Cryptography Research Educates Developers about Side-Channel Analysis Attacks on Embedded Devices

SAN FRANCISCO, California — July 8, 2008 — Cryptography Research, Inc. (CRI) today announced that it will hold a one-day workshop about how to thwart attacks on embedded devices like mobile communication systems. The workshop is entitled: “An Introduction to Side-Channel Analysis, SPA, DPA and Timing Attacks” and will take place at the Crowne Plaza Washington DC/Silver Spring Hotel on August 14, 2008.

This is the third in a series of embedded system security workshops CRI has run this year. Participants will get up to speed on side-channel attacks, including power analysis attacks such as Simple Power Analysis (SPA), Differential Power Analysis (DPA) and timing analysis. CRI will examine practical design approaches to countering power analysis threats and review the state of associated U.S. and international security evaluation certifications, such as U.S. Federal Information Processing Standard (FIPS) 140-3 and Common Criteria.

“Side-channel vulnerabilities—including SPA, DPA and timing attacks—are well known in the smart card industry and becoming increasingly recognized as powerful threats to tamper-resistant devices and embedded systems,” said Ken Warren, smart card business manager at CRI. “We have been solicited to offer this workshop again as participants have greatly appreciated the practical insights gained in defending against these real-world attacks.”

Attendees will also have the opportunity to perform hands-on exercises, including simulating a timing attack and using SPA to interpret power traces, as well as recover a simulated PIN. CRI will also demonstrate a live DPA attack using the DPA WorkstationTM.

Differential power analysis (DPA) was discovered at CRI by Paul Kocher, Joshua Jaffe and Benjamin Jun, who demonstrated that power consumption measurements of smart card and other devices could be analyzed to find secret keys. Vulnerable devices can be exploited by attackers to counterfeit digital cash, duplicate ID cards, pirate digital content or mount other attacks.

The prime audiences for the workshop include developers and architects of hardware and software security products, as well as evaluators and technical writers of requirements for tamper resistant products. Technologists designing and testing tamper resistant systems for consumer products, financial systems, anti-piracy/conditional access systems, or government/defense applications are encouraged to attend.

The full agenda and registration form for the Introduction to the Side-Channel Analysis Workshop can be found online at http://www.cryptography.com/newsevents/sidechannel_workshop_overview.html

For more information please contact Ken Warren at ken@cryptography.com.