Security IP
Is Your Mobile Device Radiating Keys?
Is your mobile device’s EM emissions leaking your keys? A mobile app can inadvertently radiate secret data as cryptographic processing is done by the CPU. We’ll use a simple antenna and radio to perform live key extraction from several modern handheld devices. Developers can use several techniques to mitigate risk whenever applications use high-valued cryptographic keys.
Efficient sidechannel testing for public key algorithms: RSA case study
This paper proposes an approach to validate that implementations of public‐key cryptography have moderate resistance to side‐channel analysis, using RSA‐CRT as an example. The design goal of the proposed approach is to develop tests that are technically sound and repeatable, while at the same time being efficient and cost‐effective for testing labs. The approach was validated on two devices, one without countermeasures and another with some DPA countermeasures.
Download “Efficient side-channel testing for public key algorithms: RSA case study”
Intel Ivy Bridge Random Number Generator
Good cryptography requires good random numbers. This paper evaluates Intel’s hardware-based digital random number generator (RNG) for use in cryptographic applications.
Almost all cryptographic protocols require the generation and use of secret values that must be unknown to attackers. For example, random number generators are required to generate public/private keypairs for asymmetric (public key) algorithms including RSA, DSA, and Diffie-Hellman. Keys for symmetric and hybrid cryptosystems are also generated randomly. RNGs are used to create challenges, nonces (salts), padding bytes, and blinding values.
Because security protocols rely on the unpredictability of the keys they use, random number generators for cryptographic applications must meet stringent requirements. The most important property is that attackers, including those who know the RNG design, must not be able to make any useful predictions about the RNG outputs. In particular, the apparent entropy of the RNG output should be as close as possible to the bit length.
Mobile Device Security: The case for side channel resistance
As the functionality of mobile devices has increased, so have the threats. These devices make attractive targets, given the sensitivity of user and corporate data they process and store, their emerging use for viewing protected content and conducting sensitive banking and payment transactions. Until recently, hardware and software based defenses for mobile platforms lagged behind those found in more mature systems.
Download “Mobile Device Security: The case for side channel resistance”
A testing methodology for side-channel resistance validation
The goal of a side‐channel resistance validation program is to assess whether a cryptographic module utilizing side‐channel analysis countermeasures can provide resistance to these attacks commensurate with the desired security level. While, no standardized testing program can guarantee resistance against all attacks, an effective program should be able to validate that sufficient care was taken in the design and implementation of countermeasures.
Download “A testing methodology for side-channel resistance validation”