Note: Clearly the lectures were performed out of order, as he talked about the previous lecture discussing ‘timing properties’ which is not the order on the website. I was absent from the ‘timing properties’ lecture, so don’t have any notes on it (yet…I will once I work out which lecture it was, Lecture 11 I think).
In the last lecture we discussed how timing properties of a system can be used to leak secret key information. But timing is not the only resource consumed, they also all require some form of power.
In this lecture we will look at how monitoring power consumption can reveal secret key information. You can do this using decent electronics labs equipment.
Executing an algorithm takes power
Different instructions take different amounts of power. There’s a picture on the slides of what a power trace of 16 rounds of DES look like. If you look at it closely you can distinguish what’s going on; variations in the rounds due to conditional jumps etc. which can reveal information about bits of the key. This is ‘Simple Power Analysis’ and there’s easy ways to get around it: avoid conditional branching, and generate “noise” (insert dummy operations that don’t do anything but consume power and time). If you were using an FPGA you could just use parts of it to waste power.
Differential Power Analysis
So what if someone has added noise or made it difficult? You can use DPA to extract correlations between different executions and reduce the search space by guessing some of the key bits. Correlation exists if you guess correctly. Sounds familiar.
There’s loads of stuff here that I didn’t understand…
Apparently you can obfuscate more and more and more, but you’re just making it harder, not impossible. Or something. Apparently you can protect against it if you know it is possible. There are also apparently ways of testing if you are resilient against it or not (there’s a paper linked on the website apparently).