SlideShare a Scribd company logo

Dpa attacks by piyush mittal (211 cs2281)

Download as PPT, PDF
Piyush Mittal
Piyush Mittal
Technology
1 of 18
DPA ATTACKS SECURITY (Differential Power Analysis) Presented by- Piyush Mittal (211CS2281) Information Security Computer Science and 01/24/13 Engineering Department 1
2 National Institute of Technology, Rourkela 01/24/13 Overview Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. There exists methods for analyzing power consumption measurements to find secret keys from devices.
3 National Institute of Technology, Rourkela 01/24/13 Introduction to Power Analysis Most modern cryptographic devices are implemented using semiconductor logic gates, which are constructed out of transistors. Electrons flow across the silicon substrate when charge is applied to (or removed from) a transistor's gate, consuming power and produces electromagnetic radiation.
4 National Institute of Technology, Rourkela 01/24/13 Simple Power Analysis (SPA) SPA is a technique that involves directly interpreting power consumption measurements collected during cryptographic operations. SPA can yield information about a device's operation as well as key material. A trace refers to a set of power consumption measurements taken across a cryptographic operation. For example, a 1 millisecond operation sampled at 5 MHz yields a trace containing 5000 points.
5 National Institute of 01/24/13 Technology, Rourkela Figure 1 shows an SPA trace from a typical smart card as it performs a DES operation. Note that the 16 DES rounds are clearly visible. Figure 1: SPA trace showing an entire DES operation.
6 National Institute of Technology, Rourkela 01/24/13 Figure 2 is a more detailed view of the same trace showing the second and third rounds of a DES encryption operation. Many details of the DES operation are now visible. For example, the 28-bit DES key registers C and D are rotated once in round 2 (lef t arrow) and twice in round 3 (right arrows). In Figure 2, small variations between the rounds just can be perceived. Figure 2: SPA trace showing DES rounds 2 and 3.
7 National Institute of Technology, Rourkela 01/24/13 Figure 3 shows even higher resolution views of the trace showing power consumption through two regions, each of seven clock cycles at 3.5714 MHz. The visible variations between clock cycles result primarily from differences in the power consumption of different microprocessor instructions. The upper trace in Figure 3 shows the execution path through an SPA feature where a jump instruction is performed, and the lower trace shows a case where the jump is not taken. The point of divergence is at clock cycle 6 and is clearly visible.
8 National Institute of 01/24/13 Technology, Rourkela Figure 3: SPA trace showing individual clock cycles.
9 National Institute of Technology, Rourkela 01/24/13 Differential Power Analysis(DPA) of DES In addition to large-scale power variations due to the instruction sequence, there are effects correlated to data values being manipulated. These variations tend to be smaller and are sometimes overshadowed by measurement errors and other noise. But even in such cases, it is still often possible to break the system using statistical functions tailored to the target algorithm.
10 National Institute of Technology, Rourkela 01/24/13 Example : The DPA selection function D(C, b,Ks) is defined as computing the value of bit 0≤ b ≤ 32 of the DES intermediate L at the beginning of the 16th round for ciphertext C, where the 6 key bits entering the S box corresponding to bit b are represented by 0 ≤ Ks ≤ 26. To implement the DPA attack, an attacker first observes m encryption operations and captures power traces T1…m[1..k] containing k samples each. In addition, the attacker records the ciphertexts C1..m. No knowledge of the plaintext is required.
11 National Institute of Technology, Rourkela 01/24/13 DPA analysis uses power consumption measurements to determine whether a key block guess Ks is correct. The attacker computes a k-sample differential trace ∆D[1..k] by finding the difference between the average of the traces for which D(C, b,Ks) is one and the average of the traces for which D(C, b,Ks) is zero. Thus D[j] is the average over C1..m of the effect due to the value represented by the selection function D on the power consumption measurements at point j.
12 National Institute of 01/24/13 Technology, Rourkela If Ks Is incorrect, If Ks incorrect, the bit computed using D will differ from the actual target bit for about half of the ciphertexts Ci. The selection function D(C, b,Ks) is thus effectively uncorrelated to what was actually computed by the target device. If KS is correct, however, the computed value for D(C, b,Ks) will equal the actual value of target bit b with probability 1. The selection function is thus correlated to the value of the bit manipulated in the 16th round.
13 01/24/13 National Institute of Technology, Rourkela • The correct value of Ks can be identified from the spikes in its differential trace. • Four values of b correspond to each S box, providing conformation of key block guesses. Finding all eight Ks yields the entire 48-bit round sub key. The remaining 8 key bits can be found easily using exhaustive search .
14 National Institute of 01/24/13 Technology, Rourkela Figure 4 shows four traces prepared using known plaintexts entering a DES encryption function on smart card. On top is the reference power trace showing the average power consumption during DES operations. Below are three differential traces, where the first was produced using a correct guess for Ks. The lower two traces were produced using incorrect values for Ks. Figure 4: DPA traces, one correct and two incorrect, with power reference.
15 National Institute of 01/24/13 Technology, Rourkela Preventing DPA A first approach is to reduce signal sizes, such as by using constant execution path code, choosing operations that leak less information in their power consumption. A second approach involves introducing noise into power consumption measurements. Like signal size reductions, adding noise increases the number of samples required for an attack, possibly to an infeasible-large number. In addition, execution timing and order can be randomized.
16 National Institute of Technology, Rourkela 01/24/13 CONCLUSIONS AND FUTURE WORKS Power analysis techniques are of great concern because a very large number of vulnerable products are deployed. The attacks are easy to implement, have a very low cost per device. DPA automatically locates correlated regions in a device's power consumption, the attack can be automated and little or no information about the target implementation is required. DPA highlights the need for people who design algorithms, protocols, software, and hardware to work closely together when producing security products.
17 National Institute of Technology, Rourkela 01/24/13 REFERENCES Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis” , http://www.cryptography.com National Bureau of Standards, Data Encryption Standard," Federal Information Processing Standards Publication 46, January 1977.
18 National Institute of Technology, Rourkela 01/24/13 Any Suggestions? For more information please visit- www.piyushmittal.in

Recommended

Self Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOMSelf Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOMIDES Editor
 
Digital watermarking with a new algorithm
Digital watermarking with a new algorithmDigital watermarking with a new algorithm
Digital watermarking with a new algorithmeSAT Journals
 
Digital watermarking with a new algorithm
Digital watermarking with a new algorithmDigital watermarking with a new algorithm
Digital watermarking with a new algorithmeSAT Publishing House
 
Modified Koblitz Encoding Method for ECC
Modified Koblitz Encoding Method for ECCModified Koblitz Encoding Method for ECC
Modified Koblitz Encoding Method for ECCidescitation
 
Localization for wireless sensor
Localization for wireless sensorLocalization for wireless sensor
Localization for wireless sensorIJCNCJournal
 
Comparison of SVD & Pseudo Random Sequence based methods of Image Watermarking
Comparison of SVD & Pseudo Random Sequence based methods of Image WatermarkingComparison of SVD & Pseudo Random Sequence based methods of Image Watermarking
Comparison of SVD & Pseudo Random Sequence based methods of Image Watermarkingijsrd.com
 
Faulty node recovery and replacement algorithm for wireless sensor network
Faulty node recovery and replacement algorithm for wireless sensor networkFaulty node recovery and replacement algorithm for wireless sensor network
Faulty node recovery and replacement algorithm for wireless sensor networkprjpublications
 
Application scenarios in streaming oriented embedded-system design
Application scenarios in streaming oriented embedded-system designApplication scenarios in streaming oriented embedded-system design
Application scenarios in streaming oriented embedded-system designMr. Chanuwan
 

Recommended

Self Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOMSelf Attested Images for Secured Transactions using Superior SOM
Self Attested Images for Secured Transactions using Superior SOMIDES Editor
 
Digital watermarking with a new algorithm
Digital watermarking with a new algorithmDigital watermarking with a new algorithm
Digital watermarking with a new algorithmeSAT Journals
 
Digital watermarking with a new algorithm
Digital watermarking with a new algorithmDigital watermarking with a new algorithm
Digital watermarking with a new algorithmeSAT Publishing House
 
Modified Koblitz Encoding Method for ECC
Modified Koblitz Encoding Method for ECCModified Koblitz Encoding Method for ECC
Modified Koblitz Encoding Method for ECCidescitation
 
Localization for wireless sensor
Localization for wireless sensorLocalization for wireless sensor
Localization for wireless sensorIJCNCJournal
 
Comparison of SVD & Pseudo Random Sequence based methods of Image Watermarking
Comparison of SVD & Pseudo Random Sequence based methods of Image WatermarkingComparison of SVD & Pseudo Random Sequence based methods of Image Watermarking
Comparison of SVD & Pseudo Random Sequence based methods of Image Watermarkingijsrd.com
 
Faulty node recovery and replacement algorithm for wireless sensor network
Faulty node recovery and replacement algorithm for wireless sensor networkFaulty node recovery and replacement algorithm for wireless sensor network
Faulty node recovery and replacement algorithm for wireless sensor networkprjpublications
 
Application scenarios in streaming oriented embedded-system design
Application scenarios in streaming oriented embedded-system designApplication scenarios in streaming oriented embedded-system design
Application scenarios in streaming oriented embedded-system designMr. Chanuwan
 
Aj03102230224
Aj03102230224Aj03102230224
Aj03102230224ijceronline
 
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...ijsrd.com
 
Energy efficient protocol in wsn WITH ACO
Energy efficient protocol in wsn WITH ACOEnergy efficient protocol in wsn WITH ACO
Energy efficient protocol in wsn WITH ACONeelam Choudhary
 
Performance evaluation of energy
Performance evaluation of energyPerformance evaluation of energy
Performance evaluation of energyijp2p
 
Ec36783787
Ec36783787Ec36783787
Ec36783787IJERA Editor
 
LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.
LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.
LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.International Journal of Technical Research & Application
 
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...csandit
 
A Secured Approach to Visual Cryptographic Biometric Template
A Secured Approach to Visual Cryptographic Biometric TemplateA Secured Approach to Visual Cryptographic Biometric Template
A Secured Approach to Visual Cryptographic Biometric TemplateIDES Editor
 
International Journal of Computational Engineering Research (IJCER)
International Journal of Computational Engineering Research (IJCER) International Journal of Computational Engineering Research (IJCER)
International Journal of Computational Engineering Research (IJCER) ijceronline
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis AttacksLee Stewart
 
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...sipij
 
A robust combination of dwt and chaotic function for image watermarking
A robust combination of dwt and chaotic function for image watermarkingA robust combination of dwt and chaotic function for image watermarking
A robust combination of dwt and chaotic function for image watermarkingijctet
 
72
7272
72srimoorthi
 
92 97
92 9792 97
92 97Editor IJARCET
 
Digital Implementation of Artificial Neural Network for Function Approximatio...
Digital Implementation of Artificial Neural Network for Function Approximatio...Digital Implementation of Artificial Neural Network for Function Approximatio...
Digital Implementation of Artificial Neural Network for Function Approximatio...IOSR Journals
 
Lip recognition
Lip recognition Lip recognition
Lip recognition Piyush Mittal
 
Parallel aes implementation
Parallel aes implementationParallel aes implementation
Parallel aes implementationPiyush Mittal
 
Cheiloscopy main/ dental implant courses
Cheiloscopy main/ dental implant coursesCheiloscopy main/ dental implant courses
Cheiloscopy main/ dental implant coursesIndian dental academy
 
Lip print
Lip printLip print
Lip printDr. Hanjala
 
Bitemarks
BitemarksBitemarks
BitemarksDipika Bumb, Indian Cancer Society, New Delhi
 
Basics of Coding Theory
Basics of Coding TheoryBasics of Coding Theory
Basics of Coding TheoryPiyush Mittal
 
Forensic Odontology Dentistry
Forensic Odontology DentistryForensic Odontology Dentistry
Forensic Odontology Dentistrydrkhalidaboalshamat
 

More Related Content

What's hot

A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...ijsrd.com
 
Energy efficient protocol in wsn WITH ACO
Energy efficient protocol in wsn WITH ACOEnergy efficient protocol in wsn WITH ACO
Energy efficient protocol in wsn WITH ACONeelam Choudhary
 
Performance evaluation of energy
Performance evaluation of energyPerformance evaluation of energy
Performance evaluation of energyijp2p
 
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...csandit
 
A Secured Approach to Visual Cryptographic Biometric Template
A Secured Approach to Visual Cryptographic Biometric TemplateA Secured Approach to Visual Cryptographic Biometric Template
A Secured Approach to Visual Cryptographic Biometric TemplateIDES Editor
 
International Journal of Computational Engineering Research (IJCER)
International Journal of Computational Engineering Research (IJCER) International Journal of Computational Engineering Research (IJCER)
International Journal of Computational Engineering Research (IJCER) ijceronline
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis AttacksLee Stewart
 
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...sipij
 
A robust combination of dwt and chaotic function for image watermarking
A robust combination of dwt and chaotic function for image watermarkingA robust combination of dwt and chaotic function for image watermarking
A robust combination of dwt and chaotic function for image watermarkingijctet
 
Digital Implementation of Artificial Neural Network for Function Approximatio...
Digital Implementation of Artificial Neural Network for Function Approximatio...Digital Implementation of Artificial Neural Network for Function Approximatio...
Digital Implementation of Artificial Neural Network for Function Approximatio...IOSR Journals
 

What's hot (15)

Aj03102230224
Aj03102230224Aj03102230224
Aj03102230224
 
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...
A Routing-Driven Elliptic Curve Cryptography Based Key Management Scheme for ...
 
Energy efficient protocol in wsn WITH ACO
Energy efficient protocol in wsn WITH ACOEnergy efficient protocol in wsn WITH ACO
Energy efficient protocol in wsn WITH ACO
 
Performance evaluation of energy
Performance evaluation of energyPerformance evaluation of energy
Performance evaluation of energy
 
Ec36783787
Ec36783787Ec36783787
Ec36783787
 
LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.
LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.
LSB & DWT BASED DIGITAL WATERMARKING SYSTEM FOR VIDEO AUTHENTICATION.
 
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...
NEURAL NETWORKS FOR HIGH PERFORMANCE TIME-DELAY ESTIMATION AND ACOUSTIC SOURC...
 
A Secured Approach to Visual Cryptographic Biometric Template
A Secured Approach to Visual Cryptographic Biometric TemplateA Secured Approach to Visual Cryptographic Biometric Template
A Secured Approach to Visual Cryptographic Biometric Template
 
International Journal of Computational Engineering Research (IJCER)
International Journal of Computational Engineering Research (IJCER) International Journal of Computational Engineering Research (IJCER)
International Journal of Computational Engineering Research (IJCER)
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis Attacks
 
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...
A DWT based Dual Image Watermarking Technique for Authenticity and Watermark ...
 
A robust combination of dwt and chaotic function for image watermarking
A robust combination of dwt and chaotic function for image watermarkingA robust combination of dwt and chaotic function for image watermarking
A robust combination of dwt and chaotic function for image watermarking
 
72
7272
72
 
92 97
92 9792 97
92 97
 
Digital Implementation of Artificial Neural Network for Function Approximatio...
Digital Implementation of Artificial Neural Network for Function Approximatio...Digital Implementation of Artificial Neural Network for Function Approximatio...
Digital Implementation of Artificial Neural Network for Function Approximatio...
 

Viewers also liked

Parallel aes implementation
Parallel aes implementationParallel aes implementation
Parallel aes implementationPiyush Mittal
 
Cheiloscopy main/ dental implant courses
Cheiloscopy main/ dental implant coursesCheiloscopy main/ dental implant courses
Cheiloscopy main/ dental implant coursesIndian dental academy
 
Basics of Coding Theory
Basics of Coding TheoryBasics of Coding Theory
Basics of Coding TheoryPiyush Mittal
 

Viewers also liked (8)

Lip recognition
Lip recognition Lip recognition
Lip recognition
 
Parallel aes implementation
Parallel aes implementationParallel aes implementation
Parallel aes implementation
 
Cheiloscopy main/ dental implant courses
Cheiloscopy main/ dental implant coursesCheiloscopy main/ dental implant courses
Cheiloscopy main/ dental implant courses
 
Lip print
Lip printLip print
Lip print
 
Bitemarks
BitemarksBitemarks
Bitemarks
 
Basics of Coding Theory
Basics of Coding TheoryBasics of Coding Theory
Basics of Coding Theory
 
Forensic Odontology Dentistry
Forensic Odontology DentistryForensic Odontology Dentistry
Forensic Odontology Dentistry
 
FORENSIC ODONTOLOGY ppt
FORENSIC ODONTOLOGY pptFORENSIC ODONTOLOGY ppt
FORENSIC ODONTOLOGY ppt
 

Similar to Dpa attacks by piyush mittal (211 cs2281)

Introduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusIntroduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusRambus
 
54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-project54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-projectveenanandkakarla
 
Multivariate dimensionality reduction in cross-correlation analysis
Multivariate dimensionality reduction in cross-correlation analysis Multivariate dimensionality reduction in cross-correlation analysis
Multivariate dimensionality reduction in cross-correlation analysis ivanokitov
 
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...ijp2p
 
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...ijp2p
 
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...ijp2p
 
A COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGN
A COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGNA COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGN
A COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGNVLSICS Design
 
Algorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systemsAlgorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systemsJigisha Aryya
 
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...Onyebuchi nosiri
 
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...Onyebuchi nosiri
 
High Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code ModulationHigh Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code ModulationMangaiK4
 
High Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code ModulationHigh Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code ModulationMangaiK4
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) ijceronline
 
Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...TELKOMNIKA JOURNAL
 
Design and Implementation of an Embedded System for Software Defined Radio
Design and Implementation of an Embedded System for Software Defined RadioDesign and Implementation of an Embedded System for Software Defined Radio
Design and Implementation of an Embedded System for Software Defined RadioIJECEIAES
 
Performance evaluation of various routing techniques in wireless multimedia
Performance evaluation of various routing techniques in wireless multimediaPerformance evaluation of various routing techniques in wireless multimedia
Performance evaluation of various routing techniques in wireless multimediaIAEME Publication
 

Similar to Dpa attacks by piyush mittal (211 cs2281) (20)

Introduction to differential power analysis - Rambus
Introduction to differential power analysis - RambusIntroduction to differential power analysis - Rambus
Introduction to differential power analysis - Rambus
 
54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-project54522002 triple-des-vhdl-project
54522002 triple-des-vhdl-project
 
Ijcnc050207
Ijcnc050207Ijcnc050207
Ijcnc050207
 
Multivariate dimensionality reduction in cross-correlation analysis
Multivariate dimensionality reduction in cross-correlation analysis Multivariate dimensionality reduction in cross-correlation analysis
Multivariate dimensionality reduction in cross-correlation analysis
 
M.sc. m kamel
M.sc. m kamelM.sc. m kamel
M.sc. m kamel
 
C010321217
C010321217C010321217
C010321217
 
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
 
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
 
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
PERFORMANCE EVALUATION OF ENERGY EFFICIENT CLUSTERING PROTOCOL FOR CLUSTER HE...
 
A COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGN
A COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGNA COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGN
A COMPARATIVE STUDY OF ULTRA-LOW VOLTAGE DIGITAL CIRCUIT DESIGN
 
Algorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systemsAlgorithm selection for sorting in embedded and mobile systems
Algorithm selection for sorting in embedded and mobile systems
 
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
 
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
Adaptive Monitoring and Localization of Faulty Node in a Wireless Sensor Netw...
 
Final PPT.pptx
Final PPT.pptxFinal PPT.pptx
Final PPT.pptx
 
High Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code ModulationHigh Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
 
High Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code ModulationHigh Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
High Speed Low-Power Viterbi Decoder Using Trellis Code Modulation
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...Power analysis attack against encryption devices: a comprehensive analysis of...
Power analysis attack against encryption devices: a comprehensive analysis of...
 
Design and Implementation of an Embedded System for Software Defined Radio
Design and Implementation of an Embedded System for Software Defined RadioDesign and Implementation of an Embedded System for Software Defined Radio
Design and Implementation of an Embedded System for Software Defined Radio
 
Performance evaluation of various routing techniques in wireless multimedia
Performance evaluation of various routing techniques in wireless multimediaPerformance evaluation of various routing techniques in wireless multimedia
Performance evaluation of various routing techniques in wireless multimedia
 

More from Piyush Mittal

Design pattern tutorial
Design pattern tutorialDesign pattern tutorial
Design pattern tutorialPiyush Mittal
 
Intro to parallel computing
Intro to parallel computingIntro to parallel computing
Intro to parallel computingPiyush Mittal
 
Cuda toolkit reference manual
Cuda toolkit reference manualCuda toolkit reference manual
Cuda toolkit reference manualPiyush Mittal
 
Matrix multiplication using CUDA
Matrix multiplication using CUDAMatrix multiplication using CUDA
Matrix multiplication using CUDAPiyush Mittal
 
Google app engine cheat sheet
Google app engine cheat sheetGoogle app engine cheat sheet
Google app engine cheat sheetPiyush Mittal
 
oracle 9i cheat sheet
oracle 9i cheat sheetoracle 9i cheat sheet
oracle 9i cheat sheetPiyush Mittal
 
Open ssh cheet sheat
Open ssh cheet sheatOpen ssh cheet sheat
Open ssh cheet sheatPiyush Mittal
 

More from Piyush Mittal (20)

Power mock
Power mockPower mock
Power mock
 
Design pattern tutorial
Design pattern tutorialDesign pattern tutorial
Design pattern tutorial
 
Reflection
ReflectionReflection
Reflection
 
Gpu archi
Gpu archiGpu archi
Gpu archi
 
Cuda Architecture
Cuda ArchitectureCuda Architecture
Cuda Architecture
 
Intel open mp
Intel open mpIntel open mp
Intel open mp
 
Intro to parallel computing
Intro to parallel computingIntro to parallel computing
Intro to parallel computing
 
Cuda toolkit reference manual
Cuda toolkit reference manualCuda toolkit reference manual
Cuda toolkit reference manual
 
Matrix multiplication using CUDA
Matrix multiplication using CUDAMatrix multiplication using CUDA
Matrix multiplication using CUDA
 
Channel coding
Channel codingChannel coding
Channel coding
 
Java cheat sheet
Java cheat sheetJava cheat sheet
Java cheat sheet
 
Google app engine cheat sheet
Google app engine cheat sheetGoogle app engine cheat sheet
Google app engine cheat sheet
 
Git cheat sheet
Git cheat sheetGit cheat sheet
Git cheat sheet
 
Vi cheat sheet
Vi cheat sheetVi cheat sheet
Vi cheat sheet
 
Css cheat sheet
Css cheat sheetCss cheat sheet
Css cheat sheet
 
Cpp cheat sheet
Cpp cheat sheetCpp cheat sheet
Cpp cheat sheet
 
Ubuntu cheat sheet
Ubuntu cheat sheetUbuntu cheat sheet
Ubuntu cheat sheet
 
Php cheat sheet
Php cheat sheetPhp cheat sheet
Php cheat sheet
 
oracle 9i cheat sheet
oracle 9i cheat sheetoracle 9i cheat sheet
oracle 9i cheat sheet
 
Open ssh cheet sheat
Open ssh cheet sheatOpen ssh cheet sheat
Open ssh cheet sheat
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Dpa attacks by piyush mittal (211 cs2281)

  • 1. DPA ATTACKS SECURITY (Differential Power Analysis) Presented by- Piyush Mittal (211CS2281) Information Security Computer Science and 01/24/13 Engineering Department 1
  • 2. 2 National Institute of Technology, Rourkela 01/24/13 Overview Cryptosystem designers frequently assume that secrets will be manipulated in closed, reliable computing environments. Unfortunately, actual computers and microchips leak information about the operations they process. There exists methods for analyzing power consumption measurements to find secret keys from devices.
  • 3. 3 National Institute of Technology, Rourkela 01/24/13 Introduction to Power Analysis Most modern cryptographic devices are implemented using semiconductor logic gates, which are constructed out of transistors. Electrons flow across the silicon substrate when charge is applied to (or removed from) a transistor's gate, consuming power and produces electromagnetic radiation.
  • 4. 4 National Institute of Technology, Rourkela 01/24/13 Simple Power Analysis (SPA) SPA is a technique that involves directly interpreting power consumption measurements collected during cryptographic operations. SPA can yield information about a device's operation as well as key material. A trace refers to a set of power consumption measurements taken across a cryptographic operation. For example, a 1 millisecond operation sampled at 5 MHz yields a trace containing 5000 points.
  • 5. 5 National Institute of 01/24/13 Technology, Rourkela Figure 1 shows an SPA trace from a typical smart card as it performs a DES operation. Note that the 16 DES rounds are clearly visible. Figure 1: SPA trace showing an entire DES operation.
  • 6. 6 National Institute of Technology, Rourkela 01/24/13 Figure 2 is a more detailed view of the same trace showing the second and third rounds of a DES encryption operation. Many details of the DES operation are now visible. For example, the 28-bit DES key registers C and D are rotated once in round 2 (lef t arrow) and twice in round 3 (right arrows). In Figure 2, small variations between the rounds just can be perceived. Figure 2: SPA trace showing DES rounds 2 and 3.
  • 7. 7 National Institute of Technology, Rourkela 01/24/13 Figure 3 shows even higher resolution views of the trace showing power consumption through two regions, each of seven clock cycles at 3.5714 MHz. The visible variations between clock cycles result primarily from differences in the power consumption of different microprocessor instructions. The upper trace in Figure 3 shows the execution path through an SPA feature where a jump instruction is performed, and the lower trace shows a case where the jump is not taken. The point of divergence is at clock cycle 6 and is clearly visible.
  • 8. 8 National Institute of 01/24/13 Technology, Rourkela Figure 3: SPA trace showing individual clock cycles.
  • 9. 9 National Institute of Technology, Rourkela 01/24/13 Differential Power Analysis(DPA) of DES In addition to large-scale power variations due to the instruction sequence, there are effects correlated to data values being manipulated. These variations tend to be smaller and are sometimes overshadowed by measurement errors and other noise. But even in such cases, it is still often possible to break the system using statistical functions tailored to the target algorithm.
  • 10. 10 National Institute of Technology, Rourkela 01/24/13 Example : The DPA selection function D(C, b,Ks) is defined as computing the value of bit 0≤ b ≤ 32 of the DES intermediate L at the beginning of the 16th round for ciphertext C, where the 6 key bits entering the S box corresponding to bit b are represented by 0 ≤ Ks ≤ 26. To implement the DPA attack, an attacker first observes m encryption operations and captures power traces T1…m[1..k] containing k samples each. In addition, the attacker records the ciphertexts C1..m. No knowledge of the plaintext is required.
  • 11. 11 National Institute of Technology, Rourkela 01/24/13 DPA analysis uses power consumption measurements to determine whether a key block guess Ks is correct. The attacker computes a k-sample differential trace ∆D[1..k] by finding the difference between the average of the traces for which D(C, b,Ks) is one and the average of the traces for which D(C, b,Ks) is zero. Thus D[j] is the average over C1..m of the effect due to the value represented by the selection function D on the power consumption measurements at point j.
  • 12. 12 National Institute of 01/24/13 Technology, Rourkela If Ks Is incorrect, If Ks incorrect, the bit computed using D will differ from the actual target bit for about half of the ciphertexts Ci. The selection function D(C, b,Ks) is thus effectively uncorrelated to what was actually computed by the target device. If KS is correct, however, the computed value for D(C, b,Ks) will equal the actual value of target bit b with probability 1. The selection function is thus correlated to the value of the bit manipulated in the 16th round.
  • 13. 13 01/24/13 National Institute of Technology, Rourkela • The correct value of Ks can be identified from the spikes in its differential trace. • Four values of b correspond to each S box, providing conformation of key block guesses. Finding all eight Ks yields the entire 48-bit round sub key. The remaining 8 key bits can be found easily using exhaustive search .
  • 14. 14 National Institute of 01/24/13 Technology, Rourkela Figure 4 shows four traces prepared using known plaintexts entering a DES encryption function on smart card. On top is the reference power trace showing the average power consumption during DES operations. Below are three differential traces, where the first was produced using a correct guess for Ks. The lower two traces were produced using incorrect values for Ks. Figure 4: DPA traces, one correct and two incorrect, with power reference.
  • 15. 15 National Institute of 01/24/13 Technology, Rourkela Preventing DPA A first approach is to reduce signal sizes, such as by using constant execution path code, choosing operations that leak less information in their power consumption. A second approach involves introducing noise into power consumption measurements. Like signal size reductions, adding noise increases the number of samples required for an attack, possibly to an infeasible-large number. In addition, execution timing and order can be randomized.
  • 16. 16 National Institute of Technology, Rourkela 01/24/13 CONCLUSIONS AND FUTURE WORKS Power analysis techniques are of great concern because a very large number of vulnerable products are deployed. The attacks are easy to implement, have a very low cost per device. DPA automatically locates correlated regions in a device's power consumption, the attack can be automated and little or no information about the target implementation is required. DPA highlights the need for people who design algorithms, protocols, software, and hardware to work closely together when producing security products.
  • 17. 17 National Institute of Technology, Rourkela 01/24/13 REFERENCES Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis” , http://www.cryptography.com National Bureau of Standards, Data Encryption Standard," Federal Information Processing Standards Publication 46, January 1977.
  • 18. 18 National Institute of Technology, Rourkela 01/24/13 Any Suggestions? For more information please visit- www.piyushmittal.in

Editor's Notes

  1. National Institute of Technology, Rourkela
  2. National Institute of Technology, Rourkela
  3. National Institute of Technology, Rourkela
  4. National Institute of Technology, Rourkela