Download presentation
1
Possible Testing Solutions and Associated Costs
SPA and DPA Possible Testing Solutions and Associated Costs Stan Kladko, Ph. D., BKP Security Labs
2
Introduction Simple Power Analysis (SPA) and
Differential Power Analysis (DPA) Introduced by P. Kocher, J. Jaffe, and B. Jun Can be potentially used to compromise keys and critical security parameters
3
SPA and DPA Simple power analysis requires measurement and observation of time-resolved power traces Differential power analysis includes statistical sampling and analysis of correlations Other physical characteristics can be used such as intensity of electromagnetic emissions (EMA)
4
SPA and DPA Do not require expensive equipment and are relatively easy to implement Descriptions of techniques and experimental setups are readily available
5
Proposed Countermeasures
Physical shielding Random power consumption elements Randomizing algorithm execution Randomizing circuit timing Interleaving code with dummy instructions Redesigning cryptographic algorithms Redesigning circuit layouts …
6
FIPS 140-2 Currently lacks SPA and DPA requirements
This makes it somewhat outdated as a security standard, in particular for smartcards Adding SPA and DPA requirements could be a logical step to consider for FIPS 140-3
7
FIPS Security Levels Level 1 – no significant physical security requirements Level 2 – tamper evidence or ability to detect key compromise Level 3 and Level 4 – key destruction in case of compromise
8
FIPS Security Levels SPA and DPA = key compromise without traces of tampering Level 2 seems to be appropriate
9
FIPS 140-2 Module Types single-chip (e.g. smartcard)
multiple-chip embedded (crypto accelerator card) multi-chip standalone (router or PC) most published SPA/DPA attacks – single chip modules SPA/DPA requirements could be limited to single-chip modules only
10
Testing Lab Considerations
Typical FIPS testing costs < $50K Assuming 20% of total costs one has $5K-10K for SPA/DPA testing 1-2 person/weeks Typical equipment items: digital oscilloscope, DC power supply, function generator, PC. Total < $5K
11
SPA/DPA Testing Requirements
Simple Reproducible Standard experimental setup across labs Standard testing methods for each Approved algorithm Standard software (could be developed by NIST)
12
Staff Training Need staff members familiar with applied physics and electrical engineering concepts DPA requires familiarity with a number of concepts in statistics NVLAP Handbook for CMVP labs would need to be revised to include SPA/DPA training requirements
13
Criteria for SPA/DPA requirements
Simple criteria should be preferred Having to analyze all measures and countermeasures would put undue burden on the lab Physically measurable criteria would be preferred Many papers list signal-to-noise ratio as a sensible criterion
14
Criteria for SPA/DPA requirements
The exact definition of the signal-to-noise ratio would be left to experts Could be different for SPA vs. DPA Any signal-to-noise ratio definition would not guarantee security due to feasibility of various noise-cancellation techniques Signal-to-noise threshold could deter attackers with low attack potential
15
Summary Adding SPA/DPA requirements to future versions of FIPS 140 seems justified Candidate testing requirements shall be reviewed to assess potential implications for labs and vendors Simple and well-defined requirements are preferred
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.