new methods for cost-effective side-channel attacks on cryptographic rfids
DESCRIPTION
New Methods for Cost-Effective Side-Channel Attacks on Cryptographic RFIDs. Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper Christof Paar www.crypto.rub.de 01.07.2009. Motivation. RFID Smartcards. Source: Wikimedia Commons. - PowerPoint PPT PresentationTRANSCRIPT
New Methods for Cost-Effective Side-Channel Attacks on Cryptographic RFIDs
Chair for Embedded SecurityRuhr University BochumDavid OswaldTimo KasperChristof Paarwww.crypto.rub.de
01.07.2009
Motivation
RFID Smartcards
• Applications: Payment, Access control, ...• Proprietary ciphers: Often insecure• New Generation: 3DES / AES• Mathematically secure
Side Channel Analysis?
01.07.20093
Source: Wikimedia Commons
RFID Side Channel Measurement:Authentication Protocol
01.07.20094
??
Reader: Send protocol value
Smartcard: Encrypt this value with
3DES
Output: Success/Failure
Measure EM
Measurement Setup
Measurement Setup
01.07.20096
Measurement Setup• ISO14443-compatible• Freely Programmable• Low Cost (< 40 €)
01.07.20097
Measurement Setup
• 1 GS/s, 128 MB Memory• ± 100 mV• USB 2.0 Interface
01.07.20098
Measurement Setup
01.07.20099
Aim: Reduce Carrier Wave Influence
vs.
Carrier Dampening
01.07.200910
Aim: Reduce Carrier Wave Influence
vs.
Carrier Dampening
Side-Channel Model (idealised):
=
01.07.200911
Carrier Dampening
Side-Channel Model (idealised):
=
01.07.200912
Carrier Dampening
01.07.200913
Side Channel Analysis
Step 1: Raw measurements
Trace (without analogue filter)
01.07.200915
Trace (without analogue filter)
01.07.200916
Trace (without analogue filter)
01.07.200917
??
Step 2: Analogue filter
Trace (with analogue filter)
01.07.200919
Trace (with analogue filter)
01.07.200920
Trace (with analogue filter)
01.07.200921
??
Step 3: Digital Demodulation
Digital Demodulation
Rectifier Digital Filter
Digital Demodulator
01.07.200923
Digital Demodulation
01.07.200924
Digital Demodulation
01.07.200925
?!?!
Step 4: Alignment
Alignment
Pick Reference Pattern
01.07.200927
Alignment
Pick Reference Pattern
01.07.200928
Alignment
01.07.200929
Alignment
01.07.200930
Varies for identical Plaintext
Step 5: Location of 3DES
Data Bus
Locate Plain- & Ciphertext Transfer
01.07.200932
Data Bus DPA: Plaintext
01.07.200933
8 BitHamming Weight
Data Bus DPA: Ciphertext
01.07.200934
8 BitHamming Weight
Trace Overview
01.07.200935
Plaintext Ciphertext3DES... Other processing
Assumptions
01.07.200936
?!?!
?! ?!CC 3DES3DES
Step 6: Attack
3DES Engine DPA
• 3DES located • Power Model:
Hamming distance R0 R1, 4 Bit (S-Box output)
01.07.200938
?! ?!CC 3DES3DES
3DES-Engine DPA
But:Only for S-Box 1 & 3
01.07.200939
3DES Engine DPA: Peak Extraction
01.07.200940
3DES Engine DPA: Peak Extraction
01.07.200941
3DES Engine DPA: Binwise
01.07.200942
3DES Engine DPA: Binwise
01.07.200943
Apply DPA binwise
3DES Engine DPA: Binwise Correlation
Correct Key for 4 of 8 S-Boxes
01.07.200944
Conclusion
Results
• Real World Device • Black Box Analysis• Low Cost• Key Recovery
01.07.200946
Summary
• Measurement Setup built • Profiling done • Data Bus revealed • Correct Subkey for 4/8 S-Boxes found
01.07.200947
Future Work
• Improve– More traces– Equipment
• Extend– Other RFID smartcards
• Remote Attacks
01.07.200948
Thank you for your attention! Questions?
Chair for Embedded SecurityTimo KasperDavid OswaldChristof Paar www.crypto.rub.de