Side-channel analysis, and specifically Differential Power Analysis (DPA), can be used as an attack, statistically analyzing power consumption measurements from a cryptosystem. DPA attacks exploit biases in the varying power consumption of microprocessors or other hardware while performing operations using secret keys. With DPA, an attacker can obtain secret keys by analyzing power consumption measurements from multiple cryptographic operations performed by a vulnerable device.
Historically, solutions that included robust encryption/decryption algorithms with cryptographic keys were considered secure, as brute force attacks have ultimately become infeasible due to the increased key length of the cryptographic algorithm. However, side-channel attacks bypass some of the mathematical properties of a cryptographic system, instead, focusing on its implementation in hardware or software. Specifically, cryptographic systems routinely leak information about the internal state of computations. As a result, attackers can exploit various techniques to extract the key and other secret information from the device.
Rambus’ Countermeasure Validation Program
To address DPA attacks, the Countermeasure Validation Program is a comprehensive and rigorous security testing procedure that uses independent accredited testing labs. The program specifies procedures for independent testing of chipsets and System on Chips (SoC) to evaluate their resistance to DPA and other side-channel attacks. As it is important for products to have DPA resistance, the Countermeasure Validation Program helps chip purchasers and downstream customers identify licensed devices with the most robust and effective security against DPA attacks.
Thales, a DPA Countermeasure Validation Licensee
In December, 2016, Thales renewed its DPA countermeasures license agreement with Rambus. Under the new five-year agreement, the Thales line of Hardware Security Modules (HSMs licensed to include protections against side-channel attacks, including high-performance data center appliances. To date, Thales is the only HSM company to have passed the DPA Countermeasures Validation program, thereby certifying that its products meet a stringent level of protection against side-channel attacks.
What is crucial is that, in an HSM, the master key is tamper-resistant and that only authorized users can request specific operations with the key. It is important that this process is secured, and as with any use of secrets, there is a possibility that the key could be leaked via a side-channel if not adequately protected.
“Cyber-threats and attacks are becoming increasingly sophisticated and pervasive,” said Cindy Provin, chief strategy and marketing officer at Thales. “By adding Rambus DPA countermeasures, we are able to protect against side-channel attacks, which adds an important element in our robust data security solutions.”
The Countermeasure Validation Program has also found use outside of HSM, with companies such as Boeing, Nvidia, Idaho Scientific, the Athena Group, NAGRA, and Winbond signing on as licensees. However, as far as HSM companies are concerned, Thales is the only HSM vendor who has gone through the program.
The Bottom Line
While systems have bolstered themselves against brute force attacks through robust encryption/decryption algorithms with cryptographic keys, DPA attacks can bypass those security measures. As a result, protection against side-channel attacks is crucial. Rambus’ DPA Countermeasures Program is a rigorous testing program that aims to certify products that have DPA resistance, and Thales is the only HSM provider that has taken on the challenge of building leak-resistant, secure solutions that can resist side-channel attacks. The successful completion of the Countermeasure Validation Program is a significant step towards making data safer.