Company to license device-security tools

Cryptography Research has obtained more than 60 patents for its technology that protects devices from decryption attacks.

Michael Kanellos Staff Writer, CNET News.com

Michael Kanellos is editor at large at CNET News.com, where he covers hardware, research and development, start-ups and the tech industry overseas.

See full bio

Michael Kanellos

April 19, 2004 4:15 a.m. PT

2 min read

Now that it has received needed patents, Cryptography Research will embark on a more aggressive effort to license technology that can protect devices from differential power analysis, a type of decryption attack.

With differential power analysis, or DPA, a hacker monitors variations in the electrical consumption of a card that performs encryption functions--then performs reverse analyses to determine passwords. Cryptograph Research discovered this type of attack during the '90s.



		Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.

To execute a DPA attack, the device must be in the hands of the attacker. So, while a thief could use this approach to determine the password of a bank card, a more common scenario would be for a hacker to use it to unblock pay TV signals on his or her home cable box. Cryptography Research recently obtained more than 60 patents for technology it has developed to defend against these attacks.

The demand for DPA security is growing, said Cryptography Research President Paul Kocher. He estimated that between 250 million and 400 million cards come out annually that could be vulnerable to DPA attacks.

Additionally, DPA attacks are a common topic among researchers. Of papers presented annually at security conferences, several are generally dedicated to nuances or variations of DPA attacks, Kocher said. And although writing software to perform an attack might take a few days, a well-executed attack on an unprotected card might take only a few seconds, he said.

Some companies already have adopted Cryptography Research's security technology, since the company had been working with customers to implement its tools prior to obtaining the patents.

The company's defense techniques vary. Some of the more effective ones involve changing the encryption key inside a card on a fairly rapid basis. Doing so severely limits an attacker's ability to ferret out a password, because the underlying electrical patterns are continually changing.

Cryptography Research specializes in plugging complex, and often latent, security problems. The company is currently working with several music and film studios on piracy issues.