April 18, 2004 9:00 PM PDT
Company to license device-security tools
With differential power analysis, or DPA, a hacker monitors variations in the electrical consumption of a card that performs encryption functions--then performs reverse analyses to determine passwords. Cryptograph Research discovered this type of attack during the '90s.
Get Up to Speed on...
Get the latest headlines and
company-specific news in our
expanded GUTS section.
To execute a DPA attack, the device must be in the hands of the attacker. So, while a thief could use this approach to determine the password of a bank card, a more common scenario would be for a hacker to use it to unblock pay TV signals on his or her home cable box. Cryptography Research recently obtained more than 60 patents for technology it has developed to defend against these attacks.
The demand for DPA security is growing, said Cryptography Research President Paul Kocher. He estimated that between 250 million and 400 million cards come out annually that could be vulnerable to DPA attacks.
Additionally, DPA attacks are a common topic among researchers. Of papers presented annually at security conferences, several are generally dedicated to nuances or variations of DPA attacks, Kocher said. And although writing software to perform an attack might take a few days, a well-executed attack on an unprotected card might take only a few seconds, he said.
Some companies already have adopted Cryptography Research's security technology, since the company had been working with customers to implement its tools prior to obtaining the patents.
The company's defense techniques vary. Some of the more effective ones involve changing the encryption key inside a card on a fairly rapid basis. Doing so severely limits an attacker's ability to ferret out a password, because the underlying electrical patterns are continually changing.
Cryptography Research specializes in plugging complex, and often latent, security problems. The company is currently working with several music and film studios on piracy issues.