New Test Tool Pins Down DPA Attacks
eLABorations: CRI's analysis package finds crypto and smart card vulnerabilities before hackers have the chance to.Smart cards and cryptographic hardware devices are vulnerable to a form of attack called Differential Power Analysis. A DPA attack enables a skilled hacker to non-intrusively obtain or modify secure data on a cryptographic device such as a smart card or a cryptographic token. DPA works by monitoring the electrical signals of a device, samples the data, and extracts information such as secret keys or PINs from the device using statistical methods. Although DPA attacks are not easily performed and require significant cryptography and electrical engineering know-how, a person who has the right skill set and some inexpensive, off-the-shelf equipment could use DPA to break into most cryptographic devices in a fairly short time. Now Cryptography Research Inc. is ready to help enterprises stop DPA intrusions. The San Francisco-based company will be releasing a DPA workstation test tool next week that will allow companies to test how well their smart card products can stand up to power-related vulnerabilities.
CRIs DPA workstation is a comprehensive testing package that includes hardware and software, in-depth training and product support. The packages hardware is a standard PC running Windows 2000 with proprietary analysis software pre-installed. The system also has a smart card data acquisition system that includes a specialized reader with fiber optic connections to the PC and a GPIB (General Purpose Interface Bus)-connected digital oscilloscope for preliminary data viewing.