Cryptography Research, Inc. (CRI) will hold a three-day workshop on how to evaluate the security of Elliptic Curve Cryptography (ECC) platforms against power analysis. ECC is used to protect secret information exchanged in smart cards, electronic passports, mobile communication systems and other devices. Simple Power Analysis (SPA) and Differential Power Analysis (DPA) are techniques that can expose these devices to tampering and fraud by revealing keys and other secret information stored on a chip. The workshop takes place on March 10-12 at CRI’s San Francisco office. The primary audience for the workshop includes developers and architects of secure embedded systems, as well as evaluators and individuals designing testing requirements for tamper-resistant products.

Cryptography Research to Lead Workshop on Securing Devices Using Elliptic Curve Cryptography (ECC) Against Power Analysis Attack

SAN FRANCISCO, CA – Cryptography Research, Inc. (CRI) today announced that it will hold a three-day workshop on how to evaluate the security of Elliptic Curve Cryptography (ECC) platforms against power analysis. ECC is used to protect secret information exchanged in smart cards, electronic passports, mobile communication systems and other devices. Simple Power Analysis (SPA) and Differential Power Analysis (DPA) are techniques that can expose these devices to tampering and fraud by revealing keys and other secret information stored on a chip. The workshop takes place on March 10-12 at CRI’s San Francisco office.

“Many companies are implementing Elliptic Curve Cryptography in their products for efficiency reasons and because of ECC’s position in the National Security Agency’s Suite B standards,” said Ken Warren, smart card business manager at CRI. “This workshop will help participants understand and evaluate the security of ECC implementations in products against power analysis vulnerabilities.”

In the workshop, demonstrations will show how the Cryptography Research DPA Workstation(TM) can be used to analyze ECC implementations. Attendees will also conduct hands-on tutorials using the DPA Workstation software to analyze smart cards performing common ECC algorithms.

DPA was discovered at CRI by Paul Kocher, Joshua Jaffe and Benjamin Jun, who demonstrated that power consumption measurements of smart cards and other devices could be analyzed to find secret keys. Vulnerable devices can be exploited by attackers to counterfeit digital cash, duplicate ID cards, manufacture forged consumables, pirate digital content or mount other attacks. Countermeasures to SPA and DPA are necessary to secure tamper-resistant devices, and are required for United States government products under the draft FIPS 140-3 standard.

The primary audience for the workshop includes developers and architects of secure embedded systems, as well as evaluators and individuals designing testing requirements for tamper-resistant products. Technical staff interested in designing and testing tamper-resistant systems for consumer products, financial systems, anti-piracy/conditional access systems or government/defense applications are also encouraged to attend.

The full agenda and registration form for the ECC Power Analysis Workshop can be found online at www.cryptography.com/dpa_eccworkshop.html.

For more information please contact Ken Warren at [email protected].

About Cryptography Research, Inc.

Cryptography Research, Inc. provides technology to solve complex security problems. In addition to security evaluation and applied engineering work, the company is actively involved in long-term research and technology licensing in areas including content protection, tamper resistance, network security and financial services. Security systems designed by Cryptography Research engineers protect more than $100 billion of commerce annually for wireless, telecommunications, financial, digital television, entertainment and Internet industries. For additional information please visit www.cryptography.com.

---

Related articles:

Understanding DPA attacks and the countermeasures available to protect smart cards Certicom licenses ECC technology to IdentiPHI for advanced enterprise security and Suite B compliance A new license fee for every smart card?