Security Icon

Security

DPA Workstation Analysis Platform

Designed for leading security chip vendors, product companies, testing labs, and government organizations, the DPA Workstation analysis platform is the world’s premier side-channel analysis platform that includes all of the hardware, software, and training needed to evaluate and certify secure devices. DPA Workstation is available with Riscure Fault Injection (FI) products that offers complete fault injection functionality as well as Differential Fault Analysis (DFA).

How the DPA Workstation Analysis Platform works

DPA Workstation (DPAWS) 8 is a powerful and flexible testing platform that includes an integrated suite of hardware and powerful data visualization software for testing and analyzing the vulnerabilities of cryptographic chips and systems to power and electromagnetic (EM) side-channel attacks. Designed to support every stage of the side-channel analysis process, DPAWS 8 enables customers to quickly and easily identify and address potential security flaws in tamper-resistant systems and SoCs. DPAWS allows an analyst to collect power consumption or electromagnetic emission signals coming from a cryptographic device while it performs operations using secret keys.

DPAWs 8 video

Learn about DPA Workstation 8

These collected signals can be examined using Simple Power and Electromagnetic Analysis (SPA/SEMA) or more powerful Differential Power and Electromagnetic Analysis (DPA/DEMA) to identify exposure of secret keys. Integrated fault injection and analysis capability is also available.

Log-in to access the DPA Support portal.

Introduction to Side-Channel Attacks eBook

Introduction to Side-Channel Attacks

Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). As all physical electronic systems routinely leak information, effective side-channel countermeasures should be implemented at the design stage to ensure protection of sensitive keys and data.

Download eBook

What’s Included

Our platform includes everything needed to collect, process, and analyze algorithms and devices out of the box. Custom test fixtures are included for analysis of smart cards and FPGA algorithms. Additionally, DPAWS provides the flexibility so that you can interface to your own devices. Signal probes, filters, and a wideband amplifier, used to acquire signals from a device under test, are provided with the DPAWS to improve your startup time. A carefully selected digital oscilloscope and PCI data acquisition card facilitate a wide variety of data collection. Collections and analyses can be scripted using native Python or MATLAB modules. Powerful visualization and analysis tools are included to facilitate the rapid and complete testing of hypotheses.

Customers also receive an in-depth training course covering both theoretical and practical aspects side-channel analysis.

Riscure Fault Injection

Riscure Fault Injection (FI) offers a comprehensive set of features to perform fault injection testing on embedded devices. FI users can test whether they can extract a key by inducing faults in a chip’s cryptographic operations, bypass a check such as an authentication or a lifecycle state, or change the program flow on a chip. Rambus partners with Riscure to provide the best comprehensive, integrated, one-stop side-channel test capability.

DPAWS is available to testing labs, product vendors and organizations with business needs for side-channel analysis capabilities. Product vendors can pre-test products, saving testing costs and product development time.

Solution Offerings

Supports Complete DPA Workflow

  • Users can perform every stage of the side-channel analysis process:
    • Exploration
    • Acquisition
    • Signal/Pre-Processing
    • Prediction
    • Analysis/Partition
    • Hypothesis Evaluation
  • Project Library Management System
    • Simple organization of test and analysis scripts in addition to the collected data
  • Integrated Help System
    • Increase productivity and effectiveness of DPAWS with easy to use FAQs, wizards and knowledge base

Scripting modules for efficient development of collection and analysis scripts

  • Scope interface
  • Device-under-test (DUT) interface
  • Unified dataset API
  • Cryptographic algorithm support
  • Test data generators
  • Interface to trace viewer
  • Scripting utilities

Powerful data visualization software

  • Intuitive interface – easy to learn and use
  • View collected traces
  • SPA and trace difference analysis
  • View results of DPA
  • Supports alignment and other processing tools
  • Integrates with scripting modules
  • Accommodates display of very large traces and data sets

Ease of Data Acquisition

  • Supports efficient data capture from multiple A/D sampling devices and manipulation of very large data sets.
    • Interface with network-connected digital oscilloscopes.
    • Interface with PCI A/D sampling cards.
    • Waveform filtering, alignment, and compression routines.

Fault Injection

  • Flexible: A powerful instruction set to program any fault injection attack scenario. Scenarios can be developed from the user interface or the IDE if more control is desired.
  • Time-independent triggering: Accurately trigger a fault injection attack by triggering on the actual waveform rather than elapsed time.

Multiple Devices and Sensors

  • Data collection environment is compatible with multiple device interfaces, form factors, and sensor types.
    • Device types
      • FPGA (including DPAD reference platform)
      • SoC
      • Smartcards and embedded platforms
    • Sensor support
      • Direct power measurement
      • Field probes (electric, magnetic)

Cipher Support

  • Analyze a full range of standard ciphers and hashing algorithms:
    • Turnkey support for AES, DES, RSA, ECC, SHA-256
    • Selection functions regularly updated to support new vulnerabilities

Analysis Versatility

  • DPAWS can be used for simple device characterization to advanced DPA.
    • Simple Power/EM Analysis (SPA/SEMA)
    • Trace pair differentials
    • Differential Power/EM Analysis (DPA/DEMA)
    • High-Order Differential Power Analysis (HO-DPA)

Analysis Workbench

  • DPAWS device interface and data collection environment
  • Signal processing
  • Hypothesis generation
  • Optimized DPA analysis utilities
  • Analysis tools

Hardware

  • Oscilloscope and PCI high-speed sampling card
  • Test fixtures included:
    • DPAD FPGA testing platform
    • Smart card test fixture
  • Test probes, filters, and signal amplifier

Analysis Software

  • DPAWS modules for scripting in Python or MATLAB
  • DPA Integrated Analysis Application for side-channel test
  • Custom tools for:
    • Signal processing
    • Trace Data Alignment
    • Hypothesis generation / sorting
    • Highly optimized DPA analysis
    • Higher-order analysis
    • Visualization
  • Source code which allows for customization and adaptation of the Test Environment
  • Scripting and source code development environment
  • MATLAB License
  • Visual Studio License
  • Integrated Help Section
    • FAQs, tutorials and wizards
 

Hardware

  • Workstation-class PC
  • Oscilloscope
  • PCI high-speed sampling card
  • DPAD FPGA test fixture
  • Smart card test fixture
  • Probe set
  • Filter set
  • Wideband Signal Amplifier
 

Documentation and Training Materials

Our DPA Workstation™ Platform includes hands-on training and continued technical support. Customers receive a 5-day training at our Cryptography Research office in San Francisco. Trainees learn fundamentals of SPA and DPA, device data collection, and workstation analysis workflows.

  • 5-day training focus areas:
    • Simple Power Analysis
    • Differential Power Analysis
    • Electromagnetic Analysis
    • Advanced DPA topics
    • Certifying DPA-resistant products
  • Hands-on training topics:
    • DPA Workstation operation
    • Scripting for collection and analysis
    • Device data collection
    • Signal Processing
    • Trace Data Alignment
    • SPA analysis
    • DPA data analysis
    • Test Vector Leakage Analysis
 

We also offer optional trainings on advanced analysis topics and analysis support.

Protecting Electronic Systems eBook thumbnail

Protecting Electronic Systems from Side-Channel Attacks

Side-channel attacks comprise a wide range of techniques including Differential Power Analysis, Simple Power Analysis, Simple Electromagnetic Analysis, Differential Electromagnetic Analysis, Correlation Power Analysis and Correlation Electromagnetic Analysis. An effective layer of side-channel countermeasures should therefore be implemented via hardware (DPA resistant cores), software (DPA resistant libraries) or both. After layered countermeasures have been implemented, systems should be carefully evaluated to confirm the cessation of sensitive side-channel leakage.

Download eBook

Inventions

Security Icon

DPA Countermeasures

DPA Countermeasures are fundamental techniques for protecting against Differential Power Analysis (DPA) and related side-channel attacks. Consisting of a broad range of software, hardware, and protocol techniques, DPA Countermeasures include reducing leakage, introducing amplitude and temporal noise, balancing hardware and software, incorporating randomness, and implementing protocol level countermeasures.