New Methods for Cost-Effective SideChannel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper Christof Paar www.crypto.rub.de 01.07.2009
Download ReportTranscript New Methods for Cost-Effective SideChannel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper Christof Paar www.crypto.rub.de 01.07.2009
New Methods for Cost-Effective SideChannel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper Christof Paar www.crypto.rub.de 01.07.2009 Motivation RFID Smartcards • • • • Applications: Payment, Access control, ... Proprietary ciphers: Often insecure New Generation: 3DES / AES Mathematically secure Side Channel Analysis? Source: Wikimedia Commons 3 01.07.2009 RFID Side Channel Measurement: Authentication Protocol Measure EM ? Reader: Send protocol value 4 Smartcard: Encrypt this value with 3DES Output: Success/Failure 01.07.2009 Measurement Setup Measurement Setup 6 01.07.2009 Measurement Setup • ISO14443-compatible • Freely Programmable • Low Cost (< 40 €) 7 01.07.2009 Measurement Setup • 1 GS/s, 128 MB Memory • ± 100 mV • USB 2.0 Interface 8 01.07.2009 Measurement Setup Aim: Reduce Carrier Wave Influence vs. 9 01.07.2009 Carrier Dampening Aim: Reduce Carrier Wave Influence vs. 10 01.07.2009 Carrier Dampening Side-Channel Model (idealised): = 11 01.07.2009 Carrier Dampening Side-Channel Model (idealised): = 12 01.07.2009 Carrier Dampening 13 01.07.2009 Side Channel Analysis Step 1: Raw measurements Trace (without analogue filter) 15 01.07.2009 Trace (without analogue filter) 16 01.07.2009 Trace (without analogue filter) ? 17 01.07.2009 Step 2: Analogue filter Trace (with analogue filter) 19 01.07.2009 Trace (with analogue filter) 20 01.07.2009 Trace (with analogue filter) ? 21 01.07.2009 Step 3: Digital Demodulation Digital Demodulation Digital Demodulator Rectifier 23 Digital Filter 01.07.2009 Digital Demodulation 24 01.07.2009 Digital Demodulation ?! 25 01.07.2009 Step 4: Alignment Alignment Pick Reference Pattern 27 01.07.2009 Alignment Pick Reference Pattern 28 01.07.2009 Alignment 29 01.07.2009 Alignment Varies for identical Plaintext 30 01.07.2009 Step 5: Location of 3DES Data Bus Locate Plain- & Ciphertext Transfer 32 01.07.2009 Data Bus DPA: Plaintext 8 Bit Hamming Weight 33 01.07.2009 Data Bus DPA: Ciphertext 8 Bit Hamming Weight 34 01.07.2009 Trace Overview ... Other processing 35 Plaintext 3DES Ciphertext 01.07.2009 Assumptions ?! C 36 ! 3DES ? 01.07.2009 Step 6: Attack 3DES Engine DPA • 3DES located • Power Model: Hamming distance R0 R1, 4 Bit (S-Box output) C 38 3DES ?! 01.07.2009 3DES-Engine DPA But: Only for S-Box 1 & 3 39 01.07.2009 3DES Engine DPA: Peak Extraction 40 01.07.2009 3DES Engine DPA: Peak Extraction 41 01.07.2009 3DES Engine DPA: Binwise 42 01.07.2009 3DES Engine DPA: Binwise Apply DPA binwise 43 01.07.2009 3DES Engine DPA: Binwise Correlation Correct Key for 4 of 8 S-Boxes 44 01.07.2009 Conclusion Results • • • • 46 Real World Device Black Box Analysis Low Cost Key Recovery 01.07.2009 Summary • • • • 47 Measurement Setup built Profiling done Data Bus revealed Correct Subkey for 4/8 S-Boxes found 01.07.2009 Future Work • Improve – More traces – Equipment • Extend – Other RFID smartcards • Remote Attacks 48 01.07.2009 Thank you for your attention! Questions? Chair for Embedded Security Timo Kasper David Oswald Christof Paar www.crypto.rub.de [email protected] [email protected] [email protected]