Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Defeating DPA Attacks

    By
    Dennis Fisher
    -
    November 8, 2004
    Share
    Facebook
    Twitter
    Linkedin

      If the practice of security is the black art of the IT world, requiring esoteric knowledge and the ability to employ a bag of tricks and specialized techniques to safeguard data, then cryptography is the highest expression of the art.

      Cryptographers spend their days immersed in the arcana of one-way functions and stream ciphers, dwelling in the shadowy world where computer science and higher math converge.

      This discipline is not for the faint of heart; even seasoned, confident security specialists get a little spooked when the conversation turns to subjects such as quantum cryptography or differential power analysis attacks. That fear has not prevented enterprise IT departments from deploying cryptographic devices by the millions during the last few years.

      /zimages/3/28571.gifClick here to read an eWEEK Labs review of CryptoCard Corp.s Crypto-Server 6.1.

      Its not just authentication or access devices such as smart cards and tokens that rely on cryptographic operations. The use of public-key cryptography is so prevalent in todays world that even postage meters use it.

      All these devices also share one other attribute: They leak. Cryptographic devices consume power and emit electromagnetic radiation when power flows through the logic gates that make up semiconductors. The amount of power that is consumed by a device changes in tiny increments during cryptographic operations, and researchers at Cryptography Research Inc. several years ago discovered a way to measure the changes in power usage.

      Using those measurements, the researchers were able to gather enough data to find the secret keys involved in the operations.

      “DPA [Differential Power Analysis] can be used to break implementations of almost any symmetric or asymmetric algorithm. We have even used the technique to reverse-engineer unknown algorithms and protocols by using DPA data to test hypotheses about a devices computational processes,” CRI researchers wrote in their original paper on DPA attacks, “Differential Power Analysis.”

      Next Page: Advanced Cryptography Goes Mainstream

      Advanced Cryptography Goes Mainstream

      CRI, based in San Francisco, owns a number of patents on techniques for defeating DPA attacks and has decided to open up these patents to other vendors for licensing. This is a significant move for CRI because the company essentially has cornered the market on such countermeasures, and any vendor that wants to produce tamper-resistant smart cards or other cryptographic devices has to go through CRI.

      Advanced cryptographic devices such as smart cards, USB (Universal Serial Bus) authentication tokens and others once were solely the dominion of intelligence agencies, defense contractors and the more security sensitive. But in recent years, these devices have become much more prevalent in everyday life; even America Online has decided to begin giving its broadband customers the option of using RSA Security Inc.s SecurID Authenticator for two-factor authentication.

      The widespread use of strong cryptography in both software and hardware has given the DPA attacks and the countermeasures an increased importance.

      “The patent portfolio covers all of the fundamental ways to defend against DPA attacks,” said Kit Rodgers, director of licensing at CRI.

      There are two main techniques for defeating these attacks: reducing the amount of information that leaks from the device and adding noise to the data that leaks. The goal in both cases is to prevent the attacker from getting an accurate reading of the information that is flowing from the device.

      One way to add noise to the data coming out of the device is to change the clock settings on the device at random intervals so that the attacker has no way to be sure when operations are occurring. Another technique involves changing the order of some operations or the execution path of the operations.

      “We can do a lot of different things, but so can the attackers,” said Ben Jun, vice president of technology at CRI and one of the authors of the paper written on DPA. “We have the advantage of having discovered these attacks, and so we know how to defeat them. The best way to do it is to reduce the amount of data that leaks, and we have a number of ways to do that.”

      Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Dennis Fisher

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×