Presentation is loading. Please wait.

Presentation is loading. Please wait.

Possible Testing Solutions and Associated Costs

Published byClara Marsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Possible Testing Solutions and Associated Costs"— Presentation transcript:

1 Possible Testing Solutions and Associated Costs
SPA and DPA Possible Testing Solutions and Associated Costs Stan Kladko, Ph. D., BKP Security Labs

2 Introduction Simple Power Analysis (SPA) and
Differential Power Analysis (DPA) Introduced by P. Kocher, J. Jaffe, and B. Jun Can be potentially used to compromise keys and critical security parameters

3 SPA and DPA Simple power analysis requires measurement and observation of time-resolved power traces Differential power analysis includes statistical sampling and analysis of correlations Other physical characteristics can be used such as intensity of electromagnetic emissions (EMA)

4 SPA and DPA Do not require expensive equipment and are relatively easy to implement Descriptions of techniques and experimental setups are readily available

5 Proposed Countermeasures
Physical shielding Random power consumption elements Randomizing algorithm execution Randomizing circuit timing Interleaving code with dummy instructions Redesigning cryptographic algorithms Redesigning circuit layouts

6 FIPS 140-2 Currently lacks SPA and DPA requirements
This makes it somewhat outdated as a security standard, in particular for smartcards Adding SPA and DPA requirements could be a logical step to consider for FIPS 140-3

7 FIPS Security Levels Level 1 – no significant physical security requirements Level 2 – tamper evidence or ability to detect key compromise Level 3 and Level 4 – key destruction in case of compromise

8 FIPS Security Levels SPA and DPA = key compromise without traces of tampering Level 2 seems to be appropriate

9 FIPS 140-2 Module Types single-chip (e.g. smartcard)
multiple-chip embedded (crypto accelerator card) multi-chip standalone (router or PC) most published SPA/DPA attacks – single chip modules SPA/DPA requirements could be limited to single-chip modules only

10 Testing Lab Considerations
Typical FIPS testing costs < $50K Assuming 20% of total costs one has $5K-10K for SPA/DPA testing 1-2 person/weeks Typical equipment items: digital oscilloscope, DC power supply, function generator, PC. Total < $5K

11 SPA/DPA Testing Requirements
Simple Reproducible Standard experimental setup across labs Standard testing methods for each Approved algorithm Standard software (could be developed by NIST)

12 Staff Training Need staff members familiar with applied physics and electrical engineering concepts DPA requires familiarity with a number of concepts in statistics NVLAP Handbook for CMVP labs would need to be revised to include SPA/DPA training requirements

13 Criteria for SPA/DPA requirements
Simple criteria should be preferred Having to analyze all measures and countermeasures would put undue burden on the lab Physically measurable criteria would be preferred Many papers list signal-to-noise ratio as a sensible criterion

14 Criteria for SPA/DPA requirements
The exact definition of the signal-to-noise ratio would be left to experts Could be different for SPA vs. DPA Any signal-to-noise ratio definition would not guarantee security due to feasibility of various noise-cancellation techniques Signal-to-noise threshold could deter attackers with low attack potential

15 Summary Adding SPA/DPA requirements to future versions of FIPS 140 seems justified Candidate testing requirements shall be reviewed to assess potential implications for labs and vendors Simple and well-defined requirements are preferred

Download ppt "Possible Testing Solutions and Associated Costs"

Similar presentations

Configuration Management

Configuration Management
RESEARCH CLINIC SESSION 1 Committed Officials Pursuing Excellence in Research 27 June 2013.

RESEARCH CLINIC SESSION 1 Committed Officials Pursuing Excellence in Research 27 June 2013.
An Evaluation of MC/DC Coverage for Pair-wise Test Cases By David Anderson Software Testing Research Group (STRG)

An Evaluation of MC/DC Coverage for Pair-wise Test Cases By David Anderson Software Testing Research Group (STRG)
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
1 COMM 301: Empirical Research in Communication Kwan M Lee Lect4_1.

1 COMM 301: Empirical Research in Communication Kwan M Lee Lect4_1.
Systems Analysis and Design in a Changing World

Systems Analysis and Design in a Changing World
October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi.

October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Larry Wagner Sr. Director of Engineering

Larry Wagner Sr. Director of Engineering
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
FIPS 140-3 Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.

FIPS Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
Selection of Research Participants: Sampling Procedures

Selection of Research Participants: Sampling Procedures
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Controls Lab Interface Improvement Project #06508Faculty Advisors: Dr. A. Mathew and Dr. D. Phillips Project Objectives This work focused on the improvement.

Controls Lab Interface Improvement Project #06508Faculty Advisors: Dr. A. Mathew and Dr. D. Phillips Project Objectives This work focused on the improvement.
CMP3265 – Professional Issues and Research Methods Research Proposals: n Aims and objectives, Method, Evaluation n Yesterday – aims and objectives: clear,

CMP3265 – Professional Issues and Research Methods Research Proposals: n Aims and objectives, Method, Evaluation n Yesterday – aims and objectives: clear,
Overview of Software Requirements

Overview of Software Requirements
Health Informatics Series

Health Informatics Series

Similar presentations

Ads by Google