This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Examining Smart-Card Security under the Threat of Power Analysis Attacks
May 2002 (vol. 51 no. 5)
pp. 541-552

This paper examines how monitoring power consumption signals might breach smart-card security. Both simple power analysis and differential power analysis attacks are investigated. The theory behind these attacks is reviewed. Then, we concentrate on showing how power analysis theory can be applied to attack an actual smart card. We examine the noise characteristics of the power signals and develop an approach to model the signal-to-noise ratio (SNR). We show how this SNR can be significantly improved using a multiple-bit attack. Experimental results against a smart-card implementation of the Data Encryption Standard demonstrate the effectiveness of our multiple-bit attack. Potential countermeasures to these attacks are also discussed.

[1] P. Kocher, J. Jaffe, and B. Jun, “Introduction to Differential Power Analysis and Related Attacks,” 1998. Available athttp://www.cryptography.com/dpatechnical .
[2] P.C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Proc. Advances in Cryptology—CRYPTO 1999, pp. 388-397, 1999.
[3] ANSI X9.32—American National Standard for Data Encryption Algorithm (DEA). Am. Standards Inst., 1981.
[4] T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Investigations of Power Analysis Attacks on Smartcards,” Proc. USENIX Workshop Smartcard Technology, pp. 151-161, May 1999.
[5] T.S. Messerges, “Power Analysis Attacks and Countermeasures for Cryptographic Algorithms,” PhD dissertation, Univ. of Illinois at Chicago, 2000.
[6] E. Bihamand and A. Shamir, “Differential Cryptanalysis of DES-Like Cryptosystems,” J. Cryptology, vol. 4, no. 1, pp. 3-72, 1991.
[7] M. Matsui,“Linear cryptanalysis method for DES cipher,” Advances in Cryptology: Proc. EUROCRYPT’93, pp. 386-397,Berlin, Springer-Verlag, 1994.
[8] E. Biham and A. Shamir,“Differential cryptanalysis of the full 16-round DES,” Advances in Cryptology: Proc. CRYPTO’92, pp. 487-496,Berlin, Springer-Verlag, 1993.
[9] R. Anderson, "Why Cryptosystems Fail," Proc. ACM 1st Conf. Computer and Comm. Security, ACM Press, New York, 1993.
[10] C. Hall et al., "Side-Channel Cryptanalysis of Product Ciphers," Proc. ESORICS 98, Springer-Verlag, New York, 1998.
[11] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," N. Koblitz, ed., Advances in Cryptology (Crypto 96), Springer-Verlag LNCS 1109, pp. 104-113.
[12] J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestré, J.J. Quisquater, and J.L. Willems, “A Practical Implementation of the Timing Attack,” Proc. Smart Card Research and Advanced Application Conf. (CARDIS 1998), Sept. 1998.
[13] W. van Eck, “Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk,” Computers and Security, vol. 4, pp. 269-286, 1985.
[14] D. Boneh, R.A. Demillo, and R.J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” Proc. Advances in Cryptology (Eurocrypt '97), pp. 37-51, 1997.
[15] E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” Advances in Cryptology—CRYPTO '97, pp. 513-525, 1997.
[16] D. Naccache and D. M'Raïhi, “Cryptographic Smart Cards,” IEEE Micro, vol. 16, no. 3, pp. 14-24, June 1996.
[17] ISO7816-2—Identification Cards—Integrated Circuit(s) Cards with Contacts—Part 2: Dimensions and Location of the Contacts. Int'l Organization for Standardization, 1999.
[18] ISO7816-3—Identification Cards—Iintegrated Circuit(s) Cards with Contacts—Part 3: Electronic Signals and Transmission Protocols. Int'l Organization for Standardization, 1997.
[19] ISO7816-4—Identification Cards—Integrated Circuit(s) Cards with Contacts—Part 4: Inter-Industry Commands for Interchange. Int'l Organization for Standardization, 1995.
[20] ISO/IEC 14443—Identification Cards—Contactless Integrated Circuit(s) Cards—Proximity Cards—Part 4: Transmission Protocol. Int'l Organization for Standardization, 2001.
[21] ISO7816-7—Identification Cards—Integrated Circuit(s) Cards with Contacts—Part 7: Inter-Industry Commands for Structured Card Query Language (SCQL). Int'l Organization for Standardization, 1999.
[22] S.B. Guthery, "Java Card: Internet Computing on a Smart Card," IEEE Internet Computing, Jan./Feb. 1997, vol. 1, no. 1, pp. 57-59.
[23] “CASCADE: Chip Architecture for Smartcard and Intelligent Devices,” European ESPRIT Project (EP8670), 1998. Available athttp://www.dice.ucl.ac.be/cryptocascade/.
[24] R. Anderson and M. Kuhn, “Tamper Resistance—A Cautionary Note,” Proc. Second USENIX Workshop Electronic Commerce, pp. 1-11, 1996.
[25] Cardtech/Securtech '98—Conf. Proc., Volume II: Applications, 1998.
[26] N. Weste and K. Eshraghian, Principles of CMOS VLSI Design, Addison-Wesley, 1994.
[27] P. Wayner, “Code Breaker Cracks Smart Cards' Digital Safe,” New York Times, pp. C1, 22 June 1998.
[28] J. Daemen and V. Rijmen, “Resistance against Implementation Attacks: A Comparative Study of the AES Proposals,” Proc. Second Advanced Encryption Standard Candidate Conf., Mar. 1999. Available athttp://www.nist.govaes.
[29] S. Chari, C. Jutla, J.R. Rao, P. Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards,” Proc. Second Advanced Encryption Standard Candidate Conf., Mar. 1999. Available athttp://www.nist.govaes.
[30] L. Goubin and J. Patarin, “DES and Differential Power Analysis—The Duplication Method,” Proc. Workshop Cryptographic Hardware and Embedded Systems, pp. 158-172, Aug. 1999.
[31] S. Chari, J.R. Rao, C.S. Jutla, and P. Rohatgi, “Towards Sound Approaches to Counteract Power-Analysis Attacks,” Proc. Advances in Cryptology (CRYPTO '99), pp. 398-412, 1999.
[32] T.S. Messerges, “Securing the AES Finalists against Power Analysis Attacks,” Proc. Fast Software Encryption Workshop 2000, Apr. 2000.
[33] C.H. Bennett and R. Landauer, “The Fundamental Physical Limits of Computation,” Scientific Am., vol. 253, no. 1, pp. 48-56, 1985.
[34] P. Rakers, L. Connell, T. Collins, and D. Russell, “Secure Contactless Smartcard ASIC with DPA Protection,” Proc. IEEE Custom Integrated Circuits Conf., May 2000.
[35] J. Kessels, “Applying Asynchronous Circuits in Contactless Smartcards,” Proc. ACiD-WG Workshop, Feb. 2000.

Index Terms:
Cryptography, data encryption standard (DES), security, implementation attack, power analysis attack, smart card
Citation:
T.S. Messerges, E.A. Dabbish, R.H. Sloan, "Examining Smart-Card Security under the Threat of Power Analysis Attacks," IEEE Transactions on Computers, vol. 51, no. 5, pp. 541-552, May 2002, doi:10.1109/TC.2002.1004593
Usage of this product signifies your acceptance of the Terms of Use.