Problem solve Get help with specific problems with your technologies, process and projects.

How will differential power analysis attacks compromise cryptographic keys?

Learn about differential power analysis attacks that target victims by measuring electromagnetic signals emitted by chips and then stealing cryptokeys from mobile devices.

Differential power analysis (DPA) attacks, I heard, can target victims by measuring electromagnetic signals emitted by chips. Is this a realistic attack that can be used to steal cryptokeys from mobile devices? It sounds like the attack requires some pretty specialized equipment.
Differential power analysis (DPA) is currently fairly exotic, but there have been other fairly exotic attacks that have been perfected over time and become more widely used by attackers; just because an attack method seems farfetched today, that doesn't mean it should be permanently disregarded.

DPA attacks operate by measuring power levels at different parts in chips, particularly trying to identify encryption keys. Researchers use various tools to measure power usage when a device performs operations using encryption keys. Measuring the power usage determines what kind of computational operations are being done by a device. DPA attacks in turn extract knowledge of how encryption algorithms operate to be able to find the encryption keys.

With the advancements in field-programmable gate arrays (chips and chip components designed to be changed by a reseller after the manufacturing process) and advancement in DPA tools, even more attacks will become plausible. Advancements in DPA may make it more viable for attackers to go after the cryptokeys in mobile devices.

One additional point to remember is that attacks only get more creative over time and that any security control can be broken. It's wise to plan ahead when research suggests that exotic attacks will become more accessible. In this case, enterprises should keep these types of attacks in mind when looking into systems that depend on the security of one part of the system to stop a user from analyzing the operations of a device in great detail. Enterprises should plan for these types of attacks and make sure the application or system is easily patched or upgraded to defend against DPA or other types of attacks.

This was last published in May 2010

Dig Deeper on Emerging cyberattacks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.