The growth of computing, graphics, neural processing power, communication bandwidth, and storage capacities have enabled amazing solutions. These innovations have created great value for society, and that value must be protected from exploitation by adversaries. This whitepaper explores many of these major technology changes and how Rambus’ security offerings help in tackling the new embedded security challenges of device and silicon manufacturers.
Side-channel attacks conducted against electronic systems are relatively simple and inexpensive to execute. An attacker does not need to know specific implementation details of the cryptographic device to perform these attacks and extract keys. As all physical electronic systems routinely leak information, effective side-channel countermeasures such as Rambus’ DPA Resistant Hardware Cores (DPARC) or DPA Software Library (DPASL) should be implemented at the design stage to ensure protection of sensitive keys and data. After the implementation of hardware or software countermeasures, systems should be carefully evaluated with a Test Vector Leakage Assessment (TVLA) platform such as the Rambus DPA Workstation (DPAWS) to confirm the cessation of sensitive side-channel leakage.
Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). An attacker does not need to know specific implementation details of the cryptographic device to perform these attacks and extract keys. As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.
This document describes requirements and test procedures for qualifying DPA-resistant implementations of cryptographic algorithms with specific instructions and test vectors for AES. Expected lab and analyst proficiency, device setup, data acquisition, signal processing, analysis and evaluation procedures are described herein.
Is your mobile device’s EM emissions leaking your keys? A mobile app can inadvertently radiate secret data as cryptographic processing is done by the CPU. We’ll use a simple antenna and radio to perform live key extraction from several modern handheld devices. Developers can use several techniques to mitigate risk whenever applications use high-valued cryptographic keys.
As the functionality of mobile devices has increased, so have the threats. These devices make attractive targets, given the sensitivity of user and corporate data they process and store, their emerging use for viewing protected content and conducting sensitive banking and payment transactions. Until recently, hardware and software based defenses for mobile platforms lagged behind those found in more mature systems.