SPA

Simple Power Analysis

Security
Introduced in Rel-8
A side-channel attack technique that extracts secret information (e.g., cryptographic keys) from a device by analyzing its power consumption patterns during computation. In 3GPP, it is a considered threat model for UICC/USIM cards and network functions, driving requirements for side-channel resistant algorithms.

Description

Simple Power Analysis (SPA) is a cryptographic attack method relevant to 3GPP security, referenced in specifications like 35.205 (MILENAGE), 35.234 (GEA), and 29.198 (Open Service Access). It falls under the broader category of Side-Channel Attacks (SCA), which exploit physical implementation characteristics of a cryptographic system rather than mathematical weaknesses in the algorithm itself. SPA involves directly observing a device's power consumption trace over time while it executes a cryptographic operation, such as a modular exponentiation in RSA or a sequence of operations in AES. Variations in power draw correlate strongly with the sequence of instructions being executed and the data being processed.

In the context of a 3GPP network, the primary targets for SPA are embedded secure elements like the Universal Integrated Circuit Card (UICC) hosting the USIM application, authentication servers (AUC), or hardware security modules performing core cryptographic functions. For example, during the AKA (Authentication and Key Agreement) procedure, the USIM uses a long-term secret key (K) and the MILENAGE algorithm to compute response (RES) and ciphering/integrity keys (CK/IK). If the implementation of MILENAGE or the underlying AES primitive is not SPA-resistant, an attacker with physical access to the card could measure its power consumption during these computations. By analyzing the trace, specifically looking for patterns that differ when processing a '0' bit versus a '1' bit of the secret key or intermediate value, the attacker can statistically deduce the secret key.

The technical process involves collecting a high number of power traces (possibly thousands) for known or chosen input challenges (RAND values in AKA). Sophisticated signal processing and statistical analysis are then applied to these traces to identify data-dependent power variations. SPA is considered 'simple' because it often requires only a single or a few traces if the implementation leaks information clearly through its power profile, such as conditional branches (e.g., if-else statements) whose execution path depends on secret data. 3GPP security specifications acknowledge this threat and mandate or recommend the use of side-channel resistant implementations for cryptographic algorithms used in sensitive network elements, influencing the design and testing of security functions.

Purpose & Motivation

Simple Power Analysis, as a documented threat in 3GPP standards, exists to highlight and mitigate a critical vulnerability in the physical implementation of security protocols. The primary problem it addresses is the gap between theoretical cryptographic strength and practical, real-world security. A cipher like AES-128 is mathematically secure against brute-force attacks, but a naive software or hardware implementation can leak the key through power consumption in seconds, rendering the mathematical security irrelevant. The motivation for including SPA considerations in 3GPP stems from the need to protect the long-term subscriber identity (IMSI) and the root secret key (K) stored on the UICC, which is the cornerstone of mobile network authentication and confidentiality.

Historically, as mobile devices became more powerful and ubiquitous, they also became high-value targets for attackers. The shift to programmable UICCs and more complex USIM applications increased the attack surface. 3GPP, in collaboration with ETSI SCP and other bodies, began to formalize resistance to side-channel attacks as a requirement for security-critical components, particularly from Release 8 onwards with the enhanced security framework for LTE. Specifying SPA as a threat model drives algorithm designers (e.g., of MILENAGE) and implementers (chip manufacturers) to employ countermeasures. These include constant-time execution algorithms (eliminating data-dependent branches), power-balancing logic styles, and masking techniques that randomize intermediate data. By doing so, 3GPP ensures that the security of the entire mobile ecosystem is robust not just in theory, but also against practical physical attacks that could be mounted by a determined adversary with physical access to a device or network card.

Key Features

  • Exploits data-dependent variations in a device's instantaneous power consumption
  • Targets cryptographic implementations in UICC/USIM and network functions
  • Can potentially extract secret keys with a single or few measurement traces
  • Considered in the threat models for 3GPP authentication algorithms (e.g., MILENAGE)
  • Drives requirements for constant-time execution and other hardware/software countermeasures
  • A foundational type of attack within the broader Side-Channel Analysis (SCA) discipline

Evolution Across Releases

Rel-8 Initial

SPA was formally recognized as a relevant security threat model within 3GPP specifications, particularly influencing the design and evaluation criteria for cryptographic algorithms used in USIM applications and network authentication functions. This led to increased emphasis on side-channel resistant implementations in security testing standards.

TS 26.818TS 29.198TS 35.205TS 35.234TS 35.909TS 35.934TS 35.937

Defining Specifications

SpecificationTitle
TS 26.818 3GPP TS 26.818
TS 29.198 3GPP TS 29.198
TS 35.205 3GPP TR 35.205
TS 35.234 3GPP TR 35.234
TS 35.909 3GPP TR 35.909
TS 35.934 3GPP TR 35.934
TS 35.937 3GPP TR 35.937