Although simple, it requires implementation effort: physical access to the computer is needed in order to measure and "log" (write a historical information file) such voltage and current variations in the CPU during thousands of operations. However, in recent years we have seen tiny devices that can be placed inside computers without arousing any suspicion and take care of this job, even transmitting (via WiFi) the data to a nearby receiver or via a router to an Internet address. This is why it is so difficult to protect oneself properly against this type of attack, which, although specialized, does not require large investments or resources to perform statistical analysis afterwards in order for the attacker to succeed.
Today we see two types of practical power analysis:
However, some measures are quite effective in terms of programming code if we keep this attack in mind. The goal: to try to make the code give no clues that allow us to identify, through electrical consumption, what results are being generated. In this regard, some measures have been taken, both in OBAKE application (during the creation/check of keys) and in the OBAKE-512 algorithm (more often in code):
Even thought we have not performed this attack in practice, we are certain that the above procedures can protect the application and algorithm against this type of attack.
H.C.A. Tilborg et al., "Encyclopedia of Cryptography and Security", H. C. A. v. Tilborg Ed., SpringerScience+Business Media LLC, 2011.
T.S. Messerges, E.A. Dabbish, R.H. Sloan, “Examining smart-card security under the threat of power analysis attacks.” IEEE Transactions on Computers, 51 (5), 2002
T.S. Messerges, “Using Second-order Power analysis to attack DPA resistant software”, Cryptographic Hardware and Embedded Systems—CHES 2000, Lecture Notes in Computer Science, vol. 1965, eds. C¸ .K. Koc¸ and C. Paar. SpringerVerlag, Berlin, 2000
P. Kocher, J. Jaffe, B. Jun, “Differential Power Analysis” Advances in Cryptology—CRYPTO’99, Lecture Notes in Computer Science, vol. 1666, ed. M. Wiener. SpringerVerlag, Berlin, 1999
Study of Power Analysis and the AES - https://pdfs.semanticscholar.org/e8ee/eca036bdbcf17339bf2ea5a292fabd1a6b9b.pdf
Breaking Smartcards using Power Analysis - https://www.cl.cam.ac.uk/~osc22/docs/smartcards.pdf
Rambus DPA Platform - https://www.rambus.com/security/dpa-countermeasures/dpa-workstation-platform/