Differential Power Analysis Attack on Smart Card

1
Differential Power Analysis Attack on Smart Card

• 2002. 10. 8.
• ICE615 Network Security
• 20022122 Hwasun Chang

2
Index

• Introduction
• Simple Power Analysis
• DPA Overview
• DPA Procedure for DES
• DPA Result Example
• Other Power Attacks
• DPA Countermeasures
• Future Works
• Reference

3
1. Introduction

• - Attack techniques for cryptographic algorithms
• Algorithm in isolation
• Differential Cryptoanalysis, Linear
  Cryptoanalysis
• Side channel attacks

4
2. Simple Power Analysis

• Interpret power consumption measurement
• What is learned devices operation, key material
• Base power consumption variance of uP
  instructions
• DES operation by smart card

5
3. DPA Overview

• Introduced by P. Kocher and colleagues
• More powerful and more difficult to prevent than
  SPA
• Base semiconductor logic ? transistor ?
  different power consumption for different state
  (0 or 1)
• Data collection phase and data analysis phase
• Procedure
• Gather many power consumption curves
• Assume a key value
• Divide data into two groups(0 and 1 for chosen
  bit)
• Calculate mean value curve of each group
• Correct key assumption ? not negligible difference

6
4. DPA Procedure for DES

• Make power consumption measurement of about 1000
  DES operations, 100000 data points / curve,
• (Plaintexti, Curvei)
• Assume a key for a S-box of first round
• Calculate first S-box first bit output for each
  plaintext using the assumed key
• Divide the measurement into 2 groups (output 0
  and 1)
• Calculate the average curve of each group
• Calculate the difference of two curves
• Assumed correct key ? spikes in the differential
  curve
• Repeat 2-7 for other S-boxes
• Exhaustive search for 8 bits of key

7
5. DPA Result Example
Average Power Consumption Power
Consumption Differential Curve With Correct Key
Guess Power Consumption Differential Curve With
Incorrect Key Guess Power Consumption Differentia
l Curve With Incorrect Key Guess
8
6. Other Power Attacks

• Binary power analysis (by ABDM)
• Direct power anlaysis (by ABDM)
• Higer-order DPA (by Kocher)
• combine one or more samples within a single
  power trace

9
7. DPA Countermeasures (1)

• By Adi Shamir
• Two capacitors as the power isolation element
• Disadvantage difficulty in manufacturing

10
7. DPA Countermeasures (2)

• By S. Almanei
• Another processor working on parallel with the
  actual processor
• Disadvantage increase in production cost, more
  memory and power

11
7. DPA Countermeasures (3)

• By Hardware
• Random register renaming - MMS
• 1-of-n encoded circuits - Moore
• By Software for Symmetric Algorithm
• Replacing each intermediate variable depending on
  input or output by k variables - GP, Willich
• Masking before processing, unmasking after
  processing ITT, CG,
• Transformed S-box and masking AG
• By Software for Asymmetric Algorithm
• Transforming the curve in ECC - JT
• Using the Jacobi Form in ECC - LS

12
8. Future Works

• More study
• Higher Order DPA
• Software Countermeasure for Symmetric Algorithm
• Mount DPA on Commercial Smart Cards
• Make an idea
• Software countermeasure
• For symmetric algorithm
• Efficient and Easy to Implement

13
References

• Paul Kocher, Joshua Jaffe, and Benjamin Jun,
  Differential Power Analysis, Advances in
  Cryptology CRYPTO 99, LNCS 1666, Aug. 1999,
  pp. 388-397
• Kouichi Itoh, Masahiko Takenaka, and Naoya Torii,
  DPA Countermeasure Based on the Masking Method,
  ICICS 2001, LNCS 2288, 2002, pp. 440-456
• Louis Goubin, Jacques Patarin, DES and
  Differential Power Analysis, Proceedings of
  Workshop on Cryptographic Hardware and Embedded
  Systems, Aug. 1999, pp. 158-172
• Jean-Sebastien Coron, Louis Goubin, On Boolean
  and Arithmetic Masking against Differential Power
  Analysis, CHES 2000, LNCS 1965, 2000, pp.
  231-237
• Mehdi-Laurent Akkar, Christophe Giraud, An
  Implementation of DES and AES, Secure against
  Some Attacks, CHES 2001, LNCS 2162, 2001, pp.
  309-318
• D. May, H.L. Muller, and N.P. Smart, Random
  Register Renaming to Foil DPA, CHES 2001, LNCS
  2162, 2001, pp. 28-38

14
References

• S. Almanei, Protecting Smart Cards from Power
  Analysis Attacks, http//islab.oregonstate.edu/ko
  c/ece679cahd/s2002/almanei.pdf, May. 2002
• Adi Shamir, Protecting Smart Cards from Passive
  Power Analysis with Detached Power Supplies,
  CHES 2000, LNCS 1965, 2000, pp. 71-77
• P. Y. Liardet, N. P. Smart, Preventing SPA/DPA
  in ECC Systems Using the Jacobi Form, CHES 2001,
  LNCS 2162, 2001, pp. 391-401
• Marc Joye, Christophe Tymen, Protections against
  Differential Analysis for Elliptic Curve
  Cryptography, CHES 2001, LNCS 2162, 2001, pp.
  377-390

15
Q A
Thank you!