I can't comment on specific responses to this thread, but hacking via montoring power consumption (SPA and DPA) is a proven technique in the world of smartcards. Most smartcard manufacturers have progressed beyond this type of vulnerability, but the technique is still valid.
Here's a paper I found that talks about it in more detail: http://www.cryptography.com/public/pdf/DPATechInfo.pdf -pc On Thu, Aug 28, 2014 at 2:02 PM, Edward Ned Harvey (bouncycastle) < bouncycas...@nedharvey.com> wrote: > > From: John Anderjaska [mailto:john.anderja...@dsainc.com] > > Sent: Thursday, August 28, 2014 1:24 PM > > > > In summary I'd say it is a glaring hole in most contemporary > > security solutions. > > But the type of information that could be introduced to that medium is > what? Take it as given, that certain CPU instructions are prone to consume > more power than other instructions, just because they activate larger areas > of the chip, with a larger number of bit flips and gate propagations > occurring internally, so yes, the power consumed "fluctuates according to > the computation that is being performed by its processor," but does not > reveal specifics of the data that is being processed. > > This is like watching the power consumption of a house painter painting a > house with his spray gun, and based on the power fluctuations, determining > what color paint he has loaded in the spray gun. Yes you can probably tell > when he's painting, but no you can't determine *what* he's painting. > > Yes I believe an observer of the ground signal could determine "I saw a > power spike between X ms and Y ms, which probably means you did something > cryptographic or doing some kind of compression or decompression, or > graphics rendering," but no I don't believe even remotely, that they are > extracting private keys out of that signal, nor what jpg you viewed, nor > what file you zip'd up, or what video you converted from H.264 to Mpeg4. > All of these would be the *content* of what you were processing at the time. >
