A template attack against Verify PIN algorithms Hélène Le Bouder, Thierno Barry, Damien Couroussé, Jean-Louis Lanet and Ronan Lashermes July 27th 2016 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 1/23
Introduction Verify PIN algorithm Attack Results Conclusion Personal Identification Number (PIN) codes. Used to authenticate the user, in payment cards or SIM cards... Targets of choice for malicious adversaries. A limited number of trials. A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 2/23
Introduction Verify PIN algorithm Attack Results Conclusion Personal Identification Number (PIN) codes. Used to authenticate the user, in payment cards or SIM cards... Targets of choice for malicious adversaries. A limited number of trials. Side Channel Analysis (SCA) SCA consists in observing some physical characteristics which are modified during the computation performed on the circuit. Most classic leakages are: timing, power consumption, electromagnetic emissions (EM) ... The main difficulty of the attack is to succeed with very few traces. Template attack is a kind of SCA, based on characterization. A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 2/23
Introduction Verify PIN algorithm Attack Results Conclusion Introduction 1 Verify PIN algorithm 2 Attack 3 Profiling phase Attack phase Results 4 Test bench General results Final attack Conclusion 5 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 3/23
Introduction Verify PIN algorithm Attack Results Conclusion Introduction 1 Verify PIN algorithm 2 Attack 3 Profiling phase Attack phase Results 4 Test bench General results Final attack Conclusion 5 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 4/23
Introduction Verify PIN algorithm Attack Results Conclusion Verify PIN algorithm 1: procedure V ERIFY PIN(candidate PIN V ) counter = counter − 1 2: PIN code is an array of m if counter > 0 then 3: bytes. status = C OMPARISON ( U , V ) 4: status 2 = C OMPARISON ( U , V ) 5: True PIN : U , if status � = status 2 then 6: ERROR, device is blocked 7: Candidate PIN : V , else 8: if status = TRUE then ] m . 9: U ∈ [ [ 0 , 9 ] counter initialized at original value. 10: 10 m different PIN codes. end if 11: end if 12: Countermeasure against else 13: fault attack: compare U device is blocked 14: end if 15: and V twice. return status 16: 17: end procedure A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 5/23
Introduction Verify PIN algorithm Attack Results Conclusion Comparison of two PIN codes 1: procedure C OMPARISON (candidate PIN V , true PIN U ) status = FALSE 2: diff = FALSE 3: fake = FALSE 4: for b = 0 to m do 5: if U b � = V b then 6: diff = TRUE 7: else 8: fake = TRUE 9: end if 10: if ( b = m ) and ( diff = FALSE ) then 11: status = TRUE 12: else 13: fake = TRUE 14: end if 15: end for 16: return status 17: 18: end procedure Countermeasure against timing attack: comparison between U and V has to be in a constant time. A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 6/23
Introduction Verify PIN algorithm Attack Results Conclusion Introduction 1 Verify PIN algorithm 2 Attack 3 Profiling phase Attack phase Results 4 Test bench General results Final attack Conclusion 5 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 7/23
Introduction Verify PIN algorithm Attack Results Conclusion A template attack 2 phases 1 profiling phase, 2 attack phase. The attacker can : obtain one trace on the targeted device; change the True PIN in her profiling device; obtain many traces on her profiling device. A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 8/23
Introduction Verify PIN algorithm Attack Results Conclusion Profiling phase Introduction 1 Verify PIN algorithm 2 Attack 3 Profiling phase Attack phase Results 4 Test bench General results Final attack Conclusion 5 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 9/23
Introduction Verify PIN algorithm Attack Results Conclusion Profiling phase On the profiling device Step 1: Campaign on the profiling device Campaign is for one given byte b . The byte U b of the True PIN takes all values k in [ [ 0 , 9 ] ] and the other bytes stay to zero. Bytes of Candidate PIN V are fixed to a chosen value v . � � For each ( k , v ) collect many traces: M v , k = xk ( i , j ) , i for trace, j for time. A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 10/23
Introduction Verify PIN algorithm Attack Results Conclusion Profiling phase On the profiling device Step 1: Campaign on the profiling device Campaign is for one given byte b . The byte U b of the True PIN takes all values k in [ [ 0 , 9 ] ] and the other bytes stay to zero. Bytes of Candidate PIN V are fixed to a chosen value v . � � For each ( k , v ) collect many traces: M v , k = xk ( i , j ) , i for trace, j for time. Step 2: Detection of points of interest. Select the moment of computation of Comparison (relevant j ). A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 10/23
Introduction Verify PIN algorithm Attack Results Conclusion Profiling phase On the profiling device Step 1: Campaign on the profiling device Campaign is for one given byte b . The byte U b of the True PIN takes all values k in [ [ 0 , 9 ] ] and the other bytes stay to zero. Bytes of Candidate PIN V are fixed to a chosen value v . � � For each ( k , v ) collect many traces: M v , k = xk ( i , j ) , i for trace, j for time. Step 2: Detection of points of interest. Select the moment of computation of Comparison (relevant j ). Step 3: Build of templates. Compute the sample covariance matrix S v , k = { sk ( j , j ′ ) } , � t � � � 1 sk ( j , j ′ ) = n − 1 · xk j − xk j xk j ′ − xk j ′ . A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 10/23
Introduction Verify PIN algorithm Attack Results Conclusion Attack phase Introduction 1 Verify PIN algorithm 2 Attack 3 Profiling phase Attack phase Results 4 Test bench General results Final attack Conclusion 5 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 11/23
Introduction Verify PIN algorithm Attack Results Conclusion Attack phase On targeted device Step 4: Campaign on the targeted device True PIN byte U b is unknown , it is the target; Candidate PIN byte V b is equal to v . Trace is a vector T v = { x j } . A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 12/23
Introduction Verify PIN algorithm Attack Results Conclusion Attack phase On targeted device Step 4: Campaign on the targeted device True PIN byte U b is unknown , it is the target; Candidate PIN byte V b is equal to v . Trace is a vector T v = { x j } . Step 5: Confrontation between measurements Confront the trace T v to the template matrix S v , k . General formula in template attack: � t � � � � � � · S − 1 � 1 − 1 F v T v | S v , k , xk = ( 2 π ) p ·| Sv , k | · exp 2 · T v − xk v , k · T v − xk � . A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 12/23
Introduction Verify PIN algorithm Attack Results Conclusion Attack phase On targeted device Step 4: Campaign on the targeted device True PIN byte U b is unknown , it is the target; Candidate PIN byte V b is equal to v . Trace is a vector T v = { x j } . Step 5: Confrontation between measurements Confront the trace T v to the template matrix S v , k . General formula in template attack: � t � � � � � � · S − 1 � 1 − 1 F v T v | S v , k , xk = ( 2 π ) p ·| Sv , k | · exp 2 · T v − xk v , k · T v − xk � . Step 6: Discriminating guesses Return the guess k v for which F v is maximal for a given T v . Rank the guesses k according to the value of F v ( T v , k ) . A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 12/23
Introduction Verify PIN algorithm Attack Results Conclusion Test bench Introduction 1 Verify PIN algorithm 2 Attack 3 Profiling phase Attack phase Results 4 Test bench General results Final attack Conclusion 5 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 13/23
Introduction Verify PIN algorithm Attack Results Conclusion Test bench Picoscope Probe 5. send ”Ok the curves are saved” 3. receive the trigger Target Device EM Probe 4. measurements Control computer UART 2. send candidate PIN 1. send ”Ok ready” A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 14/23
Introduction Verify PIN algorithm Attack Results Conclusion General results Introduction 1 Verify PIN algorithm 2 Attack 3 Profiling phase Attack phase Results 4 Test bench General results Final attack Conclusion 5 A template attack against Verify PIN algorithms Le Bouder et al. July 27th 2016 15/23
Recommend
More recommend