[5590] in cryptography@c2.net mail archive
Re: Power analysis of AES candidates
daemon@ATHENA.MIT.EDU (Arnold Reinhold)
Tue Sep 14 16:22:27 1999
In-Reply-To: <14301.13606.727308.543977@lrz.de>
Date: Tue, 14 Sep 1999 13:25:07 -0400
To: Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>,
Andreas Bogk <andreas@andreas.org>
From: Arnold Reinhold <reinhold@world.std.com>
Cc: Russell Nelson <nelson@crynwr.com>,
"Cryptography@C2. Net" <cryptography@c2.net>
At 10:32 AM -0700 9/13/99, Eugene Leitl wrote:
>Why don't you just erase flash when a pressure change (hull breach) is
>detected. Using double-walled hull, to look for shortcuts. You can
>also couple this to light detection, and whatnot.
>
>Andreas Bogk writes:
> > Russell Nelson <nelson@crynwr.com> writes:
> >
> > > > There's some question about how hard it will be to design
> > > > hardware that will be DPA-resistant for different
> > > > algorithms.
> > > Big on-chip caps. Lithium batteries. Tamper-resistant housings.
>[...]
A sophisticated attacker could measure the pressure in each
compartment and work in a pressurized, darkened room.
One thought I had is to include a circuit on chip (perhaps duplicated
in several places) that would monitor on-chip supply voltage and keep
the program from executing sensitive code for some period if dV/dt
were too high. If the cap or Li battery were disconnected, the
circuit would see continuous fluctuations and shut the processor
down. A accidental power glitch would only cause a short delay in
execution.
If an attacker can get to the chip and disable these power monitor
circuits, he can probably also put a logic analyzer on the memory
lines and extract the key that way.
Arnold Reinhold
