Differential Power Analysis of Smartcards

How secure is your private information?

Author: Ryan JuneeSupervisor: Matt Barrie

1. Project GoalsTo illustrate a dangerous weakness in cryptographic smartcards

and microprocessors - private information can be leaked through power usage (and other side channels).

1. Construct a system to acquire a large number of power traces from a smartcard or microprocessor.

2. Analyse captured power traces and search for leaked information.

3. Recover secret key information from a smartcard or microprocessor.

4. Suggest ways of preventing such power analysis attacks.

5. Discuss legal, political and commercial ramifications of this work.

2. Smartcard Technology

• Several varieties of smartcards exist:– Simple memory cards– Cards with a microprocessor and file system– Cards with a cryptographic coprocessor– Even cards that run a Java virtual machine

• Smartcards run an operating system that may allow additional programs to be loaded on to the card. The two most widely used operating systems are MULTOS and JavaCard.

• Smartcards conform to the ISO7816 standard which specifies physical and electrical characteristics.

• Other high level standards exist such as EMV which covers smartcards used in payment systems.

3. Smartcard Applications

• Smartcards have been used overseas for many years (especially in Europe), for applications such as healthcare and transport ticketing.

• Smartcard usage is growing, recent applications include:– Credit cards and payment systems

(ANZ First, American Express Blue etc).– Personal identity cards – SMARTICS is

currently being rolled out in Hong Kong, every citizen will be issued with a card containing identity information, and third party data.

– Phone cards, building access cards, computer access cards…

4. Power Analysis Attacks

• Microprocessor-based devices, such as smartcards, consume different amounts of power depending on the instructions executed.

• This is due to the switching current drawn by the transistors along the logic path of each instruction.

• It is possible to discover the algorithms used inside smartcards by examining power traces (Simple Power Analysis).

• More sophisticated statistical techniques exist that can recover secret key material

from cryptographic smartcards (Differential Power Analysis).

5. Example – DES Encryption

• Many cryptographic smartcards use the DES encryption algorithm to securely store sensitive information.

• DES takes a 64-bit plaintext input and a 56-bit key, and produces a 64-bit ciphertext output.

• The algorithm performs an initial permutation of the plaintext, followed by 16 feistel rounds, and finally an inverse permutation to produce the ciphertext.

• We observe the encryption operation to try and discover the secret key.

6. Equipment Setup• For demonstration purposes, a PIC microprocessor is

examined as it allows direct access to the source code.• Smartcards use general purpose microprocessors so

the results shown here also apply to smartcards.

PIC running DES encryptions

High Precision CRO

Computer controls CRO and stores

acquired waveforms

7. Simple Power Analysis

• A single power trace shows some characteristics of the algorithm.• DES rounds are not easily observable at this macro level.

8. Simple Power Analysis

• Zooming in on a single DES round, the algorithm is now readily observable.

• Thus SPA can be used to discover the hidden implementation details of smartcards and other microprocessor-based devices.

9. Differential Power Analysis

• The effect of an individual key bit can be observed in a differential trace. Several regular peaks are visible at the start, large peaks are visible at the end.

Differential trace of two encryptions with the same key

Two encryptions with a different key (one bit different)

10. Commercial Ramifications

• Given that information is leaked through power analysis, smartcards can NOT be assumed safe and tamper resistant.

• It is not recommended that smartcards be used in applications that require high security, such as banking, personal identification, building security etc.

• Recent smartcards are addressing the problem of power analysis attacks and implement protection measures. It has not yet been ascertained if these measures are sufficient.

11. Conclusions• Simple power analysis can be used to identify macro

characteristics of algorithms used within smartcards and microprocessors. This allows discovery of hidden implementation details, and reverse engineering.

• Differential power analysis can be used to recover specific information such as the individual bits in a secret key.

• Specific protection measures must be implemented in all new smartcards, to ensure that information is not leaked via power consumption and other side channels.