Smart cards arm against decryption attacks
Published: 19 Apr 2004 09:35 BST
Now that it has received needed patents, Cryptography Research will embark on a more aggressive effort to license technology that can protect devices from differential power analysis, a type of decryption attack.
With differential power analysis, or DPA, a hacker monitors variations in the electrical consumption of a card that performs encryption functions -- then performs reverse analyses to determine passwords. Cryptograph Research discovered this type of attack during the 90s.
To execute a DPA attack, the device must be in the hands of the attacker. So, while a thief could use this approach to determine the password of a bank card, a more common scenario would be for a hacker to use it to unblock pay TV signals on his or her home cable box. Cryptography Research recently obtained more than 60 patents for technology it has developed to defend against these attacks.
The demand for DPA security is growing, said Cryptography Research President Paul Kocher. He estimated that between 250 million and 400 million smart cards come out annually that could be vulnerable to DPA attacks.
Additionally, DPA attacks are a common topic among researchers. Of papers presented annually at security conferences, several are generally dedicated to nuances or variations of DPA attacks, Kocher said. And although writing software to perform an attack might take a few days, a well-executed attack on an unprotected card might take only a few seconds, he said.
Some companies already have adopted Cryptography Research's security technology, since the company had been working with customers to implement its tools prior to obtaining the patents.
The company's defence techniques vary. Some of the more effective ones involve changing the encryption key inside a card on a fairly rapid basis. Doing so severely limits an attacker's ability to ferret out a password, because the underlying electrical patterns are continually changing.
Cryptography Research specialises in plugging complex, and often latent, security problems. The company is currently working with several music and film studios on piracy issues.
Did you find this article useful?
63 out of 111 people found this useful
- Share this article:
