An Introduction to Side Channel Analysis - SPA, DPA and Timing Attacks

Posted by Ken Cheung in Events, Training on Thursday, August 7, 2008
Implementing a PCI Express 2.0 Solution »
« Cypress Solutions Library

Cryptography Research, Inc. (CRI) will hold a one-day workshop titled, "An Introduction to Side-Channel Analysis, SPA, DPA and Timing Attacks" on August 14, 2008. The event will discuss how to thwart attacks on embedded devices like mobile communication systems. The workshop will take place at the Crowne Plaza Washington DC/Silver Spring Hotel.

Attendees will get up to speed on side-channel attacks, including power analysis attacks such as Simple Power Analysis (SPA), Differential Power Analysis (DPA) and timing analysis. CRI will examine practical design approaches to countering power analysis threats and review the state of associated U.S. and international security evaluation certifications, such as U.S. Federal Information Processing Standard (FIPS) 140-3 and Common Criteria.

Side-channel vulnerabilities — including SPA, DPA and timing attacks — are well known in the smart card industry and becoming increasingly recognized as powerful threats to tamper-resistant devices and embedded systems. Vulnerable devices can be exploited by attackers to counterfeit digital cash, duplicate ID cards, pirate digital content or mount other attacks.

Participants will also have the opportunity to perform hands-on exercises, including simulating a timing attack and using SPA to interpret power traces, as well as recover a simulated PIN. CRI will also demonstrate a live DPA attack using the DPA Workstation[TM].

The prime audiences for the workshop include developers and architects of hardware and software security products, as well as evaluators and technical writers of requirements for tamper resistant products. Technologists designing and testing tamper resistant systems for consumer products, financial systems, anti-piracy/conditional access systems, or government/defense applications are encouraged to attend.

Agenda

Session 1: Timing Attacks & Simple Power Analysis (SPA)

  • Introduction to timing attacks
  • Interactive PIN verify attack using timing leak
  • Introduction to SPA
  • Interactive PIN verify attack using SPA
  • SPA waveform analysis exercise

Session 2: Differential Power Analysis (DPA)

  • Introduction to DPA
  • Demo: DPA attack on embedded microcontroller
  • Overview of advanced DPA topics

Session 3: Hands-on SPA Analysis

  • Introduction to DPA Workstation
  • Hands-on exercise: Recover an RSA exponent using SPA

Session 4: Countermeasures & Certification Issues

  • SPA/DPA countermeasures
  • Specifying and certifying DPA resistance

More info: CRI Side Channel Analysis Workshop

If you found this page useful, bookmark and share it on:

Implementing a PCI Express 2.0 Solution »
« Cypress Solutions Library

Possibly of Interest

 
EDA Blog Newsletter
Don't have time to visit EDA Blog everyday? Then sign up for our free newsletter. We'll send you an email when we have something to share with you. Your email address will be kept confidential and we will not share, sell, or rent it to anyone. You can unsubscribe at any time by clicking a link in the email.

Enter your email address to sign up for our free newsletter:   

If you are familiar with RSS feeds, you can also sign up for our free blog feed. Our RSS feed is updated in real-time while our newsletter is updated daily.