Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:04 ADT
Mike Rosing (eresrch@msn.fullfeed.com)
Thu, 25 Jun 1998 11:16:48 -0500 (CDT)
On Thu, 25 Jun 1998, burt rosenberg wrote:
>
> Umm, there's a disconnect here:
Ahhh...
> What I'm suggesting is a way to defeat all timing attacks,
> whether it be timing, power analysis, electromagnetic radiation ...
> whatever ... by leaking provably NO information per calculation,
> by randomizing over the set of possible algorithms, rather than
> ad hoc patches to disguise particular features of a single algorithm.
>
> As an example, a smart card using the suggested randomized approach
> to exponentiation for immunity to timing attacks is ALREADY
> also immune to DPA.
>
> No one else working on these?
Probably not. Physical security works better for that threat model,
don't let the "enemy" have access to something that's so sensitive it's
worth the millions of dollars in equipment to hack. Most smart cards
won't be holding $1000 let alone a million. It would be easier to
(very carefully) cut the card open and read the keys directly than
deal with timing or power type attacks.
It's about the same as counterfeiting money - it costs more in time and
equipment than you can mint and recover. I think Paul's papers are good
academic work, but I don't think these attacks are a real threat to worry
about. They guy in charge of handing out the cards is a bigger threat,
if I'm the banker that's what I'd worry about.
Patience, persistence, truth,
Dr. mike
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:04 ADT