1 / 15

Differential Power Analysis Attack on Smart Card

Differential Power Analysis Attack on Smart Card. 2002. 10. 8. ICE615 Network Security 20022122 Hwasun Chang. Index. Introduction Simple Power Analysis DPA Overview DPA Procedure for DES DPA Result Example Other Power Attacks DPA Countermeasures Future Works Reference.

bell
Download Presentation

Differential Power Analysis Attack on Smart Card

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Differential Power Analysis Attack on Smart Card 2002. 10. 8. ICE615 Network Security 20022122 Hwasun Chang

  2. Index • Introduction • Simple Power Analysis • DPA Overview • DPA Procedure for DES • DPA Result Example • Other Power Attacks • DPA Countermeasures • Future Works Reference

  3. 1. Introduction - Attack techniques for cryptographic algorithms • Algorithm in isolation Differential Cryptoanalysis, Linear Cryptoanalysis • Side channel attacks

  4. 2. Simple Power Analysis • Interpret power consumption measurement • What is learned: device’s operation, key material • Base: power consumption variance of uP instructions • DES operation by smart card

  5. 3. DPA Overview • Introduced by P. Kocher and colleagues • More powerful and more difficult to prevent than SPA • Base: semiconductor logic ← transistor ← different power consumption for different state (0 or 1) • Data collection phase and data analysis phase • Procedure • Gather many power consumption curves • Assume a key value • Divide data into two groups(0 and 1 for chosen bit) • Calculate mean value curve of each group • Correct key assumption → not negligible difference

  6. 4. DPA Procedure for DES Make power consumption measurement of about 1000 DES operations, 100000 data points / curve, (Plaintexti, Curvei) Assume a key for a S-box of first round Calculate first S-box first bit output for each plaintext using the assumed key Divide the measurement into 2 groups (output 0 and 1) Calculate the average curve of each group Calculate the difference of two curves Assumed correct key → spikes in the differential curve Repeat 2-7 for other S-boxes Exhaustive search for 8 bits of key

  7. 5. DPA Result Example Average Power Consumption Power Consumption Differential Curve With Correct Key Guess Power Consumption Differential Curve With Incorrect Key Guess Power Consumption Differential Curve With Incorrect Key Guess

  8. 6. Other Power Attacks Binary power analysis (by ABDM) Direct power anlaysis (by ABDM) Higer-order DPA (by Kocher) : combine one or more samples within a single power trace

  9. 7. DPA Countermeasures (1) • By Adi Shamir • Two capacitors as the power isolation element • Disadvantage: difficulty in manufacturing

  10. 7. DPA Countermeasures (2) • By S. Almanei • Another processor working on parallel with the actual processor • Disadvantage: increase in production cost, more memory and power

  11. 7. DPA Countermeasures (3) • By Hardware • Random register renaming - MMS • 1-of-n encoded circuits - Moore • By Software for Symmetric Algorithm • Replacing each intermediate variable depending on input or output by k variables - GP, Willich • Masking before processing, unmasking after processing – ITT, CG, • Transformed S-box and masking – AG • By Software for Asymmetric Algorithm • Transforming the curve in ECC - JT • Using the Jacobi Form in ECC - LS

  12. 8. Future Works • More study • Higher Order DPA • Software Countermeasure for Symmetric Algorithm • Mount DPA on Commercial Smart Cards • Make an idea • Software countermeasure • For symmetric algorithm • Efficient and Easy to Implement

  13. References • Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis”, Advances in Cryptology – CRYPTO ’99, LNCS 1666, Aug. 1999, pp. 388-397 • Kouichi Itoh, Masahiko Takenaka, and Naoya Torii, “DPA Countermeasure Based on the Masking Method”, ICICS 2001, LNCS 2288, 2002, pp. 440-456 • Louis Goubin, Jacques Patarin, “DES and Differential Power Analysis”, Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Aug. 1999, pp. 158-172 • Jean-Sebastien Coron, Louis Goubin, “On Boolean and Arithmetic Masking against Differential Power Analysis”, CHES 2000, LNCS 1965, 2000, pp. 231-237 • Mehdi-Laurent Akkar, Christophe Giraud, “An Implementation of DES and AES, Secure against Some Attacks”, CHES 2001, LNCS 2162, 2001, pp. 309-318 • D. May, H.L. Muller, and N.P. Smart, “Random Register Renaming to Foil DPA”, CHES 2001, LNCS 2162, 2001, pp. 28-38

  14. References S. Almanei, “Protecting Smart Cards from Power Analysis Attacks”, http://islab.oregonstate.edu/koc/ece679cahd/s2002/almanei.pdf, May. 2002 Adi Shamir, “Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies”, CHES 2000, LNCS 1965, 2000, pp. 71-77 P. Y. Liardet, N. P. Smart, “Preventing SPA/DPA in ECC Systems Using the Jacobi Form”, CHES 2001, LNCS 2162, 2001, pp. 391-401 Marc Joye, Christophe Tymen, “Protections against Differential Analysis for Elliptic Curve Cryptography”, CHES 2001, LNCS 2162, 2001, pp. 377-390

  15. Q & A Thank you!

More Related