Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information.

Slides:

Advertisements

Similar presentations

World Class Standards Security challenges in an Internet of Things RFID and beyond, RFID03_07 Scott CADZOW C3L © C3L All rights reserved Workshop.

Advertisements

Toward Practical Public Key Anti- Counterfeiting for Low-Cost EPC Tags Alex Arbit, Avishai Wool, Yossi Oren, IEEE RFID April

Gone in 360 Seconds: Hijacking with Hitag2

RFID: OPPORTUNITIES and CHALLENGES Yize Chen. History In 1969, Mario Cardullo presented a RFID business plan to investors. The application areas include:

NFC Security What is NFC? NFC Possible Security Attacks. NFC Security Attacks Countermeasures. Conclusion. References.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Time Cost Evaluation for Executing RFID Authentication Protocols Yingjiu Li, Ph.D. Associate Professor School of Information Systems Singapore Management.

Mobile Appliance Security: Concerns and Challenges Mahesh Mamidipaka ICS 259: Seminar in Design Science 1. Securing Mobile Appliances: New Challenges for.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

Yossef Oren, Dvir Schirman, and Avishai Wool: Tel Aviv University ESORICS 2013.

1 Remote Power Analysis of RFID Tags Joint work with Adi Shamir yossi.oren[at]weizmann.ac.il 28/Aug/06.

Anti-counterfeiting via Federated RFID Tags’ Diversities Lei Yang Tsinghua University Pai Peng, Fan Dang, Xiang-Yang Li, Yunhao Liu.

Ruhr University Bochum Cryptography in Heavily Constraint Environments Christof Paar EUROBITS Center for IT Security COmmunication SecuritY (COSY) Group.

Zheming CSCE715.  A wireless sensor network (WSN) ◦ Spatially distributed sensors to monitor physical or environmental conditions, and to cooperatively.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

EMBEDDED RFID IN PRODUCT IDENTIFICATION Tommi Kallonen Jari Porras Lappeenranta University of Technology.

Geneva, Switzerland, September 2014 Lightweight Cryptography for the Connected Car/ITS Security Shiho Moriai Director, Security Fundamentals Laboratory,

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Multidisciplinary Engineering Senior Design Project RFID Garage Door Entry System Preliminary Design Review Team Members: Kenneth Williams,

Abstract Radio-frequency identification (RFID) is an emerging technology, which promises to advance the modern industrial practices in object identification.

R R FID Authentication : M inimizing Tag Computation CHES2006 Rump Session, Yokohama. Japan Ph.D. Jin Kwak Kyushu University, JAPAN

1 An Elliptic Curve Processor Suitable for RFID-Tags L. Batina 1, J. Guajardo 2, T. Kerins 2, N. Mentens 1, P. Tuyls 2 and I. Verbauwhede 1 Katholieke.

Physical-layer Identification of RFID Devices Authors: Boris Danev, Thomas S. Heyde-Benjamin, and Srdjan Capkun Presented by Zhitao Yang 1.

Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.

Be careful, a spy is following you!. 2 Outline – Overview Introduction - What is RFID ? Radio frequency spectrum How does RFID work ? Technical contraints.

ICS-FORTH WISDOM Workpackage 3: New security algorithm design FORTH-ICS The next six months Cork, 29 January 2007.

Radio Frequency Identification By Bhagyesh Lodha Vinit Mahedia Vishnu Saran Mitesh Bhawsar.

Issues in Integrated Circuit Design for UHF RFID Zhihua WANG,Xuguang SUN, Chun ZHANG,Yongming LI Institute of Microelectronics, Tsinghua University,Beijing,100084,P.R.China.

1 A Local and Remote Radio Frequency Identification Learning Environment Andrew Shields & David Butcher Wireless and Mobility Research Group, Institute.

Advanced Network Technologies Division Wireless Communication Technologies Group 3/11/2005GAO Visit 1 RFID-Assisted Indoor Localization and Communication.

Smart Grid Security Challenges Ahmad Alqasim 1. Agenda Problem Statement Power system vs. smart grid Background Information Focus Point Privacy Attack.

Low-Power Wireless Sensor Networks

Low power AES implementations for RFID

EPCglobal Training Suite

Mapping and Localization with RFID Technology Matthai Philipose, Kenneth P Fishkin, Dieter Fox, Dirk Hahnel, Wolfram Burgard Presenter: Aniket Shah.

LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.

H.M.Gamaarachchi (E/10/102) P.B.H.B.B.Ganegoda (E/10/104)

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI/SCA Leuven, BCRYPT.

CS3900 Richard Emerson1 Radio Frequency ID Tags Smart labels that send/receive data via radio waves Usually works like a barcode – contains a product code.

Ignite Presentation: Near Field Communication Harry Yang.

The EM Side-Channel(s) Dakshi Agrawal Bruce Archambeault Josyula R Rao Pankaj Rohatgi IBM.

WEP Protocol Weaknesses and Vulnerabilities

Submitted By: A.Anjaneyulu INTRODUCTION Near Field Communication (NFC) is based on a short-range wireless connectivity, designed for.

Wireless Communication Technologies 1 Phase noise A practical oscillator does not produce a carrier at exactly one frequency, but rather a carrier that.

Accelerating Homomorphic Evaluation on Reconfigurable Hardware Thomas Pöppelmann, Michael Naehrig, Andrew Putnam, Adrian Macias.

Low-Cost Untraceable Authentication Protocols for RFID Yong Ki Lee, Lejla Batina, Dave Singelée, Ingrid Verbauwhede BCRYPT workshop on RFID Security February.

Physical-layer Identification of UHF RFID Tags Authors: Davide Zanetti, Boris Danev and Srdjan Capkun Presented by Zhitao Yang 1.

DPA Countermeasures by Improving the Window Method Kouichi Itoh, Jun Yajima, Masahiko Takenaka and Naoya Torii Workshop on Cryptographic Hardware and Embedded.

Rump Session, CHES 2004August 12, 2004 How to Securely Implement Cryptosystems Against Side-Channel Attacks on General Purpose Cryptographic Hardware Filipe.

An EDA-Friendly Protection Scheme against Side-Channel Attacks Ali Galip Bayrak 1 Nikola Velickovic 1, Francesco Regazzoni 2, David Novo 1, Philip Brisk.

Security Challenges for the Internet of Things Tim Polk Sean Turner March 25, 2011.

Qinghan Xiao, Cam Boulet and Thomas Gibbons Second International Conference on Availability, Reliability and Security, 2007 Speaker : 黃韋綸 RFID Security.

Azam Supervisor : Prof. Raj Jain

Hoda Jannati School of Computer Science

Computer Science Department of University of Virginia  Voltage on a tag Radio Frequency Identification Systems New Ideas and Algorithms Introduction to.

BackPos: Anchor-free Backscatter Positioning for RFID Tags with High Accuracy Tianci Liu, Lei Yang, Qiongzheng Lin, Yi Guo, Yunhao Liu.

Research Unit for Integrated Sensor Systems and Oregano Systems Cern Timing Workshop 2008 Patrick Loschmidt, Georg Gaderer, and Nikolaus Kerö.

Data statistics and transformation revision Michael J. Watts

On the Synthesis of Side-Channel resistant Cryptographic Modules Sorin Alexander Huss Integrated Circuits and Systems Lab Computer Science Department Technische.

3506-D WEST LAKE CENTER DRIVE,

Automatic Application of Power Analysis Countermeasures

Ali Galip Bayrak EPFL, Switzerland June 7th, 2011

Thomas Ulz, Thomas Pieber, Christian Steger1

Security in Networking

Hardware Masking, Revisited

Unknown Input Attacks in the Parallel Setting Improving the Security of the CHES 2012 Leakage Resilient PRF Marcel Medwed François-Xavier Standaert Ventzislav.

High-Level Synthesis for Side-Channel Defense

Channel Estimation in OFDM Systems

Channel Estimation in OFDM Systems

Presentation transcript:

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Thomas Plos Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security , Budapest, Hungary

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 2 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Outline  Motivation  Prevalent countermeasures  Hiding in time dimension  Attacking techniques on hiding  Arguments for using FFT  Conducted attacks  Tag prototypes  Measurement setup  Results  Conclusion

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 3 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Motivation (1)  > 1 billion RFID tags sold in 2006  Movement towards “internet of things”  Current low-cost tags cannot prevent fake products  Enhanced functionality opens field for new applications  Sensors  Actuators  Weakest link of the system determines security  crypto on tags

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 4 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Motivation (2)  It was long believed that strong crypto is unfeasible on passive RFID tags  Meanwhile great effort to bring standardized crypto on low-cost tags  Secure algorithm  secure implementation  Side-channel analysis (SCA) exploits implementation weaknesses  Protection via countermeasures necessary

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 5 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Prevalent Countermeasures  Make power consumption independent of intermediate values  Principally two ‘types’ of countermeasures:  Hiding  In time dimension:  random insertion of dummy cycles  shuffling  In amplitude dimension:  increase noise  reduce signal  Masking  Boolean masking (e.g.  )  Arithmetic masking (e.g. +, *)

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 6 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Hiding in Time Dimension  Highly suitable for low-resource devices like RFID tags  Mainly effects control logic  Cost efficient in terms of hardware  Time is not a critical parameter in RFID due to rather low data rates in protocols  Using the example of AES: Dummy operationsByte shuffling

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 7 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Attacking Techniques on Hiding  Filtering (amplitude dimension)  Attenuation of disturbing signals  Requires knowledge of wanted signal/disturbing signal  Integration techniques (time dimension)  Summing up “specific points” defined by a comb or a window  Requires knowledge of “specific points”  Identification of parameters for filtering/integration techniques could be challenging  Can FFT help us?

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 8 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Arguments for Using FFT  FFT is time-shift invariant  Efficiency of randomization is diminished  Influence of misaligned traces during measurements is reduced  Filtering of disturbing signals not necessary (e.g. carrier signal of RFID reader)  Differential Frequency Analysis (DFA) first mentioned by C. Gebotys (CHES 2005)

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 9 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Conducted Attacks  Analysis of RFID devices (HF and UHF)  Current low-cost RFID tags do not contain strong crypto + randomization  Using self-made tag prototypes  Integration of 128-bit AES with randomization  Comparing DEMA with DFA  Disturbing carrier signal: DEMA + filteringvs.DFA  Disturbing carrier signal + randomization of AES: DEMA + filtering + windowingvs. DFA

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 10 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Tag Prototypes  HF tag prototype  13.56MHz  ISO14443-A  Semi passive  UHF tag prototype  868MHz  ISO C  Semi passive

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 11 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Measurement Setup

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 12 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (1)  HF tag prototype  Disturbing MHz carrier signal DEMA + filtering DFA

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 13 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (2)  UHF tag prototype  Disturbing 868 MHz carrier signal DEMA + filtering DFA

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 14 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (3)  HF tag prototype  Disturbing MHz carrier signal + randomization of AES enabled DEMA + filtering + windowing DFA

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 15 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (4)  UHF tag prototype  Disturbing 868 MHz carrier signal + randomization of AES enabled DEMA + filtering + windowing DFA

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 16 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Conclusion  Evaluation of SCA pre-processing techniques on RFID devices using hiding in time domain  HF and UHF RFID-tag prototypes implementing 128-bit AES with randomization  DEMA + filtering (+windowing) vs. DFA  All attacks successful  DFA offers good results without further knowledge about implementation  Hiding alone as countermeasure for RFID tags not sufficient

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 17 TU Graz/Computer Science/IAIK/VLSI Thomas Plos