As a digital device operates on data, it will use differing amounts of power depending on the data. As a simple example, setting all the lines of a data bus to ‘1’ (i.e. VCC) will take more power from the VCC rail than setting all the lines to ‘0’ (i.e. GND). The use of this knowledge to break cryptographic devices was proposed by Kocher, P., Jaffe, J., and Jun, B. in ‘Differential power analysis’ published in the proceedings of CRYPTO '99, 1999.
The application of these algorithms requires an Analog-To-Digital (ADC) converter, which digitizes the measurement related to the internal state of the Device Under Test (DUT). An example of a measurement related to the internal state of the DUT is the power being consumed by the DUT. The ADC is driven by a sample clock that determines when samples will be taken. This sample clock is typically a crystal oscillator running a a known rate, for example causing the ADC to sample at 500 million samples per second (MS/s). This sample rate is typically much greater than the clock rate of the digital device—it is demonstrated in ‘Embedded Systems Security: An Evaluation Methodology Against Side Channel Attacks’ by Souissi, Y., Danger, J.-L., Guilley, S., Bhasin, S., and Nassar, M. published in the proceedings of the 2011 Conference in Design and Architectures for Signal and Image Processing (DASIP), that attacking a 24 MHz hardware device may require a sample clock of 1000 MHz (i.e. 1000 MS/s) to successfully determine the internal state of the device.
If the clock of the DUT changes with time, additional work is required to temporally align the measurements. The clock frequency of the DUT may vary due to random changes over time, or it may be varied as a countermeasure to prevent someone from determining the secret information by monitoring the indicator of the internal state, as taught in U.S. Pat. No. 6,381,699. A variety of publications aim to teach methods of solving the problem of a varying clock frequency of the DUT via post-processing the recorded samples, two recent examples are ‘On Clock Frequency Effects in Side Channel Attacks of Symmetric Block Ciphers’ by Tian, Q., and Huss, S. A., published in The Proceedings of the New Technologies, Mobility and Security (NTMS) International Conference in May 2012, and ‘Improving Differential Power Analysis by Elastic Alignment’ by Van Woudenberg, J., Witteman, M., and Bakker, B., Published in proceedings of the Cryptographer's Track at RSA Conference (CT-RSA) 2011.
The injection of glitches can also cause faults in embedded systems. The fault must be carefully timed to occur at a sensitive moment in the operation of the device, for example causing it to skip execution of an instruction which checks for the proper password. The fault can be timed based on a specific pattern in the state indicator measurement performed on the DUT, indicating the DUT is executing some code which a glitch should be inserted into. Performing the measurement of the internal state indicator, such as the current usage by the DUT, must be done at a very high rate to ensure good temporal alignment of the inserted glitch to execution of the sensitive code.