Presentation is loading. Please wait.

Presentation is loading. Please wait.

Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.

Published byMayra Maddox Modified over 10 years ago

Similar presentations

Presentation on theme: "Smart Card security analysis Smart Card security analysis Marc Witteman, TNO."— Presentation transcript:

1

2 Smart Card security analysis Smart Card security analysis Marc Witteman, TNO

3 Do we need smart card security?

4 What are the threats ? disclosure Confidentiality:unauthorized disclosure of information sender receiver modification Integrity:unauthorized modification of information Authenticity:unauthorized use of service

5 Whats inside a smart card ? CPU RAM test logic ROM EEPROM serial i/o interface security logic databus

6 Smart card security evaluations logical analysis: software internal analysis: hardware side channel analysis: both hw and sw

7 Logical analysis Communication Functional testing Protocol analysis Code review

8 InternalAnalysis

9 Internal analysis tools Etching tools Optical microscope Probe stations Laser cutters Scanning Electron Microscope Focussed Ion Beam System and more…….

10 Reverse engineering

11 Staining of ion implant ROM array

12 Sub micron probe station

13 Probing with eight needles

14 FIB: fuse repair

15 Side channel analysis Use of hidden signals –timing –power consumption –electromagnetic emission –etc.. Insertion of signals –power glitches –electromagnetic pulses

16 Power consumption in clock cycle peak slope time I ddq area shape

17 Power consumption in routines

18 Power consumption in programs

19 Timing attack on RSA RSA principle: –Key set e,d,n –Encipherment: C = M e mod n –Decipherment: M = C d mod n RSA-implementation (binary exponentiation) –M := 1 –For i from t down to 0 do: M := M * M If d i = 1, then M := M*C

20 Timing Attack on RSA (2) 1000111

21 Differential Power Analysis Assume power consumption relates to hamming weight of data Subtract traces with high and low hamming weight Resulting trace shows hamming weight and data manipulation

22 Fault injection on smart cards Change a value read from memory to another value by manipulating the supply power: Threshold of read value A power dip at the moment of reading a memory cell

23 Differential Fault Analysis on RSA Efficient implementation splits exponentiation: d p = d mod (p-1) d q = d mod (q-1) K = p -1 mod q M p = C d p mod p M q = C d q mod q M = C d mod n = ( ( (M q - M p )*K ) mod q ) * p + M p

24 DFA on CRT Inject a fault during CRT that corrupts M q : M q is a corrupted result of M q computation M = ( ( (M q - M p )*K ) mod q ) * p + M p subtract M and M: M - M = (((M q - M p )*K) mod q)*p - (((M q - M p )*K) mod q)*p = (x 1 -x 2 )*p compute Gcd( M-M, n ) = Gcd( (x 1 -x 2 )*p, p*q ) = p compute q = n / p

25 Conclusions Smart cards can be broken by advanced analysis techniques. Users of security systems should think about: –What is the value of our secrets? –What are the risks (e.g. fraud, eavesdropping) –What are the costs and benefits of fraud? Perfect security does not exist!

26 For information: TNO Evaluation Centre Marc Witteman PO-Box 5013 2600 GA Delft, The Netherlands Phone:+31 15 269 2375 Fax:+31 15 269 2111 E-mail:witteman@tpd.tno.nl E-mail:eib@tpd.tno.nl

Download ppt "Smart Card security analysis Smart Card security analysis Marc Witteman, TNO."

Similar presentations

Everything you always wanted to know about Smart Cards... Marc Witteman November 2001.

Everything you always wanted to know about Smart Cards... Marc Witteman November 2001.
Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology.

Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology.
Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved Plug-in B3 HARDWARE & SOFTWARE.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved Plug-in B3 HARDWARE & SOFTWARE.
Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.

Technical Issues Regarding Near Field Communication Group 16 Tyler Swofford Matthew Kotan.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.
Mobile Appliance Security: Concerns and Challenges Mahesh Mamidipaka ICS 259: Seminar in Design Science 1. Securing Mobile Appliances: New Challenges for.

Mobile Appliance Security: Concerns and Challenges Mahesh Mamidipaka ICS 259: Seminar in Design Science 1. Securing Mobile Appliances: New Challenges for.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.

September 10, 2012Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
FIRST COURSE Essential Computer Concepts. XP New Perspectives on Microsoft Office 2007: Windows XP Edition2 Objectives Compare the types of computers.

FIRST COURSE Essential Computer Concepts. XP New Perspectives on Microsoft Office 2007: Windows XP Edition2 Objectives Compare the types of computers.
Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka 2011.2.10

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka
IS Network and Telecommunications Risks

IS Network and Telecommunications Risks
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?

Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Introduction to Microprocessors Number Systems and Conversions No. 1-1 9/6/00 Chapter 1: Introduction to 68HC11 The 68HC11 Microcontroller.

Introduction to Microprocessors Number Systems and Conversions No /6/00 Chapter 1: Introduction to 68HC11 The 68HC11 Microcontroller.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Similar presentations

Ads by Google