Embedded devices such as those implementing cryptographic services on smart cards have recently come into wide use. A significant advantage in using microcomputers for smart cards is that pass codes or passwords can rarely be stolen directly. However, certain techniques, which fall under the overall category of "tampering", are used to crack these microcomputers. Using these techniques, attackers can obtain valuable information from microcomputers, thus reducing the fundamental mathematical difficulties of solving ciphers. To counter these techniques, we must develop tamper-resistant technology. Two famous tampering techniques are the side-channel attack and the fault attack. A side-channel attack uses information obtained by measuring properties of a microcomputer other than its intended inputs and outputs. Targets for these measurements include power consumption patterns, electromagnetic radiation leakage signals, sound wave signals emitted from the device surface and heat emission patterns, etc.
Some amazing side-channel attacks are based on power consumption analysis. There are two commonly used analysis approaches. Simple Power Analysis guesses the secret key by reading power consumption information, which varies depending on the Hamming weight of the data directly transmitted between registers. Differential Power Analysis guesses data by statistically analyzing the differences in power consumption caused by the different operations.
A fault attack is based on fault analysis of malfunctions deliberately induced by such methods as instantaneous power supply interruption, flashlight exposure, electromagnetic radiation exposure, improper clock injection, ultraviolet laser beam exposure, etc.
For instance, a fault attack may cause a branch to be bypassed, forcing a process to proceed without requesting a password in a password-check program. In some cases, there is a possibility that the register status will be changed to data useful for the attacker's purposes. A further purpose of this attack is to decrease the number of digits in the possible encryption or decryption key that are to be guessed by exhaustive search. Differential Fault Analysis (DFA) is a technique that compares the difference between correct and faulty calculation results.
In this presentation, a DFA technique using an instantaneous power supply interruption to attack a DES (Data Encryption Standard) program installed on a popular microcomputer will be discussed.
Dr. Arimitsu Shikoda was born in Sendai, Japan and is an Associate
Professor at Tohoku Gakuin University in the Department of Engineering
and Electronics Engineering. He received his doctorate in engineering
from Tohoku Gakuin University while working for Iwate Medical
University, where he studied very-high-intensity pulse x-ray systems
from 1990 to 2003. After returning to Tohoku Gakuin University, he
has worked towards popularizing open-source software in education.
His recent research is about microcomputer-related security for
tamper-resistant technology.
Dr. Shikoda is a member of the IEEE (Education Society, Computer
Society), The Institute of Electronics, Information and Communication
Engineers (IEICE), and The Japan Society of Applied Physics (JSAP).