SOURCE: Cryptography Research Inc.

February 26, 2008 08:00 ET

Cryptography Research to Host Workshop About Securing Tamper Resistant Devices at RSA Conference 2008

Following the Success of Last Year's Workshop, This Pre-Conference Tutorial Will Include Live Demonstrations and Examine Leading Techniques to Counter Security Threats to Smart Cards and Other Tamper Resistant Devices Including Timing Attacks, Simple Power Analysis and Differential Power Analysis

SAN FRANCISCO, CA--(Marketwire - February 26, 2008) - Cryptography Research, Inc. (CRI), a worldwide leader in security systems, today announced that it will hold a one-day pre-conference tutorial entitled "Securing Tamper Resistant Devices: An Introduction to Timing Attacks, Simple Power Analysis (SPA) and Differential Power Analysis (DPA)" during the RSA Conference 2008, April 7- 11, at the Moscone Center in San Francisco.

In the workshop, attendees will receive an introduction to the fundamentals of power analysis, perform hands-on tutorials, examine practical design approaches to countering power analysis and review the current state of related U.S. and international security certifications. This is the second consecutive year that CRI will run this workshop at a RSA conference.

"Last year's workshop was a tremendous success, and as a result, we are leading the session again," said Benjamin Jun, vice president of technology at CRI. "Side channel vulnerabilities -- including SPA, DPA, and timing attacks -- have emerged as powerful, real-world threats to tamper resistant devices and embedded systems. The workshop will emphasize practical aspects of securing devices, in particular for U.S. testing labs and product companies in advance of the upcoming FIPS 140-3 specification."

DPA was discovered at CRI by Paul Kocher, Joshua Jaffe and Benjamin Jun who demonstrated that power consumption measurements of smart card and other devices could be analyzed to find secret keys. Vulnerable devices can be exploited by attackers to counterfeit digital cash, duplicate ID cards, pirate digital content or mount other attacks.

The primary audience for the workshop includes developers and architects of secure embedded systems, as well as evaluators and individuals designing testing requirements for tamper-resistant products. Technical staff interested in designing and testing tamper-resistant systems for consumer products, financial systems, anti-piracy/conditional access systems or government/defense applications are also encouraged to attend.

The CRI workshop is divided into three sessions. In part one, attendees will receive an introduction to the fundamentals of power analysis, perform a timing attack code review exercise and observe a timing attack demonstration.

Part two explores the practical design approaches to countering power analysis. Participants will work in teams and find a key using SPA. The DPA analysis will be introduced and a live DPA attack will be performed to extract keys from a tamper-resistant device.

Part three focuses on effective technical approaches to DPA resistance and countermeasure implementation. Recommended evaluation processes will also be discussed, together with an overview of the CRI DPA Countermeasure Validation Program for evaluating the effectiveness of products in resisting side channel attacks.

CRI Workshop Details

Who:     Benjamin Jun, vice president of technology
         Joshua Jaffe, cryptosystem researcher and engineer
         Mark Marson, senior cryptographer
         Trevor Perrin, software engineer
         Joseph Bonneau, cryptographic scientist

What:    Pre-conference tutorial (session code TUT M11): "Securing Tamper
         Resistant Devices: An Introduction to Timing Attacks, Simple Power
         Analysis and Differential Power Analysis"

When:    Monday, April 7, 2008, 9:00 a.m.-3:30 p.m. PDT

Where:   RSA conference 2008, Moscone Center, San Francisco

For more information, please visit: https://cm.rsaconference.com/US08/catalog/catalog/catalog.jsp

About Cryptography Research, Inc.

Cryptography Research, Inc. provides technology to solve complex security problems. In addition to security evaluation and applied engineering work, the company is actively involved in long-term research and technology licensing in areas including content protection, tamper resistance, network security and financial services. Security systems designed by Cryptography Research engineers protect more than $100 billion of commerce annually for wireless, telecommunications, financial, digital television, entertainment and Internet industries. For additional information please visit www.cryptography.com.