Electrical computers and digital processing systems: support – Data processing protection using cryptography
Reexamination Certificate
1999-07-26
2001-09-25
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
C380S001000
Reexamination Certificate
active
06295606
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to the security of cryptographic processing in microelectronic assemblies, such as smartcards and the like cryptographic tokens, and more particularly to methods of preventing security breach of the same when a differential power analysis attack is used.
BACKGROUND OF THE INVENTION
Cryptographic devices use secret keys to process input information and/or to produce output information. It is generally assumed that the input and the output information is available to attackers, however, information about the secret keys is unavailable to the attackers. Recently, it has been shown that Differential Power Analysis (DPA) can be utilized by attackers to gain information about secret keys used in cryptographic devices. For example, as described in Introduction to Differential Power Analysis and Related Attacks, by Paul Kocher et al., DPA attacks utilize leaked information to gain knowledge of a secret key used by a cryptographic device. In particular, an attacker mounting a DPA attack monitors the power consumption of a cryptographic device to learn information about its secret keys. However, in general, leaked information in the form of electromagnetic radiation, timing, faulty outputs . . . , etc. can also be monitored. After monitoring multiple operations, a malicious attacker can obtain the secret keys used by the cryptographic device.
A common type of cryptosystem uses a block cipher for the encrypt and decrypt operations. A block cipher operates on a fixed number of input bits and encrypts or decrypts these bits into a fixed number of output bits. The encrypt and decrypt functions are often constructed using a simple function called a round function. The security of the cryptographic algorithm is achieved by repeatedly applying the round function a fixed number of times. Such a cipher is referred to as an iterative-block cipher.
An example of a commonly known iterative-block cipher is the Data Encryption Standard (DES). DES is described in detail in ANSI X.392, “American National Standard for Data Encryption Algorithm (DEA),” American Standards Institute, 1981, which is incorporated by reference herein. One of the major components of the round function of DES is the substitution box (S-box) functions. The S-box functions are non-linear and are conventionally implemented using table lookups or Boolean logic gates.
Present implementations of iterative-block ciphers need to use the secret key each time a round function is calculated. When this secret key is accessed by a cryptographic device, information about the secret key is leaked outside the device and can be monitored by an attacker. The information that is leaked is often very subtle and difficult to interpret. However, because this information is correlated to the actual secrets within the device, an attacker can use statistical techniques, such as a DPA attack, to effectively amplify the information and breach the security of the cryptosystem.
Statistical attacks, such as a DPA attack, are successful because the leaked information is correlated to the secret keys. Decorrelating the data being processed by the round function from the secret key data is therefore desirable. The revelation of the secret key data is considered a breach of the security of a cryptographic device. Therefore, a need exists for a way to prevent leakage attacks so that an attacker cannot gain information about the secret keys used in cryptographic devices.
REFERENCES:
patent: 5168521 (1992-12-01), Delaporte et al.
patent: 5796837 (1998-08-01), Kim et al.
Wayner. “Code Breaker Cracks Smart Card's Digital Safe”. The New York Times. Jun. 22, 1998, pp. 1-5.*
Kocher et al. “Introduction to Differential Power Analysis and Related Attacks”. Cryptography Research, Inc. 1998. pp. 1-7.*
Biham et al. “Differential Fault Analysis of Secret Key Cryptosystems”. Advances in Cryptology: Proceedings of Crypto '97. Springer-Verlag. Aug. 1997. pp. 513-525.*
“Investigations of Power Analysis Attacks on Smartcards.” Thomas S. Messerges, Ezzy A. Dabbish and Robert H. Sloan, Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 1-11.
Dabbish Ezzat A.
Messerges Thomas S.
Puhl Larry
Cyrus Khosravi K.
Hayes Gail
Hughes Terri S.
Latham Bryan S.
Motorola Inc.
LandOfFree
Method and apparatus for preventing information leakage... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for preventing information leakage..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for preventing information leakage... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2546544