Investigation of Power Analysis Attacks

Lead Research Organisation: University of Bristol
Department Name: Computer Science

Abstract

This research proposal aims to scrutinize the application and to expand the theory of power analysis attacks. Power analysis attacks allow the extraction of secret information from smart cards and other cryptographic devices. Smart cards are used in many applications including banking, mobile communications, pay TV, and electronic signatures. In all these applications, the security of the smart cards is of crucial importance.In the proposed research, emphasis will be on advanced power analysis techniques. These techniques use sophisticated statistical tools in order to reveal the key given only a very limited number of power traces. This is important in applications in which it is assumed that the attacker has only very limited access to the device during the attack. Studying such advanced techniques is also important because the only way to defend against power analysis attacks is to understand them thoroughly. Consequently, the first project goal is to investigate (advanced) power analysis attacks. The second project goal is to look at definitions for security in the context of power analysis attacks. The third project goals unites the first and the second goal: it aims at cryptographic implementations that are secure against certain classes of power analysis attacks.
 
Description The research outcomes relate to the secure implementation of cryptographic algorithms on devices such as smart cards, mobile phones, etc. We pursued three strands of open questions and achieved several interesting and practically relevant results. Firstly, we looked at the applicability of so called template attacks which are considered to be the strongest implementation attacks in an information theoretic sense. We found new ways of utilising such attacks to to for instance mount attacks on devices using less information (e.g. attacks that do not require knowledge of inputs). Secondly we looked at evaluation strategies to assess the security of devices. We found that under certain conditions, the most commonly used side channel attacks are actually equivalent and differences observed in paper relating to practical results are statistical artifacts sometimes related to insufficient experimental setups. Thirdly we investigated the secure implementation of so-called public-key cryptography and put forward some new algorithms.
Exploitation Route Outcomes are of interest to industry and evaluators of secure tokens as they help to minimise effort for evaluations. In addition we discovered new attacks which now can be mitigated against.
Sectors Digital/Communication/Information Technologies (including Software),Electronics
 
Description The outcomes of this research span across new results on methods relevant for security evaluations, new attacks, new countermeasures, etc. Such findings influence implementation choices by key industry (arguably as the key players are eager to converse and discuss in private) and this is also evidenced by the fact that we publish with industrial co-authors.
First Year Of Impact 2010
Sector Digital/Communication/Information Technologies (including Software),Electronics
Impact Types Economic,Policy & public services