Examining Smart-Card Security under the Threat of Power Analysis Attacks

This paper examines how monitoring power consumption signals might breach smart-card security. Both simple power analysis and differential power analysis attacks are investigated. The theory behind these attacks is reviewed. Then, we concentrate on showing how power analysis theory can be applied to attack an actual smart card. We examine the noise characteristics of the power signals and develop an approach to model the signal-to-noise ratio (SNR). We show how this SNR can be significantly improved using a multiple-bit attack. Experimental results against a smart-card implementation of the Data Encryption Standard demonstrate the effectiveness of our multiple-bit attack. Potential countermeasures to these attacks are also discussed.

[1]  R. Landauer,et al.  The Fundamental Physical Limits of Computation. , 1985 .

[2]  Wim van Eck,et al.  Electromagnetic radiation from video display units: An eavesdropping risk? , 1985, Comput. Secur..

[3]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, CRYPTO.

[4]  Eli Biham,et al.  Differential Cryptanalysis of the Full 16-Round DES , 1992, Annual International Cryptology Conference.

[5]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[6]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[7]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[8]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[9]  W. V. Eck Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , 1996 .

[10]  David M'Raïhi,et al.  Cryptographic smart cards , 1996, IEEE Micro.

[11]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[12]  S. B. Guthery Java card: Internet computing on a smart card , 1997 .

[13]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[14]  J. Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[15]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[16]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[17]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[18]  Suresh Chari,et al.  A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards , 1999 .

[19]  Thomas S. Messerges,et al.  Securing the AES Finalists Against Power Analysis Attacks , 2000, FSE.

[20]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[21]  Ad M. G. Peeters,et al.  Applying asynchronous circuits in contactless smart cards , 2000, Proceedings Sixth International Symposium on Advanced Research in Asynchronous Circuits and Systems (ASYNC 2000) (Cat. No. PR00586).

[22]  Robert H. Sloan,et al.  Power analysis attacks and countermeasures for cryptographic algorithms , 2000 .

[23]  Tim Collins,et al.  Secure contactless smartcard ASIC with DPA protection , 2001 .

[24]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[25]  Eli Biham,et al.  Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[26]  IEEE Micro , 2022 .