Paul Kocher’s presentation at the General Session of the 2003 RSA Conference.
Download “Securing Unusually High Threat Systems – RSA 2003”
Securing Unusually High Threat Systems – RSA 2003
Self-protecting digital content
Despite the high public profile of piracy as a threat to intellectual property owners, surprisingly little useful research has been done to understand the range of technical solutions that are feasible. This paper presents results from a study sponsored by Cryptography Research, Inc. to determine how cryptographic systems can provide the most effective long-term deterrent to the piracy of digital video and other content distributed on optical media.
Although numerous products and technologies have been advertised as solutions to the problem of piracy, most commercial security systems fail catastrophically once an implementation is compromised. These designs can work in limited deployments, but any technology deployed as part of a major standard will inevitably attract extremely determined attacks – and some implementations will get broken. The long lifespan of media formats, diversity of player implementations, complexity of security/usage models, and constantly-changing risk scenarios provide attackers with numerous avenues of attack and the time and resources to explore them. As a result, effective content protection systems must be able to survive compromises and adapt to new threats.
Hacking Cryptosystems – RSA 2002
Paul Kocher’s presentation at the Hackers and Threats track of the 2002 RSA Conference.
Intel Random Number Generator
Good cryptography requires good random numbers. This paper evaluates the hardware-based Intel Random Number Generator (RNG) for use in cryptographic applications.
Almost all cryptographic protocols require the generation and use of secret values that must be unknown to attackers. For example, random number generators are required to generate public/private keypairs for asymmetric (public key) algorithms including RSA, DSA, and Diffie-Hellman. Keys for symmetric and hybrid cryptosystems are also generated randomly. RNGs are also used to create challenges, nonces (salts), padding bytes, and blinding values. The one time pad – the only provably-secure encryption system – uses as much key material as ciphertext and requires that the keystream be generated from a truly random process.
Because security protocols rely on the unpredictability of the keys they use, random number generators for cryptographic applications must meet stringent requirements. The most important is that attackers, including those who know the RNG design, must not be able to make any useful predictions about the RNG outputs. In particular, the apparent entropy of the RNG output should be as close as possible to the bit length.
Differential Power Analysis
Abstract: Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. This paper examines specfi c methods for analyzing power consumption measurements to and secret keys from tamper resistant devices. We also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Introduction to Differential Power Analysis and Related Attacks
As part of Cryptography Research’s ongoing cryptosystem research activities, we have been analyzing how to improve security of portable cryptographic tokens, including smart cards. Over the past year and a half, we have been working with the smart card vendor community to address attacks we have developed including Simple Power Analysis, Differential Power Analysis, High-Order Differential Power Analysis, and other related techniques. These are technically sophisticated and extremely powerful analysis tools that can be used by a cryptanalyst to extract secret keys from cryptographic devices.
Download “Introduction to Differential Power Analysis and Related Attacks”
