Many applications and devices rely on embedded cryptosystems to provide security for an application and its associated data. These cryptosystems are often targets of individuals attempting to gain access to the applications or devices themselves or attempting to gather information being used by the application (e.g., credit card numbers, cryptographic keys, etc.). Early attacks on cryptosystems focused on the weaknesses of cryptographic algorithms. For example, in plaintext attacks, attackers feed known plaintext into a cryptosystem and analyze the generated ciphertext to gather information about the cryptographic algorithm being used.
As the industry developed countermeasures against these algorithm attacks, a different style of attacks emerged that focused on the physical implementation of the cryptosystem. Referred to as side channel attacks, these attacks attempt to derive sensitive information (e.g., cryptographic key) by monitoring physical characteristics of the cryptosystem such as timing information or power consumption by the system.
A timing attack measures the amount of time it takes for a cryptographic system to perform certain operations. These measurements may be analyzed to derive information about the secret keys used in the operations. For example, Diffie-Hellman and RSA operations consist of computing R=yx mod n, where n is publicly available and y can be obtained (or even provided) by the attacker. The goal of a timing attack is to determine x or information that can lead to determining x, the secret key. Because the secret key remains constant, the attack varies the input y and monitors how long the cryptosystem takes to respond to y.
Power attacks monitor the power consumption (e.g., current draw) of the system while performing cryptographic operations. The amount of power consumed by a cryptosystem varies depending on the operations being performed. Additionally, an operation or sequence of operations may have a characteristic current or power profile. For example, power analysis may be used identify multiplication and squaring operations used in RSA and permutations and shifts used in DES, each of which have a known power signature. Thus, even a simple power attack can reveal the sequence of instructions being executed. Systems in which the execution path depends on the data being processed are particularly vulnerable to these types of attacks.
Differential power analysis (DPA) attacks are much more sophisticated and harder to prevent. These attacks combine the power measurements of basic power analysis attacks with statistical analysis to obtain information about secret keys being used in operations. In a DPA attack, a large number of test vectors (e.g., thousands of vectors) may be run through the cryptosystem. A statistical tool is then used to correlate potential values with the collected power consumption measurements. Algorithms utilizing modular exponentiation operations are particularly vulnerable to DPA attacks.
What is therefore needed are systems and methods for preventing these sophistical forms of side-channel attacks.
The present invention will now be described with reference to the accompanying drawings. In the drawings, like reference numbers can indicate identical or functionally similar elements. Additionally, the left-most digit(s) of a reference number may identify the drawing in which the reference number first appears.