![[ IBM Research ]](/research/newmast/projectmasts/masthead10.GIF)
Internet Security Group: Power Analysis
Power Analysis is a type of security attack.It is a way to extract
information from an electronic system by examining the power supply
current over time. By doing this it is possible to figure out exactly
what some computing systems are doing. It is even possible in some
cases to extract cryptographic keys or other secrets.
Each time a computer executes an instruction, or fetches or stores a
data item, transistors switch on and off. The current consumed by all
of the transistors in the computer at any one instant, is reflected in
the total power supply current.
Smart cards, because they have little or no power filtering, and
because they have a relatively slow clock frequency have proven very
susceptible to power analysis attacks.
Several things can be seen in a power sample. The spikes in the signal
are in sync with the clock signal, or a multiple of the clock
signal. It can also be seen that the amplitude (height) of the signal
varies. This variation is the result of different activities going on
inside the smart card and different data being manipulated. These
traces can be analyzed and information may be extracted.
Paul Kocher, Joshua Jaffe, and Benjamin Jun of Cryptography Research,
Inc. have performed some of the recent work in this area and has
presented this work in their paper:
Introduction
to Differential Power Analysis and Related Attacks.
Kocher and his associates have divided power analysis into two general
groups. Differential Power Analysis (DPA), is a statistical attack on
a cryptographic algorithm which compares an hypothesis with a measured
outcome and is capable, in many cases, of extracting an encryption key
from a smart card or other computing device. Simple Power Analysis
(SPA), is the direct analysis of the recorded power data to determine
actions and data.
Our team has duplicated the SPA/DPA attacks on smart cards in an
effort to understand the security exposures, the underlying causes for
the exposures and then proposed countermeasures for fixing them. We
have investigated how these techniques can be applied across a wide
variety of ciphers such as the candidates for the Advanced Encryption
Standard. We have also developed a model for reasoning about these
attacks and have shown that a lower bound on the number of power
samples needed to launch such attacks.
1. Suresh Chari, Charanjit Jutla, Josyula R. Rao and Pankaj Rohatgi,
"A Cautionary Note Regarding evaluation of AES Candidates on Smart
Cards", Second Advanced Encryption Standard Candidate Conference, Rome
March 1999.
2. Suresh Chari, Charanjit Jutla, Josyula R. Rao and Pankaj Rohatgi,
"Towards Sound Approaches to Counteract Power Analysis Attacks",
In the Proceedings of CRYPTO '99, Springer Verlag, LNCS 1666.
![[ Find ]](http://www.ibm.com/i/v8/b/fi.gif){kind=small}
![[ News ]](http://www.ibm.com/i/v8/b/ne.gif){kind=small}
![[ Products ]](http://www.ibm.com/i/v8/b/pro.gif){kind=small}
![[ Support ]](http://www.ibm.com/i/v8/b/su.gif){kind=small}
![[ Business solutions ]](http://www.ibm.com/i/v8/b/so.gif){kind=small}
![[ Inside IBM ]](http://www.ibm.com/i/v8/b/ins_h.gif){kind=small}
![[ Interest groups ]](http://www.ibm.com/i/v8/b/int.gif){kind=small}
