tamper resistance FAQ

ANSWERS TO COMMON QUESTIONS ABOUT TAMPER RESISTANCE AND DPA.

 

1. What is Differential Power Analysis?

2. How hard is the attack to implement?

3. What products are vulnerable?

4. Can DPA attack systems over the Internet?

5. How was DPA discovered?

6. How can smart card users protect themselves?

7. How can DPA attacks be prevented?

8. What related attacks are known?

9. Who discovered these attacks?

 

1. What is Differential Power Analysis?

Differential Power Analysis (DPA) describes a new class of attacks against smart cards and secure cryptographic tokens. Discovered by researchers at Cryptography Research, DPA attacks exploit characteristic behaviors of transistor logic gates and software running on today's smart cards and other cryptographic devices. The attacks are performed by monitoring the electrical activity of a device, then using advanced statistical methods to determine secret information (such as secret keys and user PINs) in the device.

 

2. How hard is the attack to implement?

Although DPA attacks require a high level of technical skill in several fields to implement, they can be performed using a few thousand dollars (US) of standard equipment and can often break a device in a few seconds to a few hours. DPA attacks can be automated once a device has been characterized.

 

3. What products are vulnerable?

DPA primarily affects cryptographic hardware, though related attacks using electromagnetic radiation from ordinary PCs running cryptographic software can, in some cases, be implemented. While DPA can be applied against a variety of systems, smart cards are especially vulnerable because of their small size and minimal shielding.

 

4. Can DPA attack systems over the Internet?

No. DPA attacks require that attackers have special hardware attached to (or at least physically near) the target device. Cryptography Research does not consider DPA to be a significant threat to Internet-based security applications, such as secure e-mail, computer password protection, or SSL (the security protocol used for much of the World Wide Web).

 

5. How was DPA discovered?

Our research team led by Paul Kocher studies the security characteristics of actual products. Our goal is to learn how to make real-world systems with the highest possible probability of surviving determined, malicious attacks. Although there is a great deal of research suggesting that triple DES, AES, SHA, RSA, and other cryptographic primitives are mathematically strong, these algorithms are not secure against attackers who can "see" the inner workings of the computations. The team chose power analysis for study because of the potential ability to reveal secret information from within the cryptographic computations.

Successful research is always a combination of good fortune and asking the right questions. DPA bridges many levels of a system's design, from individual transistors to high level cryptographic algorithms. Traditionally, system designers have focused only on individual layers of a system design, not interactions between levels. Cryptography Research was able to discover DPA because of our technical experience includes hardware, protocols, cryptographic algorithms, software, management policies, etc.

 

6. How can smart card users protect themselves?

Legitimate smart card users are generally not at risk. Smart cards are only vulnerable while they are operating, and are safe when stored in a wallet or purse. It is difficult to collect the information required for DPA without placing sensors near an operating card, so the techniques generally cannot be used to "clone" smart cards without the owner's knowledge. The only likely exception would be if a card is lost, stolen, or temporarily loaned to someone. Although it would be technically feasible for a waiter or waitress to use DPA to attack credit/debit smart cards, there is no evidence of this occurring as a real-world attack. (In any case, issuers of credit/debit cards typically accept responsibility for fraudulent transactions.)

 

7. How can DPA attacks be prevented?

Cryptography Research has conducted extensive research developing and analyzing techniques for securing systems against DPA. Products developed using technologies we license are available from some vendors, and additional products are becoming available in the future. Cryptography Research owns and licenses patents that are necessary to for building DPA-resistant smart
cards and other devices. (For additional information about licensing, click here.) Contermeasures
include techniques for reducing the amount of information that leaks from devices, techniques for adding noise to power consumption measurements (including techniques for randomizing when operations are performed), and techniques for making cryptographic algorithms remain secure even if they run on hardware that does leak information.

 

8. What related attacks are known?

Attacks using electromagnetic radiation are known to be practical against some systems. Other monitoring techniques that provide information correlated to cryptographic operations could also be used to break systems.

 

9. Who discovered these attacks?

DPA and related attacks were discovered at Cryptography Research by Paul Kocher, Joshua Jaffe, and Benjamin Jun.