Cryptography Offers Workshop on Defending Attacks on Embedded Devices

Cryptography Research, Inc. (CRI) announced that it will hold a one-day workshop about how to thwart attacks on embedded devices like mobile communication systems. The workshop is entitled: “An Introduction to Side-Channel Analysis, SPA, DPA and Timing Attacks” and will take place at the Crowne Plaza Washington DC/Silver Spring Hotel on August 14, 2008.

This is the third in a series of embedded system security workshops CRI has run this year. Participants will get up to speed on side-channel attacks, including power analysis attacks such as Simple Power Analysis (SPA), Differential Power Analysis (DPA) and timing analysis. CRI will examine practical design approaches to countering power analysis threats and review the state of associated U.S. and international security evaluation certifications, such as U.S. Federal Information Processing Standard (FIPS) 140-3 and Common Criteria.

“Side-channel vulnerabilities — including SPA, DPA and timing attacks — are well known in the smart card industry and becoming increasingly recognized as powerful threats to tamper-resistant devices and embedded systems,” said Ken Warren, smart card business manager at CRI. “We have been solicited to offer this workshop again as participants have greatly appreciated the practical insights gained in defending against these real-world attacks.”

Attendees will also have the opportunity to perform hands-on exercises, including simulating a timing attack and using SPA to interpret power traces, as well as recover a simulated PIN. CRI will also demonstrate a live DPA attack using the DPA Workstation[TM].

Differential power analysis (DPA) was discovered at CRI by Paul Kocher, Joshua Jaffe and Benjamin Jun, who demonstrated that power consumption measurements of smart card and other devices could be analyzed to find secret keys. Vulnerable devices can be exploited by attackers to counterfeit digital cash, duplicate ID cards, pirate digital content or mount other attacks.

The prime audiences for the workshop include developers and architects of hardware and software security products, as well as evaluators and technical writers of requirements for tamper resistant products. Technologists designing and testing tamper resistant systems for consumer products, financial systems, anti-piracy/conditional access systems, or government/defense applications are encouraged to attend.

About Cryptography Research, Inc.
Cryptography Research, Inc. provides technology to solve complex security problems. In addition to security evaluation and applied engineering work, the company is actively involved in long-term research and technology licensing in areas including content protection, tamper resistance, network security and financial services. Security systems designed by Cryptography Research engineers protect more than $100 billion of commerce annually for wireless, telecommunications, financial, digital television, entertainment, and Internet industries.