Home > Event > News
[DPA] How Power Usage Can Tumble Security
Swee Won Lo  Mail to Swee Won Lo Date : 2008-10-07 PM 07:54, Hit : 3526  
Note: This is a rephrased and simplified version of an interview with Paul Kocher, president of Cryptography Research, who was part of the team that developed differential power analysis (DPA), a technique for breaking cryptography by observing how much power a system uses. The complete interview can be found in

“The U.S. standards that are in effect now do not require any protection (from DPA) at all. There is a new FIPS 140-3 standard being finalized now, and that will require countermeasures to power-analysis attacks.

In contrast, European-standard products being certified under the European Common Criteria, power analysis is the primary thing they are being tested for.”

What is DPA?
Kocher: It’s a technique that lets you analyze measurements of how much electrical power a chip is consuming as it operates, [in order] to figure out what the cryptographic keys are.

How do you defend against DPA?
Kocher: The most effective technique is changing keys frequently and building the protocols in such a way that you never use a key so many times that somebody can start collecting physical information about it. There are some techniques you can use for public-key systems that let you modify the way the private key is represented and used so that information that leaks out of one transaction can’t be correlated to what leaks out of subsequent transactions.

Where is this type of attack most likely to be used?
Kocher: Identity cards are an area of major concern and counterfeiting. The areas of greatest concern for government folks would be any type of device that can fall into the wrong hands, such as keying devices, identity cards, door entry credentials and network log-in tokens.

"The bad guys already know how to do this. It’s cheap, it’s noninvasive, you can do it with a few thousand dollars’ worth of equipment, so there is nothing keeping them from doing it."

What is timing analysis?
Kocher: It is a somewhat related kind of attack, in which instead of measuring power consumption you measure how long it takes a device to do a computation. If you send millions of different messages to a server and look at how its response times vary depending on what you put into the messages, you can learn something about the computations being done. If it is not properly protected, you can figure out what its keys are.

That kind of attack is practical to mount over a computer network, but it is easier to protect against by making sure that your response times don’t vary.

"It turns out that unless a chip is designed very carefully, it is going to be vulnerable to these kinds of attacks."

Interviewed by William Jackson, published on 06/10/2008.
Today 0 , Total 18 , 1/2 Page.
18 Call for Papers WISA 2010 4778 2010-02-18
17 Call for Papers ICISC 2010 4283 2010-02-18
16 Mobile Security's Stature Increases As RIM Acquires Certicom 3674 2009-03-03
15 Cryptography, Steganography and Watermarking 14450 2009-01-21
14 Stream Ciphers Cower Before Adi Shamir's CUBE ATTACK 4101 2008-10-09
[DPA] How Power Usage Can Tumble Security 3526 2008-10-07
12 [ECC] About Elliptic Curve Cryptography 4939 2008-09-05
11 2008 Ewha-KMS International Workshop on Cryptography 6896 2008-06-09
10 2008 International Conference on Information Culture 2751 2008-06-09
9 Call for Papers in WISA 2008 2960 2008-06-09
 1  2