Side Channel Cryptanalysis       

links

Side Channel Cryptanalysis - overview


Security Protocols are designed to guarantee the privacy and integrity of information exchanged over an open communication network against malicious adversaries on the network. Typcially, a crucial assumption in the deployment of these protocols is that the entities are in possession of cryptographic tokens such as smart cards. Cryptanalytic techniques such as TEMPEST and power analysis try to attack the security guarantees of such tokens. They exploit information leaked during computation such as power consumption characteristics/EMF emanations to infer details of computations and cryptographic secrets stored in these tokens.

While side channel cryptanalysis attacks affect a variety of systems, smart cards are especially vulnerable as they depend on an external source for their power consumption and provide minimal shielding.

Our team has done substantial work on Power Analysis and Countermeasures, EM Analysis and Side-channel Information extraction using Template Attacks. We continue to seek and develop new techniques for side-channel attacks and countermeasures and to explore new applications of existing techniques.

Our more recent work has focused on using side-channels to detect trojans that may have been introduced in ICs due to a compromise in the manufacturing process. This work was done as part of a DARPA seedling study in 2006, in collaboration with Prof Berk Sunar's team at WPI. We showed that using side-channels we can create fingerprints for the set of ICs produced from a particular mask at a manufacturing facility. These fingerprints take in account the impact of process variations in the manufacturing process. If the ICs used to create the fingerprint were free of Trojan circuits (e.g., this could be verified using destructive testing) then the side-channel fingerprint could be used to non-destructively detect the presence of any Trojans that may have been introduced in the ICs manufactured subsequently. Further details on this work are available in the IBM Research Report RC24110