Ask the Expert

How will differential power analysis attacks compromise cryptographic keys?

Differential power analysis (DPA) attacks, I heard, can target victims by measuring electromagnetic signals emitted by chips. Is this a realistic attack that can be used to steal cryptokeys from mobile devices? It sounds like the attack requires some pretty specialized equipment.

    Requires Free Membership to View

Differential power analysis (DPA) is currently fairly exotic, but there have been other fairly exotic attacks that have been perfected over time and become more widely used by attackers; just because an attack method seems farfetched today, that doesn't mean it should be permanently disregarded.

DPA attacks operate by measuring power levels at different parts in chips, particularly trying to identify encryption keys. Researchers use various tools to measure power usage when a device performs operations using encryption keys. Measuring the power usage determines what kind of computational operations are being done by a device. DPA attacks in turn extract knowledge of how encryption algorithms operate to be able to find the encryption keys.

With the advancements in field-programmable gate arrays (chips and chip components designed to be changed by a reseller after the manufacturing process) and advancement in DPA tools, even more attacks will become plausible. Advancements in DPA may make it more viable for attackers to go after the cryptokeys in mobile devices.

One additional point to remember is that attacks only get more creative over time and that any security control can be broken. It's wise to plan ahead when research suggests that exotic attacks will become more accessible. In this case, enterprises should keep these types of attacks in mind when looking into systems that depend on the security of one part of the system to stop a user from analyzing the operations of a device in great detail. Enterprises should plan for these types of attacks and make sure the application or system is easily patched or upgraded to defend against DPA or other types of attacks.

This was first published in May 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: