Catálogo de publicaciones - libros
Power Analysis Attacks: Revealing the Secrets of Smart Cards
Stefan Mangard Elisabeth Oswald Thomas Popp
Resumen/Descripción – provisto por la editorial
No disponible.
Palabras clave – provistas por la editorial
No disponibles.
Disponibilidad
Institución detectada | Año de publicación | Navegá | Descargá | Solicitá |
---|---|---|---|---|
No detectada | 2007 | SpringerLink |
Información
Tipo de recurso:
libros
ISBN impreso
978-0-387-30857-9
ISBN electrónico
978-0-387-38162-6
Editor responsable
Springer Nature
País de edición
Reino Unido
Fecha de publicación
2007
Información sobre derechos de publicación
© Springer Science+Business Media, LLC 2007
Cobertura temática
Tabla de contenidos
Introduction
Stefan Mangard; Elisabeth Oswald; Thomas Popp
Smart cards are frequently used as cryptographic devices to provide strong authentication of users and to store secret information securely. Smart cards are among the most critical components of modern security systems.
Pp. 1-13
Cryptographic Devices
Stefan Mangard; Elisabeth Oswald; Thomas Popp
For the discussion of power analysis attacks and countermeasures, it is helpful to have some basic knowledge about cryptographic devices. In particular, it is helpful to have a basic understanding of how they are built. This chapter provides this information in compact form. It is intended for readers without a background in hardware design.
Pp. 15-25
Power Consumption
Stefan Mangard; Elisabeth Oswald; Thomas Popp
Digital circuits consume power whenever they perform computations. They draw current from a power supply and then dissipate the received energy as heat. The power consumption of digital circuits is a very important topic. The power consumption determines whether a chip needs to be cooled or not, it determines which kind of power supply is necessary and, in case of cryptographic devices, it determines whether a device can be attacked or not. Obviously, this is the most important property of the power consumption in the context of this book.
Pp. 27-60
Statistical Characteristics of Power Traces
Stefan Mangard; Elisabeth Oswald; Thomas Popp
After having discussed different measurement setups and their most important quality criteria in Chapter 3, we now analyze power traces from a statistical point of view. Power traces are vectors of voltage values that have been recorded with a digital sampling oscilloscope. The measured voltage values are proportional to the power consumption of a cryptographic device because the oscilloscope is connected to an appropriate measurement circuit or EM probe. The settings of the oscilloscope determine the length of the power traces and the number of points that are recorded per second.
Pp. 61-99
Simple Power Analysis
Stefan Mangard; Elisabeth Oswald; Thomas Popp
Simple power analysis (SPA) attacks are characterized by Kocher in [KJJ99] in the following way: “SPA is a technique that involves directly interpreting power consumption measurements collected during cryptographic operations.” In other words, the attacker tries to derive the key more or less directly from a given trace. This can make SPA attacks quite challenging in practice. Often, they require detailed knowledge about the implementation of the cryptographic algorithm that is executed by the device under attack. Furthermore, if only one power trace is available, usually complex statistical methods have to be used in order to extract the signal.
Pp. 101-118
Differential Power Analysis
Stefan Mangard; Elisabeth Oswald; Thomas Popp
Differential power analysis (DPA) attacks are the most popular type of power analysis attacks. This is due to the fact that DPA attacks do not require detailed knowledge about the attacked device. Furthermore, they can reveal the secret key of a device even if the recorded power traces are extremely noisy.
Pp. 119-165
Hiding
Stefan Mangard; Elisabeth Oswald; Thomas Popp
Power analysis attacks work because the power consumption of cryptographic devices depends on intermediate values of the executed cryptographic algorithms. Therefore, the goal of countermeasures is to avoid or at least to reduce these dependencies. In case of hiding, this is done by breaking the link between the power consumption of the devices and the processed data values. Hence, cryptographic devices that are protected by hiding execute cryptographic algorithms in the same way as unprotected devices. In particular, they calculate the same intermediate values. Yet, the hiding countermeasures make it difficult for an attacker to find exploitable information in power traces.
Pp. 167-199
Attacks on Hiding
Stefan Mangard; Elisabeth Oswald; Thomas Popp
The goal of hiding countermeasures is to make the power consumption of cryptographic devices independent of the performed operations and the processed values. However, in practice this goal can only be achieved to a certain degree, see Chapter 7. Attacks on protected devices are therefore still possible. In most cases though, these attacks require significantly more effort than attacks on unprotected devices.
Pp. 201-222
Masking
Stefan Mangard; Elisabeth Oswald; Thomas Popp
The goal of every countermeasure is to make the power consumption of a cryptographic device independent of the intermediate values of the cryptographic algorithm. Masking achieves this by randomizing the intermediate values that are processed by the cryptographic device. An advantage of this approach is that it can be implemented at the algorithm level without changing the power consumption characteristics of the cryptographic device. In other words, masking allows making the power consumption independent of the intermediate values, even if the device has a data-dependent power consumption. Masking is one of the countermeasures that has been extensively discussed in the scientific community. Numerous articles have been published that explain different types of masking schemes. Even security proofs have been delivered for some of the schemes. Recently, masking has also been applied to the cell level.
Pp. 223-244
Attacks on Masking
Stefan Mangard; Elisabeth Oswald; Thomas Popp
The use of masking schemes to counteract power analysis attacks is popular for several reasons. For instance, masking can be implemented in software on processors without altering their power consumption characteristics. Probably because of their popularity, many researchers have studied the security of masking schemes and their implementations. It has turned out that virtually every masking scheme can be attacked.
Pp. 245-272