[Cryptech Tech] Alpha board block diagram v0.001

Павел Шатов meisterpaul1 at yandex.ru
Sun Mar 22 18:04:12 UTC 2015

Previous message (by thread): [Cryptech Tech] Alpha board block diagram v0.001
Next message (by thread): [Cryptech Tech] Alpha board block diagram v0.001
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 22.03.2015 17:41, Peter Gutmann wrote:
>
>> My feedback is below.
>>
>> 1. Power Supply
>
> While we're on the subject of power supplies: You cannot have too much power
> conditioning on the HSM's power input, both to prevent stuff coming in (glitch
> attacks) and to prevent anything getting out (DPA and the like).  About 15
> years ago when the first DPA attacks were being published, one particular
> product was totally immune to them.  I talked to one of their hardware guys
> and his comment was "we just used good engineering practice to make sure the
> power quality was good, the DPA (and everything else) resistance came for
> free".

Peter, what does "totally immune" to DPA mean? All digital devices 
contain transistors. These transistors will be constantly switching as 
long as given device is operating. Current consumption will inevitably 
vary with time because of that. There's nothing you can do about it. 
Most probably in a poorly designed board with inadequate decoupling 
these changes will have higher magnitude (easier to monitor). In a 
properly designed board these changes will have smaller magnitude. In 
the latter case attackers will just buy more expensive instruments with 
better sensitivity to detect these changes.

> I don't know too much about power supply engineering, but lots of filtering,
> over- and under-voltage protection (perhaps a DC/DC converter so no matter
> what rubbish comes in, you get 12DVC out, or more likely 3.3VDC or similar
> out), and then more filtering on the other side as well?  You also need to
> figure out a schedule for glitches, say < 10ms = ride it out, >= 10 ms then
> the electronics can run for another 100ms from stored power (to do a clean
> shutdown) but you then have to do a cold restart rather than trying to
> continue.

12V is supposed to be the primary power supply rail. Since digital logic 
requires 5V, 3.3V, etc, we will need several DC/DC converters in Alpha 
for secondary power rails. If you want to have under- and over-voltage 
lockouts, then a dedicated voltage monitor should be used. It can 
generate reset signal when input voltage goes out of allowed limits. 
This reset signal can be used to trigger MKM erasure, for example.

--
With best regards,
Pavel Shatov

Previous message (by thread): [Cryptech Tech] Alpha board block diagram v0.001
Next message (by thread): [Cryptech Tech] Alpha board block diagram v0.001
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list