EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3659)


Although many wireless portable devices offer more resistance to bus probing and power analysis due to their compact size, susceptibility to electromagnetic (EM) attacks must be analyzed. This paper demonstrates, for the first time, a real EM-based attack on a PDA running Rijndael and elliptic curve cryptography. A new frequency-based differential EM analysis, which computes the spectrogram, is presented. Additionally a low energy countermeasure for symmetric key cryptography is presented which avoids large overheads of table regeneration or excessive storage. Unlike previous research the new differential analysis does not require perfect alignment of EM traces, thus supporting attacks on real embedded systems. This research is important for future wireless embedded systems which will increasingly demand higher levels of security.


Elliptic Curve Elliptic Curve Cryptography Cryptographic Algorithm Differential Power Analysis Power Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Ravi, S., et al.: Securing Wireless Data: System architecture challenges. In: ISSS, pp. 195–200 (2002)Google Scholar
  3. 3.
    Messerges, T.: Securing the Rijndael finalists against power analysis attacks. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 150–164. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  5. 5.
    Quisquater, J.-J., et al.: a new tool for non-intrusive analysis of smartcards based on EM emissions. In: Rump Session, Eurocrypt (2000)Google Scholar
  6. 6.
    Brian Gladman, Dr.: A Specification for Rijndael, the AES Algorithm (2003),
  7. 7.
    Agrawal, D., et al.: The EM side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Gandolfi, K., et al.: Electromagnetic Analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Chari, S., et al.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Agrawal, D., et al.: The EM side-channel methodologies,
  11. 11.
    Liao, W., et al.: leakage power modeling and reduction with data retention. In: IEEE ICCAD, pp. 714–719 (2002)Google Scholar
  12. 12.
    Akkar, M., et al.: Power analysis, what is now possible.. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 489–502. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Itoh, K., et al.: DPA countermeasure based on the masking method. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 440–456. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Goubin, L., Patarin, J.: DES and Differential power analysis- the duplication method. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 158–172. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Golic, J.: Multiplicative Masking and power analysis of Rijndael. In: CHES 2002, pp. 1–10 (2002)Google Scholar
  16. 16.
    Messerges, T.: Using 2nd order power analysis to attack DPA resistant software. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 238–251. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Waddle, J., Wagner, D.: Towards efficient second-order power analysis. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 1–15. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Brier, E., Joye, M.: Weierstraβ Elliptic Curves and Side-Channel Attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Coron, J.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Izu, T., Moller, B., Takagi, T.: Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 296–313. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Izu, T., Takagi, T.: A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks. Technical Report CORR 2002-03. University of Waterloo (2002), Available from,
  22. 22.
    Izu, T., Takagi, T.: On the Security of Brier-Joye’s Addition Formula for Weierstrassform Elliptic Curves. TR No. TI-3/02. Technische University Darmstadt (2002), Available from,
  23. 23.
    Itoh, K., Yajima, J., Takenaka, M., Torii, N.: DPA Countermeasures by improving the Window Method. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 303–317. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Joye, M., Quisquater, J.: Hessian elliptic curves and side-channel attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 402–410. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Oswald, E., Aigner, M.: Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    National Institute of Standards and Technology, Digital Signature Standard. FIPS Publication 186-2 (February 2000)Google Scholar
  28. 28.
    Gebotys, C., Tiu, A., Chen, X.: A Countermeasure for EM attack of a Wireless PDA. In: IEEE International Conference on Information Technology – Special Session on Embedded Cryptographic Systems, Las Vegas, AZ, pp. 544–549 (2005)Google Scholar
  29. 29.
    Agrawal, D., et al.: Advances in Side-Channel Cryptanalysis EM analysis and template attacks. RSA Cryptobytes 6(1), 20–32 (2003)Google Scholar
  30. 30.
    Agrawal, D., et al.: Power, EM and all that: is your crypto device really secure? In: presentation ECC workshop (2003),
  31. 31.
    Gebotys, C., Gebotys, R.: Secure Elliptic Curve Implementations: An analysis of resistance to power-attacks in a DSP Processor. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 114–128. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  1. 1.Department of Electrical and Computer EngineeringUniversity of WaterlooWaterlooCanada

Personalised recommendations