Security systems expert Cryptography Research introduces new testing program to evaluate smart card security
Cryptography Research, Inc. will be exhibiting at Cartes, booth# 3 E 074, November 15 – 17, 2005 in Villepinte (Paris). The company is giving two technical presentations: “Protection, security and privacy in contactless deployments”, scheduled November 16, 2005 at 3:00p.m in C10.; and “Evaluation of smart cards against side channel attacks” on November 17, 2005, at 10:00a.m. in C22
SAN FRANCISCO, Calif., November 9, 2005 – Cryptography Research, Inc. (CRI), a worldwide leader in security systems, today announced the launch of the ‘DPA Countermeasure Validation Program’, a new testing suite to evaluate smart card protection against Differential Power Analysis (DPA) attacks. A DPA attack can reveal keys and other sensitive information stored on a chip, thereby exposing payment card or ID card operators and users to the risk of fraud.
The DPA Countermeasure Validation Program is an integral part of CRI’s DPA Countermeasure Licensing Program that protects the security of tamper-resistant smart cards and other devices. Licensed users of CRI’s DPA countermeasure technology will be permitted to display the DPA lock logo on devices which pass the rigorous tests, thus indicating to customers that the chip or card enjoys the highest levels of protection.
“CRI’s new DPA testing program will be of enormous value to customers who really care about security in financial services, pay television, mass transit, secure ID, wireless and other sectors,” said Kit Rodgers, Vice President of Licensing. “The industry has already adopted a number of DPA countermeasures based on CRI technology, and customers need to know that these solutions work and that their devices have been properly secured. We are providing that assurance through our DPA testing program.”
Historically, as new technologies and applications have come to market, industry has responded with more stringent security requirements. The DPA testing program fills a gap in current card industry testing standards and has been designed to be compatible with the methodologies of Common Criteria, FIPS 140, and payment association evaluation schemes.
Testing will be conducted by a select number of approved independent laboratories, and can be run in conjunction with other evaluations. “Independent testing will provide device manufacturers with the assurance that sensitive information is only disclosed to the labs”, says Ken Warren, Smart Card Business Manager. “CRI’s role will be to ensure that tests are conducted with a high degree of quality and consistency, and we expect that only the most capable labs will be approved to conduct the tests.” Testing labs will be able to offer a security rating depending on the level of protection against DPA attacks achieved by the product being evaluated.
Differential Power Analysis (DPA)
DPA is an attack that involves eavesdropping on the fluctuating electrical power consumption of a target device and using advanced statistical methods to derive cryptographic keys and other secret information. DPA attacks are repeatable and inexpensive, so effective countermeasures to DPA are essential to protect keys contained in tamper-resistant devices such as smart cards.
About Cryptography Research, Inc.
Cryptography Research, Inc. provides technology to solve complex security problems. In addition to security evaluation and applied engineering work, CRI is actively involved in long-term research in areas including tamper resistance, content protection, network security and financial services. The company has a broad portfolio of patents covering countermeasures to differential power analysis and other vulnerabilities, and is committed to helping companies produce secure smart cards and other tamper resistant devices.
Security systems designed by Cryptography Research engineers annually protect more than $100 billion of commerce for wireless, telecommunications, financial, digital television and Internet industries. For additional information or to arrange a consultation with a member of the technical staff, please contact Ken Warren at +44 1494 680 602, or visit www.cryptography.com.