Cryptography Research to Host Workshop About Securing Tamper Resistant Devices at RSA Conference 2008

SAN FRANCISCO — February 26, 2008 — Cryptography Research, Inc. (CRI), a worldwide leader in security systems, today announced that it will hold a one-day pre-conference tutorial entitled “Securing Tamper Resistant Devices: An Introduction to Timing Attacks, Simple Power Analysis (SPA) and Differential Power Analysis (DPA)” during the RSA Conference 2008, April 7-11, at the Moscone Center in San Francisco.

In the workshop, attendees will receive an introduction to the fundamentals of power analysis, perform hands-on tutorials, examine practical design approaches to countering power analysis and review the current state of related U.S. and international security certifications. This is the second consecutive year that CRI will run this workshop at a RSA conference.

“Last year’s workshop was a tremendous success, and as a result, we are leading the session again,” said Benjamin Jun, vice president of technology at CRI. “Side channel vulnerabilities—including SPA, DPA, and timing attacks—have emerged as powerful, real-world threats to tamper resistant devices and embedded systems. The workshop will emphasize practical aspects of securing devices, in particular for U.S. testing labs and product companies in advance of the upcoming FIPS 140-3 specification.”

DPA was discovered at CRI by Paul Kocher, Joshua Jaffe and Benjamin Jun who demonstrated that power consumption measurements of smart card and other devices could be analyzed to find secret keys. Vulnerable devices can be exploited by attackers to counterfeit digital cash, duplicate ID cards, pirate digital content or mount other attacks.

The primary audience for the workshop includes developers and architects of secure embedded systems, as well as evaluators and individuals designing testing requirements for tamper-resistant products. Technical staff interested in designing and testing tamper-resistant systems for consumer products, financial systems, anti-piracy/conditional access systems or government/defense applications are also encouraged to attend.

The CRI workshop is divided into three sessions. In part one, attendees will receive an introduction to the fundamentals of power analysis, perform a timing attack code review exercise and observe a timing attack demonstration.

Part two explores the practical design approaches to countering power analysis. Participants will work in teams and find a key using SPA. The DPA analysis will be introduced and a live DPA attack will be performed to extract keys from a tamper-resistant device.

Part three focuses on effective technical approaches to DPA resistance and countermeasure implementation. Recommended evaluation processes will also be discussed, together with an overview of the CRI DPA Countermeasure Validation Program for evaluating the effectiveness of products in resisting side channel attacks.

CRI Workshop Details

Who: Benjamin Jun, vice president of technology
Joshua Jaffe, cryptosystem researcher and engineer
Mark Marson, senior cryptographer
Trevor Perrin, software engineer
Joseph Bonneau, cryptographic scientist

What: Pre-conference tutorial (session code TUT M11): “Securing Tamper
Resistant Devices: An Introduction to Timing Attacks, Simple Power Analysis and Differential Power Analysis”

When: Monday, April 7, 2008, 9:00 a.m.—3:30 p.m. PDT

Where: RSA conference 2008, Moscone Center, San Francisco

For more information, please visit: More »