Katholieke Universiteit Leuven
Atmel CryptoMemory devices offer non-volatile memory with access control and authenticated encryption. They are used in commercial and military applications e.g. to prevent counterfeiting, to store secrets such as biometric data and cryptographic keys, and in electronic payment systems. Atmel advertises the devices as \"Secure against all the most sophisticated attacks, including physical attacks\". The authors developed a successful power analysis attack on the authentication step of CryptoMemory devices. Despite the physical security claims by Atmel they found that the devices are not protected against power analysis attacks, except for counters that limit the number of (failed) authentication attempts, and thus power traces, to at most three.