Cryptographic computational devices have many applications both for the secure transmission of information and for the authentication and verification of the source of information. One application of a cryptographic computational device or system is a smart card, which contains valuable financial and personal data which intended to be kept secret via encryption. These devices, for reason of unauthorized access and/or unlawful benefit, are made object of attacks for extracting their encrypted confidential information, and as a consequence, the security level of said devices may be compromised. Once this event occurs, the attacker can access the otherwise restricted information and capabilities of the device and is then at liberty to engage in malicious activities including authorization of monetary transactions, impersonation of digital signatures and so on. With the global increase in the use of cryptographic computational devices such as chip-based cards or special ICs for electronic identification and authentication protocols, it has become necessary for cryptographic devices to be tamper-proof by advantageous incorporation of features resistive to aforementioned attacks that concede data security.
Not only for smart cards, also for other computational devices such as mobile phones, DPA and DFA attacks area a threat.
Cryptographic algorithms that normally go into the devices mentioned above are usually designed not to reveal their inputs and/or outputs. However, cryptographic keys and computational intermediates of these algorithms may be open to access by an attacker thus revealing the analyze intended and so compromising the security of the cryptographic device involved. Among classes of effective attacks known to be used with such intent, Differential Power Analysis (DPA) and Differential fault analysis (DFA) attacks are recognized as non-physical, non-invasive attacks which can be easily automated and can be mounted without knowing design of the target device. It would be therefore highly desirable to have mechanisms specifically resistive towards said attacks and yet be independent of the hardware involved.
Fundamentally, DPA is a class of attacks allowing extraction of encrypted information/cryptographic keys present on cryptographic devices such as smart cards by analyzing the power consumption of said devices and performing a statistical analysis on the measured data. This type of attack is based on the principle that as the cryptographic processor performs its cryptographic functions, such as encryption or signing, transistors comprising the processor switch on and off, which changes the amount of current drawn from the source supplying power to the processor. The attacker can correlate the current changes with data being processed and thus gain information on the crypto keys being used. In other words, a DPA attack is an exploit based on an analysis of the correlation between the electricity usage of a chip in a smart card and the encryption key it contains. As data is collected by monitoring the power emanations of the device under attack, physical access to the device being attacked is not necessary. In practice, small inductive probes or antennae placed adjacent to the device being attacked are sufficient for implementation of the attack.
DFA, on the other hand, is a type of side channel attack where the principle is to induce faults or unexpected environmental conditions into cryptographic implementations, so as to reveal their internal states. Using DFA attacks, secret keys for cryptographic algorithms can be determined by selectively introducing scattered computation errors in the processor. For example, high temperature, unsupported supply voltage or current, excessively high overclocking, strong electric or magnetic fields, ionizing radiation may be used to influence operation of the processor on-board the cryptographic device which then begins to output incorrect results due to physical data correction thus revealing that the processor is running and details of its internal data state. Effective countermeasures to DPA and/or DFA types of attacks are hence acutely required for security of any product which needs to protect cryptographic keys and other secret information from being leaked.