Top Banner

of 22

Lecture11 Dpa

Feb 11, 2018



Ngoc Quy Tran
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
  • 7/23/2019 Lecture11 Dpa


    Differential Power Analysis

    Paul Kocher, Joshua Jaffe, and Benjamin Jun

    Cryptography Research, Inc.

    presented by Italo Dacosta

  • 7/23/2019 Lecture11 Dpa


    Tamper resistant devices

    Tamper resistant microprocessors

    Store and process private or sensitive


    The private information can not be extracted

    Smart Cards

    Self-contained microcontroller, with a

    microprocessor, memory and a serial

    interface integrated on to a single chip that

    is packaged in a plastic card

    Used in banking applications,

    mobile phones, pay TV, etc.

  • 7/23/2019 Lecture11 Dpa


    Designing a secure smart card

    Several people involved with different


    Algorithm designers

    Protocol designers

    Software developers

    Hardware engineers

  • 7/23/2019 Lecture11 Dpa


    Algorithm designer assumption

    from Introduction to Differential Power Analysis and Related Attacksby P. Kocher et al., Cryptography Research

    Typically, the algorithm is evaluated in isolation

    Differential cryptanalysis

    Linear cryptanalysis

  • 7/23/2019 Lecture11 Dpa



    from Introduction to Differential Power Analysis and Related Attacksby P. Kocher et al., Cryptography Research

  • 7/23/2019 Lecture11 Dpa


    Reality Side Channel Attacks

    A correct implementation of a strong protocol is not

    necessarily secure

    Failures can be cause by:

    Defective computation

    D. Boneh, , and , On the importance of

    checking cryptographic protocols for faults, EUROCRYPT '97

    Information leaked during secret key operations

    Timing information

    Invasive measuring techniques

    Electromagnetic emanations (i.e. TEMPEST)

  • 7/23/2019 Lecture11 Dpa


    Power analysis attacks

    ICs are built out of invidual

    transistors which consume


    Monitoring and analysis of the

    power consumption of a

    device to extract the private

    information stored in it.

    Active, relatively cheap, non-

    invasive attack

  • 7/23/2019 Lecture11 Dpa


    Simple Power Analysis

    Focus on the use of visual inspection techniques to

    identify relevant power fluctuations during

    cryptographic operations

    Interpretation of power traces

    Power consumption measurements taken across a

    cryptographic operation

    Typically current used by a device over time

  • 7/23/2019 Lecture11 Dpa


    SPA DES tracesSPA trace showing an entire DES operation

    SPA trace showing DES rounds 2 and 3

  • 7/23/2019 Lecture11 Dpa


    SPA DES trace showing differences in power

    consumption of different microprocessor instructions


    no jump

  • 7/23/2019 Lecture11 Dpa


    SPA attack

    SPA can reveal sequence of instructions executed

    It can be use to break cryptographic implementations in

    which the execution path depend on the data being


    DES key schedule

    DES permutations




  • 7/23/2019 Lecture11 Dpa


    Preventing SPA

    In general, techniques to prevent SPA are

    fairly simple.

    Avoid procedures that use secret intermediatesor keys for conditional branching operations

    Hard-wired implementations of symmetric

    cryptography algorithms

  • 7/23/2019 Lecture11 Dpa


    Differential Power Analysis

    Use of statistical analysis and error

    correction techniques to extract information

    correlated to secret keys

    Based on the effects correlated to data

    values being manipulated.

    More powerful than SPA and is much more

    difficult to prevent

  • 7/23/2019 Lecture11 Dpa


    DPA basic idea

    Capture power traces T1...m[1...k] containing k samples each

    Record the ciphertexts C1...m

    Knowledge of plaintext is not required

    DPA selection function D(C,b,Ks){0,1}

    Compute k-sample differential trace D[1...k], where:

  • 7/23/2019 Lecture11 Dpa


    DPA against DES

    DPA selection function D(C,b,Ks) is defined as: Returning the value of the DES intermediate L at the beginning of the 16th


  • 7/23/2019 Lecture11 Dpa


    DPA traces for DES

    Power reference

    Correct Ks

    Incorrect Ks

    1000 samples

  • 7/23/2019 Lecture11 Dpa


    Quantitative DPA measurements

    Reference power

    consumption trace

    Standard deviation

    Differential trace


  • 7/23/2019 Lecture11 Dpa


  • 7/23/2019 Lecture11 Dpa


    DPA against other algorithms

    In general, DPA can be used to break any

    symmetric or asymmetric algorithm

    Public key algorithms (i.e. RSA)Asymmetric operations tend to produce stronger

    signals leaking than symmetric ones

    Reverse engineering using DPA

  • 7/23/2019 Lecture11 Dpa


    Preventing DPA

    Reduce signals size

    Introducing noise into power

    consumption measurements

    Designing cryptosystems with

    realistic assumptions about the

    underlying hardware.

    Balanced HW and SW (i.e. leak tolerant design)

    Incorporating randomness

    Algorithm and protocol-level countermeasures

  • 7/23/2019 Lecture11 Dpa


    Take away

    Power analysis techniques are of great concern:

    multiple vulnerable devices, easy to implement, low

    cost, and difficult to detect.

    Systems must be designed with realistic assumptions

    taking into account all the components (algorithms,

    protocols, hardware, and software) and their


  • 7/23/2019 Lecture11 Dpa