Simple Power Analysis (SPA) and Differential Power Analysis (DPA) are powerful, non-invasive side channel attacks that allow adversaries to compromise the security of tamper-resistant devices by analyzing their power consumption. SPA recovers secret keys through direct observation of a device’s power consumption, while DPA attacks employ statistical techniques to extract secret key information from multiple power consumption measurements. DPA can extract secret keys in a noisy environment where the power consumption of the cryptographic computation is a very small fraction of the overall power consumption of a system. DPA Countermeasures were developed to protect tamper-resistant devices against side channel attacks including SPA, DPA and related electromagnetic (EM) attacks.
DPA Countermeasures consist of a broad range of software, hardware, and protocol techniques that protect tamper-resistant devices from side channel attacks in a number of ways including:
- Leak reduction – reducing information leaked into the side channel to decrease signal-to-noise (S/N) ratios
- Amplitude and temporal noise – adding amplitude or temporal noise into the side channel to decrease S/N ratio
- Balanced hardware and software – using hardware and software-based techniques to represent and process data in ways designed to minimize observable data-dependent variations within the side channel
- Incorporating randomness – representing cryptographic intermediates in forms that incorporate unpredictable information to reduce correlation between side channels and the original intermediates
- Protocol-level countermeasures – modifying cryptographic protocols using key update mechanisms to limit the amount of side channel information available to an attacker for any particular key
Device and system manufacturers, and end users benefit from the high-levels of security that are provided at the hardware level to protect against side channel attacks. Devices and industries that benefit from DPA Countermeasures include telecommunications, payments and banking, entertainment, pay television, government and defense, mobile devices, automotive, smart cards, media storage and integrated circuits.