Kerstin Lemke

DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction

Differential Power Analysis (DPA) has turned out to be an efficient method to attack the implementations of cryptographic algorithms and has been well studied for ciphers that incorporate a nonlinear substitution box as e.g. in DES. Other product ciphers and message authentication codes are based on the mixing of different algebraic groups and do not use look-up tables. Among these are IDEA, the AES finalist RC6 and HMAC-constructions such as HMAC-SHA-1 and HMAC-RIPEMD-160. These algorithms restrict the use of the selection function to the Hamming weight and Hamming distance of intermediate data as the addresses used do not depend on cryptographic keys. Because of the linearity of the primitive operations secondary DPA signals arise. This article gives a deeper analysis of the characteristics of DPA results obtained on the basic group operations XOR, addition modulo 2 and modular multiplication using multi-bit selection functions. The results shown are based both on simulation and experimental data. Experimental results are included for an AVR ATM163 microcontroller which demonstrate the application of DPA to an IDEA implementation.

An open approach for designing secure electronic immobilizers

The automotive industry has developed electronic immobilizers to reduce the number of car thefts since the mid nineties. However, there is not much information on the current solutions in the public domain, and the annual number of stolen cars still causes a significant loss. This generates other costs particularly regarding the increased insurance fees each individual has to pay. In this paper we present a system model that captures a variety of security aspects concerning electronic immobilizers. We consider generic security and functional requirements for constructing secure electronic immobilizers. The main practical problems and limitations are addressed and we give some design guidance as well as possible solutions.

Embedded Security: Physical Protection against Tampering Attacks

Once an adversary gains physical access to a cryptographic device itself, the security of the device strongly depends on its construction implemented in hardware and software. This contribution aims to review the main approaches towards physical security.

Embedded Cryptography: Side Channel Attacks

This article gives an overview of state-of-the-art side channel attacks and corresponding countermeasures which are currently discussed in the scientific literature. We compare different attacks with respect to the algorithms attacked, measurement costs, efficiency and practicability. In particular, we examine simple power analysis (SPA), differential power analysis (DPA), internal collision attacks and template attacks. Moreover, we give a brief overview of various countermeasures based on hard- or software which should always be implemented in order to secure cryptographic algorithms against side channel attacks.

Anti-theft Protection: Electronic Immobilizers

The automotive industry has been developing electronic immobilizers to reduce the number of car thefts since the mid-1990s. However, there is not much information on the current solutions in the public domain, and the annual number of stolen cars still causes a significant loss. This generates other costs particularly regarding the increased insurance fees each individual has to pay.