Power analysis attacks - revealing the secrets of smart cards

This book provides a very clear, complete and highly illustrated presentation of power analysis methods used to extract secret information from cryptosystems such as smart cards. All concepts are progressively introduced, mathematically analyzed and illustrated using many real attacks results. The main attack methods and some variants are presented. Standard countermeasures used to protect cryptosystems against power analysis attacks are also presented. Limitations and efficiency aspects of attacks and protections methods are discussed. Both software and hardware implementations on smart cards are targeted. 1 What the book is about The security of a cryptosystem (cryptographic algorithms and protocols, cryptographic keys and cryptographic device used for implementation) does not only depend on its theoretical quality (e.g. use of robust algorithms and parameters, certified protocols and long enough cryptographic keys). Physical attacks can be used to break a system. Side channel attacks exploit the dependency between secret information used in the cryptosystem and some physical values measured on/around the cryptosystem (e.g. power consumption, electromagnetic radiation, timing information) to break the system. A well-known example of side channel attack is the case a thief attempting to open a safety box using a stethoscope. The analysis of the clicking sound may, hopefully, reveal the secret lock combination. This book deals with a specific kind of side channel attack used to extract secret information from a cryptosystem using an appropriate analysis of its power consumption. Those attacks are called power analysis attacks. Power consumption traces are recorded during the execution of the cryptosystem using a high-speed oscilloscope. The analysis of the power traces may provide information on the secret key. A typical example is the case of a program line such as the following: if b = 0 then r = op1(x) else r = op2(x) If the power consumptions for operations op1 and op2 are different (amplitude/duration), the recorded power traces show differences for b = 0 and b = 1. If b is a secret key bit, the power trace directly “shows” the value of b on the oscilloscope. This is the idea behind simple power analysis (SPA). One problem is where the attacker should look at a difference in the trace (timing aspects are very important). When differences are too small (weak signal and/or noisy environment), simple power analysis does not work anymore. Then, statistical methods have to be used to extract secret information using a large amount of power traces. This is the idea behind differential power analysis (DPA). The set of power traces is analyzed and compared to a theoretical power model of the cryptosystem (or parts of it). Those attacks are very efficient in practice. This book also deals with some protection methods, called countermeasures, used to protect cryptosystems against some power analysis attacks at software and hardware levels. The principle of several basic countermeasures is described. Countermeasures make the power consumption of the device independent