Encryption time should be made independent of the value of the key. This can be accomplished by careful implementation of instructions by making them time-independent. One way of achieving this is to use a look-up table that should take a fixed amount of time for every execution.
Preventing Power attacks can be accomplished in the following ways:
The system must have the hardware architecture designed in such a way that optical probing shouldn’t reveal the state of a bit. A bit should be made as ‘HL’ or ‘LH’ instead of a single ‘H’ or ‘L’.
Random Number and Unique Key Generators
Random number generation forms a formidable task in cryptosystems. To state the truth, no finite machine could ever produce a true random number. Any number generated, which seems to be a random number is called as pseudo-random number. One way of generating pseudo-random numbers is through the use of an algorithm utilizing the linear feedback shift registers. Another concept of generating random numbers is to use a conventional cryptographic algorithm. As input to the cryptographic algorithm, a user-generated number is used and this number is called the seed to the pseudo-random number generator. The seed should be carefully selected to prevent any malicious user from guessing it or reproducing it by any other means. The keys for cryptosystems should be based on random numbers and care must be taken that such numbers pass the random number tests. The unique key generator for the cryptosystem should carefully perform the task of generating the session keys. The longer the session key is in use, the more vulnerable is the cryptosystem to the attacks. The registers that hold the keys should be volatile and the key should be deleted when it is no longer needed.
In the context of smart attacks, the following security issues should be kept in mind while implementing a cryptographic system.
When dealing with cryptosystems, the added issues of security affect all the above metrics. The security issues become the top priority in the metrics to evaluate the system. The difference between a poorly designed and perfectly designed cryptographic system cannot be assessed until an attack is made on both of them. The only way to make the systems more robust is to learn from the previous attacks and explore the weaknesses in the present systems by performing new kinds of attacks. Thus, the ideal way of summarizing this concept is ‘the real security of a system cannot be assessed until it is broken’.