Friday, November 19, 2004

DPA: The New Security Threat

Think you're secure because you use a "smart card" to access online resources, and encrypt all data that you send over the Net? Well, think again. A new technique is emerging that could allow intruders to intercept and read even the most securely encrypted communications.



Differential Power Analysis (DPA) work on the principle that encrypted communications "leak" minute amounts of electrical power, and that encryption keys can be found by measuring changes in these leaks. Using DPA, even encryption techniques unknown to the hacker can be reverse-engineered and broken. Cryptography Research, Inc. discovered the DPA technique several years ago, and has patented a number of anti-DPA techniques that it is now licensing to vendors. Most of these techniques involve either lowering the amount of energy leakage in transmissions, or generating "white noise" to cover up the fluctuations. CRI has also published white papers on the topic, and markets testing devices for measuring the amount of power leaking from various devices.



DPA is surely going to be of great interest on both sides of the security issue. As word about DPA spreads, vendors will have to assure their customers that their security is DPA-resistant. The government and the military will also certainly express interested in DPA, both as a defensive and an offensive tool.



Source: eWeek

No comments:

Post a Comment