Re: Side Channel Attacks - inside out
From: Stefan Tillich (stefanti_at_gmx.at)
Date: 07/12/05
- Next message: Michel Gallant: "Re: How to verify a SignedData (CMS, RFC3369) object?"
- Previous message: Tom St Denis: "Re: The factoring problem"
- In reply to: Guillaume L.: "Re: Side Channel Attacks - inside out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Jul 2005 20:09:15 +0200
Guillaume L. schrieb:
> On Tue, 12 Jul 2005 18:39:38 +0200, Stefan Tillich <stefanti@gmx.at> wrote :
>
>
>>Guillaume L. schrieb:
>
>
>>>I don't know if all SCA coutermeasures introduce vulnerabilities, but FA is
>>>an attack which works quite efficiently against most of them. I mean, if
>>>you make the power consumption constant, you can inject an data which should
>>>raise an error in a FU. If the data retreived is not correlated with the
>>>potential error, its behaviour does not affect the algorithm output. So you
>>>can erase it from the consumption scheme at time t, and so on, recover the
>>>real consumption.
>
>
>>I fail to see a connection between constant power consumption and
>>introduction of faults in a device. Making power consuption constant
>>must not impair functionality and therefore each data introduced which
>>causes faults and information leakage should do so irrespective of
>>implemented SCA countermeasures.
>
>
> Hum, sorry if I wasn't clear. When I spoke about "constant power consumption"
> I thought "make all the unities of the chip raise their max consumption,
> even if you have to make them working for nothing".
Ok, I see. But all units cannot go to "max consumption" if the device is
to perform some computation. Maximal power consumption mandates specific
data switching in the device and when the device processes some data, it
can't do that. You probably think of an approach where you lower the
signal-to-noise ratio by having a high power consumption unrelated to
the targeted data. That's probably not a good way to realize constant
power consumption. A better way to do that would be a dual-rail approach
(be it on transistor, gate or system level).
If we assume an approach with perfectly constant power consumption, you
might be able to find out the exact point in time where the targeted
data is processes (using your proposed fault injection technique). But
you still have a constant power consumption at this point so you're as
far from your goal as before?
>
>
>>>You're right. I don't know if it's quite reliable now, but IIRC, a french
>>>team is working on it (M. Renaudin's one cf. <URL: http://tima.imag.fr/ >)
>>>and have made significant headways.
>>
>>There is an EU-funded project which is working on this (and other) topics:
>>http://www.scard-project.org/
>
>
> Interesting link, thanks :)
You're welcome :-)
Regards
Stefan Tillich
- Next message: Michel Gallant: "Re: How to verify a SignedData (CMS, RFC3369) object?"
- Previous message: Tom St Denis: "Re: The factoring problem"
- In reply to: Guillaume L.: "Re: Side Channel Attacks - inside out"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
