Friday, 30 September 2011

Break phone encryption by watching its power consumption

It is possible to obtain secret keys to hardware-aided encryption by monitoring the power consumption of the device. The attack is called Differential Power Analysis (DPA).

A security firm called Cryptography Research has just licensed its anti-DPA technology to an as-yet undisclosed mobile phone manufacturer. The company's website hosts an interesting video that demonstrates the principles behind the type of attack that it claims to protect against. This video does not require you to be a cryptography expert to understand the basic idea.

To go straight to the relevant part visit the link above and then click on the menu item labelled 'Technology' and then 'DPA Process'.

The countermeasures include reducing the signal (so that changes are less obvious); using randomness; and a range of other less-easily understood (by me) methods.