New Methods for Cost-Effective SideChannel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper Christof Paar www.crypto.rub.de 01.07.2009
Download
Report
Transcript New Methods for Cost-Effective SideChannel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper Christof Paar www.crypto.rub.de 01.07.2009
New Methods for Cost-Effective SideChannel Attacks on Cryptographic RFIDs
Chair for Embedded Security
Ruhr University Bochum
David Oswald
Timo Kasper
Christof Paar
www.crypto.rub.de
01.07.2009
Motivation
RFID Smartcards
•
•
•
•
Applications: Payment, Access control, ...
Proprietary ciphers: Often insecure
New Generation: 3DES / AES
Mathematically secure
Side Channel Analysis?
Source: Wikimedia Commons
3
01.07.2009
RFID Side Channel Measurement:
Authentication Protocol
Measure EM
?
Reader: Send
protocol value
4
Smartcard:
Encrypt this
value with
3DES
Output:
Success/Failure
01.07.2009
Measurement Setup
Measurement Setup
6
01.07.2009
Measurement Setup
• ISO14443-compatible
• Freely Programmable
• Low Cost (< 40 €)
7
01.07.2009
Measurement Setup
• 1 GS/s, 128 MB Memory
• ± 100 mV
• USB 2.0 Interface
8
01.07.2009
Measurement Setup
Aim: Reduce Carrier Wave Influence
vs.
9
01.07.2009
Carrier Dampening
Aim: Reduce Carrier Wave Influence
vs.
10
01.07.2009
Carrier Dampening
Side-Channel Model (idealised):
=
11
01.07.2009
Carrier Dampening
Side-Channel Model (idealised):
=
12
01.07.2009
Carrier Dampening
13
01.07.2009
Side Channel Analysis
Step 1: Raw measurements
Trace (without analogue filter)
15
01.07.2009
Trace (without analogue filter)
16
01.07.2009
Trace (without analogue filter)
?
17
01.07.2009
Step 2: Analogue filter
Trace (with analogue filter)
19
01.07.2009
Trace (with analogue filter)
20
01.07.2009
Trace (with analogue filter)
?
21
01.07.2009
Step 3: Digital Demodulation
Digital Demodulation
Digital Demodulator
Rectifier
23
Digital
Filter
01.07.2009
Digital Demodulation
24
01.07.2009
Digital Demodulation
?!
25
01.07.2009
Step 4: Alignment
Alignment
Pick Reference
Pattern
27
01.07.2009
Alignment
Pick Reference
Pattern
28
01.07.2009
Alignment
29
01.07.2009
Alignment
Varies for identical
Plaintext
30
01.07.2009
Step 5: Location of 3DES
Data Bus
Locate Plain- &
Ciphertext Transfer
32
01.07.2009
Data Bus DPA: Plaintext
8 Bit
Hamming Weight
33
01.07.2009
Data Bus DPA: Ciphertext
8 Bit
Hamming Weight
34
01.07.2009
Trace Overview
... Other processing
35
Plaintext
3DES
Ciphertext
01.07.2009
Assumptions
?!
C
36
!
3DES ?
01.07.2009
Step 6: Attack
3DES Engine DPA
• 3DES located
• Power Model:
Hamming distance R0 R1,
4 Bit (S-Box output)
C
38
3DES
?!
01.07.2009
3DES-Engine DPA
But:
Only for S-Box 1 & 3
39
01.07.2009
3DES Engine DPA: Peak Extraction
40
01.07.2009
3DES Engine DPA: Peak Extraction
41
01.07.2009
3DES Engine DPA: Binwise
42
01.07.2009
3DES Engine DPA: Binwise
Apply DPA
binwise
43
01.07.2009
3DES Engine DPA: Binwise Correlation
Correct Key for
4 of 8 S-Boxes
44
01.07.2009
Conclusion
Results
•
•
•
•
46
Real World Device
Black Box Analysis
Low Cost
Key Recovery
01.07.2009
Summary
•
•
•
•
47
Measurement Setup built
Profiling done
Data Bus revealed
Correct Subkey for 4/8 S-Boxes found
01.07.2009
Future Work
• Improve
– More traces
– Equipment
• Extend
– Other RFID smartcards
• Remote Attacks
48
01.07.2009
Thank you for your attention!
Questions?
Chair for Embedded Security
Timo Kasper
David Oswald
Christof Paar
www.crypto.rub.de
[email protected]
[email protected]
[email protected]