As is well known, although there has been an extensive research suggesting that Data Encryption Standard (DES), triple DES, Advanced Encryption Standard (AES), Secure Hash Algorithm (SHA), Rivest Shamir Adleman algorithm (RSA), and other cryptographic algorithms are mathematically strong, these algorithms are not secure against attacks intended to observe their internal computations.
The computations performed for the execution of a cryptographic algorithm can be considered under two different points of view: as abstract mathematical operations parameterized by a secret key for mapping input data onto output data, or as the actual implementation of the mathematical algorithm into a program running on a given processor, in a given environment, and therefore showing specific characteristics dependant on the processor and on the environment wherein the cryptographic algorithm is implemented. The first point of view is known as the classical crypto analysis, and the second one is known as the side-channel crypto analysis.
The side-channel crypto analysis takes advantage of implementation-specific characteristics to recover the secret parameters involved in the computations, i.e. the key of the cryptographic algorithm. Although side-channel crypto analysis is less general than the classical crypto analysis, since the former is related to a given implementation environment, it is often more powerful than the classical crypto analysis, and therefore very seriously considered in the implementation of cryptographic devices.
The power consumption of a cryptographic token, such as a smart card, can provide information, both on the operations performed in the execution of the cryptographic algorithm, and about the secret parameters of the algorithm. As time passes, the energy used by the smart card, which is provided via the terminal pin, can therefore easily be measured for extracting information about the algorithm and its secret parameters.
There are several kinds of attacks to a smart card, or to other cryptographic devices, in order to extract secret information, and as a consequence the security level of the device is compromised. Two classes of attacks have been demonstrated as particularly simple and effective: Differential Power Analysis (DPA) and Simple Power Analysis (SPA). Unlike physical attacks, both SPA and DPA attacks are non-invasive, easily-automated, and can be mounted without knowing the design of the target device.
DPA is a class of attacks allowing the cryptographic analysts to extract the secret keys by analyzing the power consumption of smart cards, or other cryptographic devices, and performing a statistical analysis on the measured data. SPA is a simpler form of attack that does not use any statistical analysis.
There are hardware/software combined countermeasures to defend from such attacks, including techniques for reducing the leakage of information from cryptographic devices, techniques for adding noise to the power consumption measurements (e.g. randomization techniques during the execution of the operations), and techniques for keeping the cryptographic algorithms secure even if running on hardware that does leak information.
As for the software countermeasures, the target is not reducing the signal amplitude on the side channel, but rather making the conveyed information useless by obscuring the internal parameters.