Rambus signs license agreement with Gemalto to DPA countermeasures portfolio; protect against side-channel attacks

Rambus Inc. announced on Wednesday that it has signed a patent license agreement with Gemalto, a global leader in digital security. The agreement covers the use of Rambus patents covering Differential Power Analysis (DPA) countermeasures, which protect devices and integrated circuits against DPA and other related side-channel attacks.

Specific terms of the agreement are confidential.

DPA is a form of side-channel attack that monitors variations in the electrical power consumption or electro-magnetic emissions of a target device. The basic method involves partitioning a set of traces into subsets, then subsequently computing the difference of the averages of these subsets. A trace refers to a set of power consumption measurements taken while the device is performing cryptographic operations. Given enough traces, extremely minute correlations can be isolated — no matter how much noise is present in the measurements.

DPA countermeasures, developed by Rambus Cryptography Research, consist of a range of software, hardware and protocol techniques that protect devices from side-channel attacks and are implemented in tamper-resistant products used in a variety of applications.

Many electronic devices that use cryptography are susceptible to side-channel attacks, including SPA and DPA. A side-channel is an unintentional channel providing information about the internal activity of the chip, for example power consumption or EM emissions.

These low-cost, non-invasive methods enable attackers to stealthily extract secret cryptographic keys used during normal device operations. Once the keys have been extracted, attackers can easily gain unauthorized access to a device, decrypt or forge messages, steal identities, clone devices, create unauthorized signatures and perform additional unauthorized transactions.

“We are pleased to collaborate with Gemalto to provide the key technology elements critical for the protection of sensitive keys and data,” said Bret Sewell, senior vice president and general manager of the Rambus Security Division.

Specific DPA countermeasure techniques include decreasing the signal-to-noise ratio of the power side channel by reducing leakage (signal) or increasing noise, for example, by making the amount of power consumed less contingent upon data values and/or operation (balancing); introducing amplitude and temporal noise; incorporating randomness with blinding and masking by randomly altering the representation of secret parameters and implementing protocol-level countermeasures by continually refreshing and updating cryptographic protocols used by a device.

As all physical electronic systems routinely leak information, an effective layer of side-channel countermeasures should be implemented via hardware (DPA resistant cores), software (DPA resistant libraries) or both. It should be noted that stand-alone noise introduction is incapable of sufficiently masking side-channel emissions. Indeed, DPA conducted against a device can effectively bypass stand-alone noise countermeasures, ultimately allowing the signal to be isolated.

After layered countermeasures have been implemented, systems should be carefully evaluated with a Test Vector Leakage Assessment (TVLA) platform such as the Rambus DPA Workstation (DPAWS) to confirm the cessation of sensitive side-channel leakage.

Leave a Reply

WWPI – Covering the best in IT since 1980