Archive for January, 2013

PostHeaderIcon Simple power analysis (SPA) and Differential power analysis (DPA)

There are two major power analysis techniques – simple power analysis (SPA) and differential power analysis (DPA). SPA involves direct observation of the power consumption during cryptographic or other security sensitive operations. SPA can reveal information about the device’s operation as well as the key material. If the attacker knows the cryptographic algorithm (and especially its implementation in the tested device) he can easily work out some bits of information by observing the sequences of CPU instructions, especially rotation and conditional branches. If the result of an arithmetic or logic operation can be observed as well, i.e. the state of carry, zero or negative flags, more information can be obtained. DPA is a more powerful technique, because the attacker does not have to know as many details about how the cryptographic algorithm was implemented. It uses statistical analysis to extract hidden information from a large sample of power traces obtained during cryptographic computations with known ciphertexts. The statistical methods identify small differences in power consumption which can be used to recover individual bits in a secret key.

PostHeaderIcon Different levels of activity in the instruction decoder and arithmetic units

The various instructions cause different levels of activity in the instruction decoder and arithmetic units, and can often be quite clearly distinguished so that parts of algorithms can be reconstructed. Various units of the processor have their switching transients at different times relative to the clock edges, and can be separated in high-frequency measurements.

There are many publications on different power analysis techniques that can be used to break many cryptographic algorithms. The whole process of analysis is relatively easy to implement, and only requires standard off-the-shelf measurement equipment costing a few thousand pounds.

PostHeaderIcon Smaller Signals can be identified

By averaging the current measurements of many repeated identical operations, even smaller signals that are not transmitted over the bus can be identified. Signals such as carry-bit states are of special interest, because many cryptographic key-scheduling algorithms use shift operations that single out individual key bits in the carry flag. Even if the status-bit changes cannot be measured directly, they often cause changes in the instruction sequence or microcode execution, which then cause a clear change in the power consumption.

PostHeaderIcon Computing Device Power Consumption

A computing device’s power consumption depends on its current activity. The consumption depends on changes of state of its components, rather than on the states themselves, because of the nature of CMOS transistors. When an input voltage is applied to a CMOS inverter, a transient short-circuit is induced. The rise of the current during this transient is much higher than the static dissipation caused by parasitic current leakage. Using a 10-20 resistor in the power supply line, these current fluctuations can be measured. To achieve good results, measurements should be made with at least 12-bit resolution and 50 MHz sampling frequency. Such acquisition parameters allow us to distinguish between different CPU instructions and estimate the number of bus bits changing at a time.