Did you know that Rambus is helping a number of industry heavyweights protect smartphones and tablets against side-channel attacks?
In recent years, Rambus has licensed its DPA countermeasure technology to multiple corporations including Broadcom, Infineon, ST Microelectronics and Samsung. More specifically, more than 7 billion devices will be manufactured in 2014 with DPA countermeasures licensed from the Cryptography Research (CR) Division of Rambus.
So, what are DPA countermeasures, exactly? Well, smartphones and tablets contain cryptographic keys tasked with protecting payments, VPN/network connections and on-device flash memory. Although some mobile devices include basic countermeasures, many lack sufficient protection and can therefore be easily compromised.
To be sure, even a simple radio is capable of gathering side-channel information by eavesdropping on frequencies emitted by mobile devices. In some cases, secret keys can be recovered from a single transaction clandestinely performed by a device several feet away.
“Ask any enterprise, organization or user today ‘How can someone get hold of your most sensitive information or perform transactions on your behalf?’” Invariably, they will mention a smart-phone or tablet,” said Pankaj Rohatgi Technical Director, Hardware Security Solutions at the Cryptography Research Division of Rambus.
“These days, there are a significant numbers of apps that essentially shuffle sensitive information and content back and forth between enterprises, clouds and content providers and your smartphone. In fact, an increasing number of apps allow a smartphone to become proxy for a variety of use cases including payments, managing home security platforms and activating climate control systems.”
As Rohatgi points out, the above-mentioned apps typically rely on smartphone-based cryptography solutions to protect sensitive information and transactions.
“For example, a bank or your email server believes it is OK to perform a money transfer or forward confidential email to a smartphone. This is because the handset has proven it holds a secret cryptographic that belongs only to you and is kept safely by your device,” he explained.
“But is that key really kept secure by your smartphone? What happens if an attacker pulls the secret key from your smartphone and puts it in an unauthorized device? Well, in that case, the obvious happens – the bank will be fooled into performing a transaction initiated by an attacker’s handset, with an unsuspecting server happily sending your email to the attacker.”
In fact, says Rohatgi, stolen cryptographic keys lifted from a smartphone can be used to serve up gigabytes of sensitive personal and corporate information, while inadvertently facilitating the unauthorized execution of multiple transactions.
“As such, our DPA countermeasures offer a combination of software, hardware and protocol techniques specifically designed to protect tamper-resistant devices from side-channel attacks. These include leak reduction, incorporating randomness, generating amplitude and temporal noise, as well as executing protocol-level countermeasures,” he added.
Interested in learning more about how Rambus is helping to secure SoCs, devices and content? You can read more about our DPA countermeasures here, CryptoFireWall Cores here and CryptoManager platform here.