Talk:Power analysis

Latest comment: 7 years ago by 50.150.93.206 in topic General Audience Clarification - Practical Details

Preventing simple and differential power analysis attacks

edit

Why wouldn't it be simpler to have some sort of battery or capacitor inside the device, such that the the battery has a constant draw from the external power source and the CPU can have a variable draw on the battery? Shades97 (talk) 22:58, 10 May 2012 (UTC)Reply


The link http://www.hackhu.com/ is not only dead but its archive ghost points to something totally different (details about a lawsuit against the cryptanalysts, something like a rubber-hose protection layer for weak encryption). Please fix. Thanks. 45.61.4.155 (talk) 18:17, 8 November 2016 (UTC)Reply

General Audience Clarification - Practical Details

edit

Based on my understanding of this technique, its the type of attack that either requires direct, physical, access to a device/system during the analysis or at some point before it begins. Basically: you need to be able to sit there with a motherboard on a table, with oscilloscope probes attached to traces on a circuit board. Even if there are applications of this type of technique that do not require that type of physical access, if the details of the technique require that the analysis is passive (and therefore do not use/piggyback off the device/system's own communication within a network or to the internet). This article should include at least a SENTENCE of general audience clarification. I bring this up because, in the minds of even moderately informed people, its not immediately clear how this type of attack/analysis fits into the spectrum of information security. This is not the type of technique that can be carried out without resources, time, and direct access. Its probably more commonly applied in "forensic" analysis/attacks, where an attacker physically possesses a device and has the capability of disassembling it to some degree without concern for being discovered. Examples MIGHT include industrial/corporate espionage/reverse engineering, academic information security research, or forensic analysis for purposes of litigation in light of security failures. There are, undoubtedly, other situations where this type of analysis has application. However, its useful to be able to create a mental image of what this type of attack/analysis involves. Again: imagine a piece of computer hardware (eg: set top box, rack mounted/server style enclosure, industrial-style metal enclosure, etc.) that has been opened up so that the motherboard is visible, and a few people are standing over it with a computer and specialized electronic signal analysis equipment (eg an oscilloscope) is sitting there with wires attached directly to the circuit board in areas that surround various chips on the board. This is far different from, for example, someone surreptitiously attaching a USB memory stick containing malware to a particular server in a server room, attaching a fake keylogger-containing VGA cable to a KVM switch in a sever room, etc. Its also different from the type of analysis that goes into other forms of potential hardware obfuscation, such as grinding down a microprocessor in a clean room or analyzing it with a SQUID/STM/AFM.50.150.93.206 (talk) 21:47, 9 February 2017 (UTC)Reply