Is my Smartcard Secure? Side Channel Attacks on the Advanced Encryption Standard
Electrical Engineering and Computer Science
University of Michigan
In 2001 the National Institute of Standards and Technology (NIST) selected the block cipher Rijndael as the Advanced Encryption Standard (AES), makingit the standard for symmetric key encryption. One of the NIST selection criteria was that the cipher should be easy to implement on inexpensive computationaldevices such smartcards. This raises the question of how secure these devices are. A smartcard leaks information through voltage fluctuations and electromagnetic signals. Is this enough information to break the cipher? We will describe a Simple Power Analysis attack on an 8-bit implementation of AES that findsthe encryption key using an optimized search strategy. This improves on previous work in terms of speed, flexibility, and handling of data error. We can find a 128-bit cipher key in 16ms on average, with similar results for 192- and 256-bit cipher keys. The attack almost always produces a unique cipher key and performs well even in the presence of substantial measurement error. The talk will be self contained: no previous knowledge of cryptography or smartcards will be assumed.