Investigation of Power Analysis Attacks
Lead Research Organisation:
University of Bristol
Department Name: Computer Science
Abstract
This research proposal aims to scrutinize the application and to expand the theory of power analysis attacks. Power analysis attacks allow the extraction of secret information from smart cards and other cryptographic devices. Smart cards are used in many applications including banking, mobile communications, pay TV, and electronic signatures. In all these applications, the security of the smart cards is of crucial importance.In the proposed research, emphasis will be on advanced power analysis techniques. These techniques use sophisticated statistical tools in order to reveal the key given only a very limited number of power traces. This is important in applications in which it is assumed that the attacker has only very limited access to the device during the attack. Studying such advanced techniques is also important because the only way to defend against power analysis attacks is to understand them thoroughly. Consequently, the first project goal is to investigate (advanced) power analysis attacks. The second project goal is to look at definitions for security in the context of power analysis attacks. The third project goals unites the first and the second goal: it aims at cryptographic implementations that are secure against certain classes of power analysis attacks.
Organisations
People |
ORCID iD |
Maria Oswald (Principal Investigator) |
Publications
Amiel F
(2009)
Selected Areas in Cryptography
Hanley N
(2009)
Information Security Applications
Hanley N
(2011)
Using templates to distinguish multiplications from squaring operations
in International Journal of Information Security
Joye M
(2009)
Progress in Cryptology - AFRICACRYPT 2009
Mangard S
(2011)
One for all - all for one: unifying standard differential power analysis attacks
in IET Information Security
Markantonakis K
(2009)
Attacking smart card systems: Theory and practice
in Information Security Technical Report
McEvoy R
(2009)
Isolated WDDL A Hiding Countermeasure for Differential Power Analysis on FPGAs
in ACM Transactions on Reconfigurable Technology and Systems
Medwed M
(2009)
Information Security Applications
Smart N
(2008)
Randomised representations
in IET Information Security
Standaert F
(2010)
Advances in Cryptology - ASIACRYPT 2010
Tunstall M
(2011)
Practical complexity differential cryptanalysis and fault analysis of AES
in Journal of Cryptographic Engineering
Tunstall M
(2009)
Information Security and Privacy
Description | The research outcomes relate to the secure implementation of cryptographic algorithms on devices such as smart cards, mobile phones, etc. We pursued three strands of open questions and achieved several interesting and practically relevant results. Firstly, we looked at the applicability of so called template attacks which are considered to be the strongest implementation attacks in an information theoretic sense. We found new ways of utilising such attacks to to for instance mount attacks on devices using less information (e.g. attacks that do not require knowledge of inputs). Secondly we looked at evaluation strategies to assess the security of devices. We found that under certain conditions, the most commonly used side channel attacks are actually equivalent and differences observed in paper relating to practical results are statistical artifacts sometimes related to insufficient experimental setups. Thirdly we investigated the secure implementation of so-called public-key cryptography and put forward some new algorithms. |
Exploitation Route | Outcomes are of interest to industry and evaluators of secure tokens as they help to minimise effort for evaluations. In addition we discovered new attacks which now can be mitigated against. |
Sectors | Digital/Communication/Information Technologies (including Software),Electronics |
Description | The outcomes of this research span across new results on methods relevant for security evaluations, new attacks, new countermeasures, etc. Such findings influence implementation choices by key industry (arguably as the key players are eager to converse and discuss in private) and this is also evidenced by the fact that we publish with industrial co-authors. |
First Year Of Impact | 2010 |
Sector | Digital/Communication/Information Technologies (including Software),Electronics |
Impact Types | Economic,Policy & public services |