At 1:35 PM -0700 9/14/99, John Gilmore wrote:
> > At 10:32 AM -0700 9/13/99, Eugene Leitl wrote:
> > >Why don't you just erase flash when a pressure change (hull breach) is
> > >detected. Using double-walled hull, to look for shortcuts. You can
> > >also couple this to light detection, and whatnot.
>
>Arnold Reinhold said:
> > in several places) that would monitor on-chip supply voltage and keep
> > the program from executing sensitive code for some period if dV/dt
> > were too high. If the cap or Li battery were disconnected, the
>
>What are you guys talking about? Differential power analysis doesn't
>require any physical attack, nor does it deal with voltage
>variations. (You are probably thinking of Shamir's fault-injection
>attacks.) Differential power analysis measures the current
>consumption of the part as it operates, completely outside the device.
OK a recap of where we are:
A suggestion was made that a large capacitor or Lithium battery be
used to reduce the power fluctuations that DPA depends on. That was
countered by pointing out that an attacker could physically
disconnect the battery or cap (Maybe x-ray the package, find the
relatively fat connection and drill it out). Mr. Leitl suggested
pressure and light sensors to detect the drilling, which I find
dubious, even if each smart card has a different pressure. I
suggested that a simple on-chip circuit could inform on-board CPU
that a disconnect may have occurred. This circuit would measure
fluctuations in the supply voltage. Mr. Ohm has demonstrated that
current variations usually imply voltage variations.
Mr. Brandt now questions whether a cap can be large enough to defeat
DPA, since the attacker can increase the number of runs and the
required N varies linearly with C. I would like to point out that
using one or more RC stages changes the equation considerably, and,
in the extreme, the CPU could be powered entirely by a capacitor or
battery during the sensitive computations, with all connection to the
outside temporarily broken.
Arnold Reinhold
