Cryptography Reference
In-Depth Information
who would be sending messages. MI5 managed to plant a microphone in close
proximity to one of these machines. This allowed the initial settings to be determined
by listening to them being made every morning. This would have allowed MI5 to
decipher intercepted communications with another Hagelin machine set to the same
key. In practice MI5 was only able to determine a certain number of wheel settings
because of the difficulty of distinguishing the noise of the wheels being set from
background noise. This made deciphering more complex, but not impossible, as the
number of possible keys was significantly reduced by the partial information.
In this chapter we describe side-channel analysis and its relevance to fault attacks.
Side-channel analysis is typically used to try to reveal information on cryptographic
keys. However, we will be concentrating on identifying target operations and on how
to trigger a mechanism to inject a fault.
The first academic publication of a side-channel attack described an attack based
on observing the time required to compute a given operation [239]. However, the
overall time required to compute an operation is not relevant to the discussion of
side-channel analysis with regard to fault attacks.
Subsequent publications involved analyzing acquisitions of the instantaneous
power consumption [240] or electromagnetic emanations [153, 331]. In each case
there are two types of attack, which we will discuss in more detail in this chapter.
•
The analysis of one acquisition to determine information on the operations being
computed; we elaborate on this in Sect.
1.3
.
•
The statistical analysis of multiple traces to reveal information, described in
Sect.
1.4
.
1.2 Background
In this section we describe the equipment that one would require to take acquisitions
that could be used to conduct side-channel analysis. We focus on the aforemen-
tioned analysis of the power consumption and the electromagnetic field around a
microprocessor.
In Fig.
1.1
we show an example of the equipment required to acquire power con-
sumption traces while executing an arbitrary command. A smart card was inserted
into an extension card that was then inserted into a standard smart card. An oscil-
loscope was used to acquire a power consumption trace, visible as a red trace on
the laptop computer and as a cyan trace trace on the oscilloscope. This trace rep-
resents the voltage drop across a resistor in series with the ground pin of the smart
card, typically acquired with a differential probe. A yellow trace is also visible on
the oscilloscope that shows the I/O pin of the smart card that is used to trigger the
oscilloscope.
It was observed in [153, 331] that the same information is present in the change in
the electromagnetic field surrounding a microprocessor. Traces showing the change
in the electromagnetic field can be acquired by using a suitable probe. This typically
