We did some work on power analysis sidechannels. The NSA solution is to physically isolate anything that does crypto from anything else. Separate power supplies and Faraday cages are used. This is effective, but not practical for mobile devices.
Another alternative is to use dual rail instructions in hardware, for each computation in the code, it also computes the complement. This produces a flat power consumption profile, but consumes 1.9 times the power and produces 1.9 times the heat. We added compiler support where secret variables (ex. crypto key) had tags marking them as secret. Then instructions that used this data, or anything derived from them, would use the dual rail instructions. This consumes 15% more power than normal. Other people try to just add random fluctuations to the power consumption profile. That never works. You just have to increase the amount of data that you collect. You would be amazed at how many people try to pass this off as an effective solution. The power analysis attack(especially differential power analysis) is really easy to do. We gave the grad student a paper. He had the attack running after about 1 day of work. On 04/29/2013 03:29 PM, Steve Weis wrote: > To add to the list of issues here, crypto implementations on mobile > devices may be vulnerable to power analysis side-channel attacks. > Attackers may be able to measure RF signal strength to infer power > consumption during crypto operations, then derive key material. I think > Cryptography Research Inc. has been researching these attacks and > working on countermeasures. > > On Mon, Apr 29, 2013 at 12:09 PM, Seth David Schoen <sch...@eff.org > <mailto:sch...@eff.org>> wrote: > > ... > > There are a lot of problems about disk encryption on small > mobile devices. One that was highlighted by Belenko and > Sklyarov at Black Hat EU 2012 is that mobile device CPUs are > relatively slow, so it's difficult to do very large numbers of > iterations of key derivation functions, which would make > brute-force cracking slower. > > > > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech > -- =================== R. R. Brooks Associate Professor Holcombe Department of Electrical and Computer Engineering Clemson University 313-C Riggs Hall PO Box 340915 Clemson, SC 29634-0915 USA Tel. 864-656-0920 Fax. 864-656-5910 email: r...@acm.org web: http://www.clemson.edu/~rrb -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
