Catálogo de publicaciones - libros

Smart cards are frequently used as cryptographic devices to provide strong authentication of users and to store secret information securely. Smart cards are among the most critical components of modern security systems.

For the discussion of power analysis attacks and countermeasures, it is helpful to have some basic knowledge about cryptographic devices. In particular, it is helpful to have a basic understanding of how they are built. This chapter provides this information in compact form. It is intended for readers without a background in hardware design.

Digital circuits consume power whenever they perform computations. They draw current from a power supply and then dissipate the received energy as heat. The power consumption of digital circuits is a very important topic. The power consumption determines whether a chip needs to be cooled or not, it determines which kind of power supply is necessary and, in case of cryptographic devices, it determines whether a device can be attacked or not. Obviously, this is the most important property of the power consumption in the context of this book.

After having discussed different measurement setups and their most important quality criteria in Chapter 3, we now analyze power traces from a statistical point of view. Power traces are vectors of voltage values that have been recorded with a digital sampling oscilloscope. The measured voltage values are proportional to the power consumption of a cryptographic device because the oscilloscope is connected to an appropriate measurement circuit or EM probe. The settings of the oscilloscope determine the length of the power traces and the number of points that are recorded per second.

Simple power analysis (SPA) attacks are characterized by Kocher in [KJJ99] in the following way: “SPA is a technique that involves directly interpreting power consumption measurements collected during cryptographic operations.” In other words, the attacker tries to derive the key more or less directly from a given trace. This can make SPA attacks quite challenging in practice. Often, they require detailed knowledge about the implementation of the cryptographic algorithm that is executed by the device under attack. Furthermore, if only one power trace is available, usually complex statistical methods have to be used in order to extract the signal.

Differential power analysis (DPA) attacks are the most popular type of power analysis attacks. This is due to the fact that DPA attacks do not require detailed knowledge about the attacked device. Furthermore, they can reveal the secret key of a device even if the recorded power traces are extremely noisy.

Power analysis attacks work because the power consumption of cryptographic devices depends on intermediate values of the executed cryptographic algorithms. Therefore, the goal of countermeasures is to avoid or at least to reduce these dependencies. In case of hiding, this is done by breaking the link between the power consumption of the devices and the processed data values. Hence, cryptographic devices that are protected by hiding execute cryptographic algorithms in the same way as unprotected devices. In particular, they calculate the same intermediate values. Yet, the hiding countermeasures make it difficult for an attacker to find exploitable information in power traces.

The goal of hiding countermeasures is to make the power consumption of cryptographic devices independent of the performed operations and the processed values. However, in practice this goal can only be achieved to a certain degree, see Chapter 7. Attacks on protected devices are therefore still possible. In most cases though, these attacks require significantly more effort than attacks on unprotected devices.

The goal of every countermeasure is to make the power consumption of a cryptographic device independent of the intermediate values of the cryptographic algorithm. Masking achieves this by randomizing the intermediate values that are processed by the cryptographic device. An advantage of this approach is that it can be implemented at the algorithm level without changing the power consumption characteristics of the cryptographic device. In other words, masking allows making the power consumption independent of the intermediate values, even if the device has a data-dependent power consumption. Masking is one of the countermeasures that has been extensively discussed in the scientific community. Numerous articles have been published that explain different types of masking schemes. Even security proofs have been delivered for some of the schemes. Recently, masking has also been applied to the cell level.

The use of masking schemes to counteract power analysis attacks is popular for several reasons. For instance, masking can be implemented in software on processors without altering their power consumption characteristics. Probably because of their popularity, many researchers have studied the security of masking schemes and their implementations. It has turned out that virtually every masking scheme can be attacked.