Cryptography Research, Inc. (CRI), a security systems provider, has launched the 'DPA Countermeasure Validation Program', a new testing suite to evaluate smart card protection against Differential Power Analysis (DPA) attacks. A DPA attack can reveal keys and other sensitive information stored on a chip, thereby exposing payment card or ID card operators and users to the risk of fraud.
The DPA Countermeasure Validation Program is an integral part of CRI's DPA Countermeasure Licensing Program that protects the security of tamper-resistant smart cards and other devices. Licensed users of CRI's DPA countermeasure technology will be permitted to display the DPA lock logo on devices which pass the rigorous tests, thus indicating to customers that the chip or card enjoys the highest levels of protection.
Historically, as new technologies and applications have come to market, industry has responded with more stringent security requirements. The DPA testing program fills a gap in current card industry testing standards and has been designed to be compatible with the methodologies of Common Criteria, FIPS 140, and payment association evaluation schemes.
Testing will be conducted by a select number of approved independent laboratories, and can be run in conjunction with other evaluations.
Differential Power Analysis (DPA)
DPA is an attack that involves eavesdropping on the fluctuating electrical power consumption of a target device and using advanced statistical methods to derive cryptographic keys and other secret information. DPA attacks are repeatable and inexpensive, so effective countermeasures to DPA are essential to protect keys contained in tamper-resistant devices such as smart cards.
Related links: (Open in a new window.)
www.cryptography.com
Taken from Information Security Bulletin.