; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, The Second SHA-3 Candidate Conference
Aug. 2010 - How Can We Conduct Fair and Consistent Hardware Evaluation for SHA-3 Candidate?
Shin'ichiro Matsuo; Miroslav Kne; i; Patrick Schaumont; Ingrid Verbauwhede; Akashi Satoh; Kazuo Sakiyama; Kazuo Ota
Oral presentation, English, The Second SHA-3 Candidate Conference
Aug. 2010 - SASEBO-GIIを用いたSHA-3候補のハードウェア性能評価
小林和幸; 池上淳; 松尾真一郎; 崎山一男; 太田和夫
Oral presentation, English, 第15回共同研究成果報告会
Jun. 2010 - 暗号技術の実装について
Kazuo Sakiyama
Public symposium, Japanese, CRYPTRECシンポジウム2010, CRYPTRECシンポジウム2010, 東京
Mar. 2010 - 強識別不可能性理論とSHA-3プロジェクト ~ハッシュ関数設計のための理論研究と実装研究の現状~
太田和夫; 王磊; 崎山一男
Oral presentation, English, ISEC2009-104
Mar. 2010 - 暗号理論に関する問題提起と討論
Kazuo Sakiyama
Public symposium, Japanese, Compview暗号理論ワークショップ2010, Compview暗号理論ワークショップ2010, 東京
Feb. 2010 - SASEBO-GIIを用いたSHA-3候補のハードウェア性能評価
池上淳; 小林和幸; 崎山一男; 太田和夫
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010 - Katz らのLeakage Resilient t-time 署名の解析
松田和也; 坂井祐介; 太田和夫; 崎山一男
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010 - 公開鍵暗号の SPA/DPA 耐性向上に向けた対策アルゴリズムの再考
泉雅巳; 崎山一男; 太田和夫; 佐藤証
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010 - DPA耐性のあるソフトウェア実装のための安全なCPU
中津大介; 李陽; 崎山一男; 太田和夫
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010 - PUF-HBプロトコルに対する中間者攻撃
長井大地; 塙知剛; 太田和夫; 崎山一男; 岩本貢
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010 - An Information Theoretic Perspective on the Differential Fault Analysis against AES
Yang Li; Shigeto Gomisawa; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, IEICE 2010 Symposium on Cryptography and Information Security (SCIS'10)
Jan. 2010 - AES暗号実装へのフォールト解析攻撃における適用範囲の拡大と解析効率の向上
五味澤重友; 泉雅巳; 李陽; 高橋順子; 福永利徳; 佐々木 悠; 崎山 一男; 太田 和夫
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010 - HB-MAC 認証プロトコルに対する受動的攻撃
塙知剛; 川合豊; 崎山一男; 太田和夫
Oral presentation, English, 2010年 暗号と情報セキュリティシンポジウム (SCIS'10)
Jan. 2010 - Performance Comparison of Lightweight Public-Key Identification Schemes
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
Oral presentation, English, WISP Summit - First workshop on Wirelessly Powered Sensor Networks and Computational RFID
Nov. 2009 - An Extension of Differential Fault Analysis Attack of AES
Shigeto Gomisawa; Masami Izumi; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI 2009)
Oct. 2009 - Comparison of Masked S-boxes in Hardware Implementation
Daisuke Nakatsu; Yang Li; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI 2009)
Oct. 2009 - Cryptoanalysis of Duc-Kim Key Exchange Protocol Proposed at TriSAI'08
Tomotaka Hanawa; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI 2009)
Oct. 2009 - Visual Secret Sharing Schemes Allowing Arbitrary Rotation Angles of Shares
Yang Li; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, Triangle Symposium on Advanced ICT 2009 (TriSAI 2009)
Oct. 2009 - Improving Efficiency of an 'On the Fly' Identification Scheme by Perfecting Zero-Knowledgeness
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama; Goichiro Hanaoka
Oral presentation, English, ISEC2009-30
Jul. 2009 - Countermeasures Against Side-channel Attacks and Their Side Effects
Kazuo Sakiyama
Keynote oral presentation, Japanese, RSA Conference 2009, RSA Conference 2009, 千葉, International conference
Jun. 2009 - A Novel Construction Method for Visual Secret Sharing Schemes Allowing Rotation of Shares
Yang Li; Mitsugu Iwamoto; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, ISEC2009-5
May 2009 - Yet Another New “On the Fly” Identification Scheme: Reducing Memory Cost by Improving Zero-Knowledgeness,
Bagus Santoso; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, IEICE 2009 Symposium on Cryptography and Information Security (SCIS'09)
Jan. 2009 - フォールト混入時におけるRSL 技術による暗号回路モデルを用いた安全性解析
泉 雅巳; 崎山一男; 太田和夫
Oral presentation, English, 2009年暗号と情報セキュリティシンポジウム (SCIS'09)
Jan. 2009 - 高周波クロックによるRSL技術を用いたAESへのフォールト攻撃実験
八木達哉; 崎山一男; 太田和夫
Oral presentation, English, 2009年暗号と情報セキュリティシンポジウム (SCIS'09)
Jan. 2009 - MD5チャレンジ・レスポンスプロトコルへの速い攻撃
Lei Wang; Yu Sasaki; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, IEICE 2009 Symposium on Cryptography and Information Security (SCIS'09)
Jan. 2009 - Visual Secret Sharing Schemes for Multiple Secret Images Allowing the 90-degree Rotation of Shares
Yang Li; Mengyu Zhu; Wang Lei; Kazuo Ohta; Kazuo Sakiyama
Oral presentation, English, IEICE 2009 Symposium on Cryptography and Information Security (SCIS'09)
Jan. 2009 - Does The Montgomery Powering Ladder Method Really Offer SPA Resistance?
Masami Izumi; Kazuo Sakiyama; Kazuo Ohta
Oral presentation, English, Triangle Symposium on Advanced ICT 2008 (TriSAI 2008)
Oct. 2008 - A Compact ECC Processor for Pervasive Computing
Yong Ki Lee; Kazuo Sakiyama; Lejla Batina; Ingrid Verbauwhede
Oral presentation, English, ECRYPT Workshop, Secure Component and System Identification (SECSI'08)
Mar. 2008 - Elliptic Curve Cryptography on Embedded Multicore Systems
Junfeng Fan; Kazuo Sakiyama; Ingrid Verbauwhede
Oral presentation, English, Workshop on Embedded Systems Security (WESS’07)
Oct. 2007 - Exploring Trade-offs between Area, Performance and Security in HW/SW Co-design of ECC
Caroline Vanderheyden; Junfeng Fan; Kazuo Sakiyama; Ingrid Verbauwhede
Oral presentation, English, Western European Workshop on Research in Cryptology (WeWoRC’07)
Jul. 2007 - Montgomery Modular Multiplication Algorithm for Multi-core Systems
Junfeng Fan; Kazuo Sakiyama; Ingrid Verbauwhede
Oral presentation, English, ECRYPT Workshop, Software Performance Enhancement for Encryption and Decryption (SPEED’07)
Jun. 2007 - Compact Implementations for RFID and Sensor Nodes
Lejla Batina; Kazuo Sakiyama
Public symposium, Japanese, Design, Automation and Test in Europe (DATE'07), Design, Automation and Test in Europe (DATE'07), Nice, France
Apr. 2007 - Small Footprint ALU for Public-key Processors for Pervasive Security
Kazuo Sakiyama; Lejla Batina; Nele Mentens; Bart Preneel; Ingrid Verbauwhede
Oral presentation, English, ECRYPT Workshop on RFID Security 2006
Jul. 2006 - Testing Framework for eSTREAM Profile II Candidates
Lejla Batina; Sandeep Kumar; Joseph Lano; Kerstin Lemke; Nele Mentens; Christoph Paar; Bart Preneel; Kazuo Sakiyama; Ingrid Verbauwhede
Oral presentation, English, ECRYPT Workshop, SASC - The State of the Art of Stream Ciphers
Feb. 2006 - HW/SW Co-design for TA/SPA-resistant Public-Key Cryptosystems
Kazuo Sakiyama; Lejla Batina; Patrick Schaumont; Ingrid Verbauwhede
Oral presentation, English, ECRYPT Workshop on CRyptographic Advances in Secure Hardware (CRASH’05)
Sep. 2005 - ZnF2:Gdを用いたEL-PL複合素子(II)
平川 孝; 崎山一男; 趙永載; 濱川圭弘
Oral presentation, Japanese, 第57回応用物理学会学術講演会講演予稿集,第57回応用物理学会学術講演会講演予稿集
Sep. 1996 - EL/PL Hybrid Device Enhanced by UV Emission from ZnF2:Gd Thin Film Electroluminescence
Young-Jae Cho; Takashi Hirakawa; Kazuo Sakiyama; Hiroaki Okamoto; Yoshihiro Hamakawa
Oral presentation, English, 8th Seoul International Symposium on the Physics of Semiconductors and Applications (ISPSA'96)
Sep. 1996 - ZnF2:Gdを用いたEL-PL複合素子
崎山一男; 趙永載; 濱川圭弘
Oral presentation, Japanese, 第56回応用物理学会学術講演会講演予稿集,第56回応用物理学会学術講演会講演予稿集
Aug. 1995 - a-Si:H層を用いたEL素子の低しきい電圧化
森田真太郎; 崎山一男; 趙永載; 濱川圭弘
Oral presentation, Japanese, 第55回応用物理学会学術講演会講演予稿集,第56回応用物理学会学術講演会講演予稿集
Sep. 1994
Courses
Research Themes
- Trustworthy IoTシステム設計基盤の構築
原 祐子
科学技術振興機構, 戦略的な研究開発の推進 戦略的創造研究推進事業 CREST, 東京工業大学, 近年、IC製造工程に外部企業が関わることで、IC設計技術(IP)盗用や非正規品流通の問題が深刻化しています。本研究は、ICサプライチェーン全体の安全性要件を抽出・モデル化し、その要件を満たす新たな仕組みを高機能暗号を基盤として構築することで、ICのIP保護と真正性確認の一括した実現を目指します。この仕組みをIC設計時にby-Designで設計情報に組み込むための設計手法とその設計環境を開発します。
2023 - 2028 - センサーに内在する固有性の拡散と収縮に基づく非暗号学的計測セキュリティ
三浦 典之
日本学術振興会, 科学研究費助成事業 基盤研究(B), 大阪大学, 基盤研究(B), Coinvestigator, 23H03364
Apr. 2023 - Mar. 2026 - Construction of Provably Secure Countermeasures Against Physical Attacks on Symmetric Cryptography
崎山 一男
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research, The University of Electro-Communications, Grant-in-Aid for Scientific Research (B), Principal investigator, 23H03393
Apr. 2023 - Mar. 2026 - スケーラブルな物理セキュリティを可能にする近似計算の設計基盤と理論の構築
冨山 宏之
IoTデバイスは、フィールドに配置される性質上、サイドチャネル攻撃などの物理攻撃にさらされやすい。一方、IoTデバイスは多種多様であり、セキュリティ対策に許容されるコストも様々である。本研究では、IoTデバイスを対象として、スケーラブルな物理セキュリティを実現する設計基盤と理論の構築を目的とする。この目的を達成するため、近似計算(Approximate Computing)技術をサイドチャネル攻撃対策に応用する。これにより、セキュリティの実装コストと安全性をトレードオフでき、多種多様なIoTデバイスを、それぞれ許容されるコストで保護することが可能となる。
01 Apr. 2020 - 31 Mar. 2024 - Resilience Enhancement of IoT Ecosystem by Cryptographic Technologies
崎山 一男; 廣瀬 勝一; 李 陽; 宮原 大輝; 渡邉 洋平; 岩本 貢; 駒野 雄一; 菅原 健; 三浦 典之; 太田 和夫
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research Grant-in-Aid for Scientific Research (S), The University of Electro-Communications, Grant-in-Aid for Scientific Research (S), Principal investigator, リーク耐性暗号、リーク鍵の蒸留、及びリーク検知技術の3つの研究テーマの実績は以下の通りである。得られた成果は国内会議、国際会議、及び論文誌で発表した。 1)リーク耐性暗号: IDベース暗号について、マスター鍵が漏洩する場合でも安全となる構成法を提案した。また、復号鍵の漏洩に耐性のある鍵失効機能付きIDベース暗号の効率化に成功した。さらに、秘密鍵の盗難や紛失時の鍵漏洩耐性や秘密鍵自体の分散管理について検討した。カードベース暗号について、新しい物理道具を用いる秘密計算プロトコルを提案した。暗号利用モードについては、Lesamnta-LWの性能向上と応用について提案した。情報漏洩の形式的モデルへのフィードバックについては、演算器やマイクロアーキテクチャを精査し、新たな漏洩源を発見するとともに対策法を提案した。 2)リーク鍵の蒸留:AES暗号の秘密鍵復元において、検査フェイズを新たに導入し、従来0%の復元成功確率であった解析を約40%に向上することができた。プロービング攻撃への対策であるマスク実装について、あるブール関数を用いることで効率化できることを発見した。また、SHA-256圧縮関数の代数的故障利用解析やMAC関数chop-MDの偽造攻撃について、効率的な解析手法を考案した。チーム三浦/岩本との連携では、リキー方式の安全性と実装性を再考し、攻撃検知後に漏洩リスク下にある部分鍵を更新する新たな方式を構築した。この方式を搭載したAES暗号処理回路を設計した。 3)リーク検知技術:KU Leuven大と共同で作製したM&M技術により対策されたAES暗号ハードウェアの安全性評価を完了した。さらに連携を深めることで、リーケージセンサとアルゴリズムレベルでの対策技術の協調設計手法に着手できた。リーケージセンサについては、物理的なダイレクトプロービング攻撃の検知感度を高めた新たな回路を開発した。, 18H05289
Jun. 2018 - Mar. 2023 - Comprehensive study on anti-tamper techniques to prevent information leakage by laser fault injection attacks
Sakiyama Kazuo; VERBAUWHEDE Ingrid; DANGER Jean-Luc; BHASIN Shivam
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research Grant-in-Aid for Scientific Research (A), The University of Electro-Communications, Grant-in-Aid for Scientific Research (A), Principal investigator, In this research, we have established fundamental countermeasure techniques against laser fault injection attacks, where an attacker intentionally induces soft errors in a cryptographic circuit to retrieve secret information. Specifically, we have conducted four research items; (1) construction of evaluation environment of laser fault injection attacks, (2) measurement of substrate potential fluctuation at laser irradiation and development of attack detection method, (3) development of countermeasure techniques for cryptographic-algorithm level based on detection, and (4) safety evaluation of countermeasure technology. We have deepened our understandings of the information leakage mechanism in the laser fault injection attack from physical and mathematical viewpoints and clarified the feasibility of countermeasure techniques using a prototype IC chip., 15H01688
Apr. 2015 - Mar. 2019 - Security Evaluation of Authentication Systems Using Side-Channel Information
Sakiyama Kazuo
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research Grant-in-Aid for Challenging Exploratory Research, The University of Electro-Communications, Grant-in-Aid for Challenging Exploratory Research, Principal investigator, Previous work on side-channel information, physical information such as power leakage and electromagnetic waves leaked from a cryptographic system, focused on a case study of attacks that analyzed a part of side channel information and acquired a secret key. On the other hand, in this research project, we changed the way of thinking about side-channel information and set up a research framework that effectively utilizes all of the side-channel information. As an application, we proposed and constructed a new cryptosystem such as an authentication system, a ranging device, and an intrusion detection device using side-channel information, and demonstrated the enhancement of security. A series of efforts and understandings on this research topic has contributed to the development of side-channel analysis research., 15K12035
Apr. 2015 - Mar. 2018 - Development of Side-Channel Attack Sensing Techniques and Prototyping toward Electromagnetic Security of Cryptographic VLSI Circuits
Nagata Makoto; Danger Jean-Luc
Japan Society for the Promotion of Science, Grants-in-Aid for Scientific Research Grant-in-Aid for Scientific Research (A), Kobe University, Grant-in-Aid for Scientific Research (A), Coinvestigator, Cryptographic VLSI techniques have been established for assuring electromagnetic security with remarkably high tamper resistance against side-channel attacks. Three research items include: (1) On-chip detection of the proximate placement and approach of electromagnetic micro probes as the side-channel attack sensing technique, (2) integrated simulation techniques of electromagnetic coupling between the electromagnetic micro probe and on-chip side-channel sensors and also circuit operations, (3) positive usage of side-channel information for the authentication of cryptographic cores. These research items have been successfully completed and demonstrated with the fabricated integrated-circuit (IC) chips and prototype systems., 26240005
Apr. 2014 - Mar. 2017
Industrial Property Rights
- 認証システム及び認証方法
Patent right, 﨑山一男, 李陽, 特願2015-560958, Date applied: 29 Jan. 2015, 国立大学法人電気通信大学, 特許第6348914号, Date issued: 08 Jun. 2018 - 回路故障検出装置、回路故障検出方法
Patent right, 佐々木悠, 崎山一男, 太田和夫, 特願2010-275596, Date applied: 10 Dec. 2010, 東日本電信電話株式会社 、国立大学法人電気通信大学, 特開2012-122931, Date announced: 28 Jun. 2012, 特許第5637446号, Date issued: 31 Oct. 2014 - 電気錠システム
Patent right, 中谷浩茂, 梶山智史, 鍋嶋秀生, 太田和夫, 﨑山一男, 特願2010-168367, Date applied: 27 Jul. 2010, Panasonic Corporation, 特開2012-026225, Date announced: 09 Feb. 2012, 特許第5450303号, Date issued: 10 Jan. 2014 - 個体別情報生成装置及び個体別情報生成方法
Patent right, 山本大, 武仲正彦, 伊藤孝一, 落合隆夫, 岩本貢, 太田和夫, 崎山一男, 特願2011-278999, Date applied: 20 Dec. 2011, 富士通株式会社,国立大学法人電気通信大学, 特開2013-131867, Date announced: 04 Jul. 2013 - 温度センサ,暗号化装置,暗号化方法,及び個体別情報生成装置
Patent right, 山本大, 落合隆夫, 武仲正彦, 伊藤孝一, 崎山一男, 岩本貢, 太田和夫, 特願2011-279000, Date applied: 20 Dec. 2011, 富士通株式会社,国立大学法人電気通信大学, 特開2013-130434, Date announced: 04 Jul. 2013 - 温度センサ,暗号化装置,暗号化方法,及び個体別情報生成装置
Patent right, 山本大, 落合隆夫, 武仲正彦, 伊藤孝一, 崎山一男, 岩本貢, 太田和夫, 特願2011-279001, Date applied: 20 Dec. 2011, 富士通株式会社,国立大学法人電気通信大学, 特開2013-131868, Date announced: 04 Jul. 2013 - 個体別情報生成装置,暗号化装置,認証装置,及び個体別情報生成方法
Patent right, 山本大, 竹仲正彦, 伊藤孝一, 落合隆夫, 崎山一男, 岩本貢, 太田和夫, 特願2011-279002, Date applied: 20 Dec. 2011, 富士通株式会社,国立大学法人電気通信大学, 特開2013-131869, Date announced: 04 Jul. 2013 - 暗号化鍵生成装置およびプログラム
Patent right, 駒野雄一, 太田和夫, 崎山一男, 特願2011-275637, Date applied: 16 Dec. 2011, 株式会社東芝, 特開2013-126221, Date announced: 24 Jun. 2013 - 電源遮断時間判定装置及び無線タグ
Patent right, 﨑山一男, 李陽, 中曽根俊貴, 山本晃裕, 特願2013-038790, Date applied: 28 Feb. 2013, 国立大学法人電気通信大学 - 本人確認システム
Patent right, サントソバグス, 崎山一男, 太田和夫, 特願2008-289266, Date applied: 11 Nov. 2008, 国立大学法人電気通信大学, 特開2010-118796, Date announced: 27 May 2010