Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper.

Published byDina Wilkerson Modified over 8 years ago

Similar presentations

Presentation on theme: "New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper."— Presentation transcript:

1 New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper Christof Paar www.crypto.rub.de 01.07.2009

2 Motivation

3 RFID Smartcards Applications: Payment, Access control,... Proprietary ciphers: Often insecure New Generation: 3DES / AES Mathematically secure  Side Channel Analysis? 01.07.2009 3 Source: Wikimedia Commons

4 RFID Side Channel Measurement: Authentication Protocol 01.07.2009 4 ? Reader: Send protocol value Smartcard: Encrypt this value with 3DES Output: Success/Failure Measure EM

5 Measurement Setup

6 01.07.2009 6

7 Measurement Setup ISO14443-compatible Freely Programmable Low Cost (< 40 €) 01.07.2009 7

8 Measurement Setup 1 GS/s, 128 MB Memory ± 100 mV USB 2.0 Interface 01.07.2009 8

9 Measurement Setup 01.07.2009 9 Aim: Reduce Carrier Wave Influence vs.

10 Carrier Dampening 01.07.2009 10 Aim: Reduce Carrier Wave Influence vs.

11 Carrier Dampening Side-Channel Model (idealised):  = 01.07.2009 11

12 Carrier Dampening Side-Channel Model (idealised): = 01.07.2009 12

13 Carrier Dampening 01.07.2009 13

14 Side Channel Analysis Step 1: Raw measurements

15 Trace (without analogue filter) 01.07.2009 15

16 Trace (without analogue filter) 01.07.2009 16

17 Trace (without analogue filter) 01.07.2009 17 ?

18 Step 2: Analogue filter

19 Trace (with analogue filter) 01.07.2009 19

20 Trace (with analogue filter) 01.07.2009 20

21 Trace (with analogue filter) 01.07.2009 21 ?

22 Step 3: Digital Demodulation

23 Digital Demodulation Rectifier Digital Filter Digital Demodulator 01.07.2009 23

24 Digital Demodulation 01.07.2009 24

25 Digital Demodulation 01.07.2009 25 ?!

26 Step 4: Alignment

27 Alignment Pick Reference Pattern 01.07.2009 27

28 Alignment Pick Reference Pattern 01.07.2009 28

29 Alignment 01.07.2009 29

30 Alignment 01.07.2009 30 Varies for identical Plaintext

31 Step 5: Location of 3DES

32 Data Bus Locate Plain- & Ciphertext Transfer 01.07.2009 32

33 Data Bus DPA: Plaintext 01.07.2009 33 8 Bit Hamming Weight

34 Data Bus DPA: Ciphertext 01.07.2009 34 8 Bit Hamming Weight

35 Trace Overview 01.07.2009 35 PlaintextCiphertext3DES... Other processing

36 Assumptions 01.07.2009 36 ?! CC CC 3DES

37 Step 6: Attack

38 3DES Engine DPA 3DES located Power Model: Hamming distance R0  R1, 4 Bit (S-Box output) 01.07.2009 38 ? ! CC CC 3DES

39 3DES-Engine DPA But: Only for S-Box 1 & 3 01.07.2009 39

40 3DES Engine DPA: Peak Extraction 01.07.2009 40

41 3DES Engine DPA: Peak Extraction 01.07.2009 41

42 3DES Engine DPA: Binwise 01.07.2009 42

43 3DES Engine DPA: Binwise 01.07.2009 43 Apply DPA binwise

44 3DES Engine DPA: Binwise Correlation Correct Key for 4 of 8 S-Boxes 01.07.2009 44

45 Conclusion

46 Results Real World Device Black Box Analysis Low Cost Key Recovery 01.07.2009 46

47 Summary Measurement Setup built Profiling done Data Bus revealed Correct Subkey for 4/8 S-Boxes found 01.07.2009 47

48 Future Work Improve –More traces –Equipment Extend –Other RFID smartcards Remote Attacks 01.07.2009 48

49 Thank you for your attention! Questions? Chair for Embedded Security Timo Kasper David Oswald Christof Paar www.crypto.rub.de timo.kasper@rub.de david.oswald@rub.de cpaar@crypto.rub.de

Download ppt "New Methods for Cost-Effective Side- Channel Attacks on Cryptographic RFIDs Chair for Embedded Security Ruhr University Bochum David Oswald Timo Kasper."

Similar presentations

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
Gone in 360 Seconds: Hijacking with Hitag2

Gone in 360 Seconds: Hijacking with Hitag2
Information Security – Theory vs. Reality 0368-4474-01, Winter 2011 Guest Lecturer: Yossi Oren 1.

Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.
GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.

GSM network and its privacy Thomas Stockinger. Overview Why privacy and security? GSM network‘s fundamentals Basic communication Authentication Key generation.
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity 1.

Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity 1.
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.

Timo Kasper Crete, Greece May 10, 2007 An Embedded System for Practical Security Analysis of Contactless Smartcards Timo Kasper, Dario Carluccio and Christof.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS 2012- Singapore.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu

Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Secure Systems Design Ramesh Karri Office Hours: Tues/Wed/Thurs: 12:00- 1:30 in LC 001

Secure Systems Design Ramesh Karri Office Hours: Tues/Wed/Thurs: 12:00- 1:30 in LC 001
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
ICS 454: Principles of Cryptography

ICS 454: Principles of Cryptography

Similar presentations

Ads by Google