This document describes requirements and test procedures for qualifying DPA-resistant implementations of cryptographic algorithms with specific instructions and test vectors for AES. Expected lab and analyst proficiency, device setup, data acquisition, signal processing, analysis and evaluation procedures are described herein.
Is your mobile device’s EM emissions leaking your keys? A mobile app can inadvertently radiate secret data as cryptographic processing is done by the CPU. We’ll use a simple antenna and radio to perform live key extraction from several modern handheld devices. Developers can use several techniques to mitigate risk whenever applications use high-valued cryptographic keys.
As the functionality of mobile devices has increased, so have the threats. These devices make attractive targets, given the sensitivity of user and corporate data they process and store, their emerging use for viewing protected content and conducting sensitive banking and payment transactions. Until recently, hardware and software based defenses for mobile platforms lagged behind those found in more mature systems.
The goal of a side‐channel resistance validation program is to assess whether a cryptographic module utilizing side‐channel analysis countermeasures can provide resistance to these attacks commensurate with the desired security level. While, no standardized testing program can guarantee resistance against all attacks, an effective program should be able to validate that sufficient care was taken in the design and implementation of countermeasures.
Data encryption and decryption operations are basic building blocks for most security applications. For this purpose, most systems use block ciphers, such as the public AES standard. It is well known, however, that implementations of block ciphers such as AES, as well as other cryptographic algorithms, are subject to side-channel attacks . These attacks allow adversaries to extract secret keys from devices by passively monitoring power consumption, EM emissions, or other “side channels”. Differential power analysis (DPA) is a common side channel attack that leverages power measurements.
The power consumed by a circuit varies according to the activity of its individual transistors and other components. As a result, measurements of the power used by actual computers or microchips contain information about the operations being performed and the data being processed. Cryptographic designs have traditionally assumed that secrets are manipulated in environments that expose no information beyond the specified inputs and outputs.