|
In cryptography, power analysis is a form of side channel attack in which the attacker studies the power consumption of a cryptographic hardware device (such as a smart card, tamperproof "black box", microchip, etc). It can yield information about what the device is doing, and sometimes even some key material. It was introduced in 1999 by Paul Kocher, Joshua Jaffe and Benjamin Jun. Cryptography has had a long and colourful history. ...
In cryptography, a side channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than theoretical weaknesses in the algorithms (compare cryptanalysis). ...
A smartcard or smart card is a tiny secure cryptoprocessor embedded within a credit card-sized or smaller (like the GSM SIM) card. ...
In the field of computer security, system hardware is said to be tamper-resistant if it is difficult to modify or subvert, even for an assailant who has physical access to the system. ...
A Microchip is, properly, an integrated circuit. ...
A key is a piece of information that controls the operation of a cryptography algorithm. ...
1999 is a common year starting on Friday Anno Domini (or the Current Era), and was designated the International Year of Older Persons by the United Nations. ...
Paul C. Kocher is an American cryptographer and cryptography consultant, currently the president of Cryptography Research, Inc. ...
Differential power analysis is an extension of power analysis that can allow an attacker to compute the intermediate values of data blocks and key blocks. Differential power analysis (DPA) is a method of attacking a cryptosystem which exploits the varying power consumption of microprocessors while executing cryptographic program code. ...
Basics
Examining graphs of time against current used by a device can often show exactly what the device is doing at a given point. For example, on a graph of a smart card performing a DES encryption, the sixteen rounds can be seen clearly. In electricity, current is the rate of flow of charges, usually through a metal wire or some other electrical conductor. ...
General Designer(s) IBM First published 1975 (January 1977 as the standard) Derived from Lucifer (cipher) Cipher(s) based on this design Triple DES, G-DES, DES-X, LOKI89, ICE Algorithm detail Block size(s) 64 bits Key size(s) 56 bits Structure Feistel network Number of rounds 16 Best...
The currents passing through a device are usually small, but electronics laboratories usually possess equipment precise and accurate enough to measure them reliably and frequently. It is reasonable for a cryptosystem designer to assume that an adversary will have access to such equipment. A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography. ...
Power analysis does not seek to find weaknesses in algorithms or protocols so much as in their implementations. It provides a way to "see inside" otherwise 'tamperproof' hardware. For example, DES's key schedule involves rotating 28-bit key registers. In order to save time, most implementations simply check the least significant bit to see if it is a 1. If so, it divides the register by two and prepends the 1 at the left end. Power analysis can show the difference between a register with a 1 and a register with a 0 at the end when this happens. This can leak information about key material. DES's permutations, usually clumsily implemented in software, reveal even more information through conditional branches. The key-schedule of DES In cryptography, the algorithm for computing the subkeys for each round in a product cipher from the encryption (or decryption) key is called the key schedule. ...
Preventing Power Analysis Attacks Power analysis can most easily distinguish conditional branches in the execution of the cryptographic program since a device does different things (requiring different power) depending on which conditional branch is executed. For this reason, care should be taken to ensure there should be no differences (from a power perspective) in the conditional branches within cryptographic software implementations. All rotations, permutations and logical operations (such as XOR) should take the same time and draw equivalent power, no matter what the input. Exclusive disjunction (usual symbol xor) is a logical operator that results in true if one of the operands (not both) is true. ...
There are, however, some algorithms with inherently significant branching. To eliminate information leakage from these, software engineers may have to be very creative. This creative engineering may cause a performance reduction (in speed typically), and will almost always require greater development effort, which must be weighed against the possibility of power analysis.
An alternative, in some cases, is to use a hard-wired hardware cryptographic device. Their power consumption can vary very little, due to their construction. However, in the case of smart cards, for example, it is not always possible to replace software implementations with hardware implementations.
Another alternative involves algorithmic modifications such that the cryptographic operations occur on data that is related to the actual value by some mathematical relationship that survives the cryptographic operation. This is called blinding, and usually implies an algorithm that is based on number theory, such as factoring or discrete logarithms. In cryptography, blinding is a technique by which an agent can provide a service to (i. ...
References - P. Kocher, J. Jaffe, B. Jun, "Differential Power Analysis," Advances in Cryptology - Crypto 99 Proceedings, Lecture Notes In Computer Science Vol. 1666, M. Wiener ed., Springer-Verlag, 1999.
|
Feeds |
Contact