DesignCon will be held in Santa Clara, California between 30 January and 2 February. This year it includes two papers in hardware security area.
SPEAKER/S: Luke Teyssier (CRI)
DAY / TIME / LOCATION: Tuesday 2:50- 3:30 Ballroom C
TRACK / FORMAT: Chip-Level Design for Signal/Power Integrity / 40-Minute Technical Paper Session
AUDIENCE LEVEL: Intermediate
Cryptographic circuits are fundamentally different than other types of IP for System On Chip or FPGA designs: Correct functionality is not enough. Like other IP cores, they require flawless operation. However, cryptographic circuits that leak too much information provide only a false sense of security, are vulnerable to attack, and therefore, useless. Differential Power Analysis (DPA) measures the security of cryptographic devices by exercising their normal function, recording power consumption or field emanations traces at high speed, and correlating them to internal cryptographic state to detect vulnerabilities. An important factor in the success of DPA analysis is discovering where to look and what to use for correlation. Current DPA testing relies heavily on the skill and experience of the practitioner. The author introduces a simple technique to make the DPA testing process somewhat more repeatable and predictable in terms of time, effort and the experience of the tester
SPEAKER/S: Gary Kenworthy (Cryptography Research, Inc)
DAY / TIME / LOCATION: Wednesday 2:50- 3:30 Ballroom F
TRACK / FORMAT: Electromagnetic Compatibility and Interference / 40-Minute Technical Paper Session
AUDIENCE LEVEL: Introductory
Two live demonstrations of key recovery from mobile devices through RF electromagnetic (EM) signal analysis are presented. One analysis uses a magnetic field probe to recover the private key of an RSA public key encryption algorithm. A second demonstration recovers the key from an ECC algorithm from a distance of approximately 3m. Both analyses use inexpensive readily available RF receiving equipment for signal collection. Baseband EM approaches are similar to power measurement attacks such as SPA and DPA. EM analyses do not require the same level of physical access to a device that other side channels may require. Compliance with FCC emission thresholds will likely not provide a sufficient level of protection. We discuss hardware, software, and protocol level countermeasures that substantially mitigate information leakage, as well as testing methods beyond FCC for quickly assessing the degree of protection.