Differential Power Analysis of Smartcards

1
Differential Power Analysis of Smartcards

• How secure is your private information?

Author Ryan Junee
Supervisor Matt Barrie
2
1. Project Goals

• To illustrate a dangerous weakness in
  cryptographic smartcards and microprocessors -
  private information can be leaked through power
  usage (and other side channels).
• Construct a system to acquire a large number of
  power traces from a smartcard or microprocessor.
• Analyse captured power traces and search for
  leaked information.
• Recover secret key information from a smartcard
  or microprocessor.
• Suggest ways of preventing such power analysis
  attacks.
• Discuss legal, political and commercial
  ramifications of this work.

3
2. Smartcard Technology

• Several varieties of smartcards exist
• Simple memory cards
• Cards with a microprocessor and file system
• Cards with a cryptographic coprocessor
• Even cards that run a Java virtual machine
• Smartcards run an operating system that may allow
  additional programs to be loaded on to the card.
  The two most widely used operating systems are
  MULTOS and JavaCard.
• Smartcards conform to the ISO7816 standard which
  specifies physical and electrical
  characteristics.
• Other high level standards exist such as EMV
  which covers smartcards used in payment systems.

4
3. Smartcard Applications

• Smartcards have been used overseas for many years
  (especially in Europe), for applications such as
  healthcare and transport ticketing.

• Smartcard usage is growing, recent applications
  include
• Credit cards and payment systems (ANZ First,
  American Express Blue etc).
• Personal identity cards SMARTICS is currently
  being rolled out in Hong Kong, every citizen will
  be issued with a card containing identity
  information, and third party data.
• Phone cards, building access cards, computer
  access cards

5
4. Power Analysis Attacks

• Microprocessor-based devices, such as smartcards,
  consume different amounts of power depending on
  the instructions executed.
• This is due to the switching current drawn by the
  transistors along the logic path of each
  instruction.
• It is possible to discover the algorithms used
  inside smartcards by examining power traces
  (Simple Power Analysis).
• More sophisticated statistical techniques exist
  that can

recover secret key material from
cryptographic smartcards (Differential Power
Analysis).
6
5. Example DES Encryption

• Many cryptographic smartcards use the DES
  encryption algorithm to securely store sensitive
  information.
• DES takes a 64-bit plaintext input and a 56-bit
  key, and produces a 64-bit ciphertext output.

• The algorithm performs an initial permutation of
  the plaintext, followed by 16 feistel rounds, and
  finally an inverse permutation to produce the
  ciphertext.
• We observe the encryption operation to try and
  discover the secret key.

7
6. Equipment Setup

• For demonstration purposes, a PIC microprocessor
  is examined as it allows direct access to the
  source code.
• Smartcards use general purpose microprocessors so
  the results shown here also apply to smartcards.

Computer controls CRO and stores acquired
waveforms
PIC running DES encryptions
High Precision CRO
8
7. Simple Power Analysis

• A single power trace shows some characteristics
  of the algorithm.
• DES rounds are not easily observable at this
  macro level.

9
8. Simple Power Analysis

• Zooming in on a single DES round, the algorithm
  is now readily observable.
• Thus SPA can be used to discover the hidden
  implementation details of smartcards and other
  microprocessor-based devices.

10
9. Differential Power Analysis
Differential trace of two encryptions with the
same key
Two encryptions with a different key (one bit
different)

• The effect of an individual key bit can be
  observed in a differential trace. Several
  regular peaks are visible at the start, large
  peaks are visible at the end.

11
10. Commercial Ramifications

• Given that information is leaked through power
  analysis, smartcards can NOT be assumed safe and
  tamper resistant.
• It is not recommended that smartcards be used in
  applications that require high security, such as
  banking, personal identification, building
  security etc.
• Recent smartcards are addressing the problem of
  power analysis attacks and implement protection
  measures. It has not yet been ascertained if
  these measures are sufficient.

12
11. Conclusions

• Simple power analysis can be used to identify
  macro characteristics of algorithms used within
  smartcards and microprocessors. This allows
  discovery of hidden implementation details, and
  reverse engineering.
• Differential power analysis can be used to
  recover specific information such as the
  individual bits in a secret key.
• Specific protection measures must be implemented
  in all new smartcards, to ensure that information
  is not leaked via power consumption and other
  side channels.