physical security of smart cards
play

Physical Security of Smart Cards Michael Tunstall University - PowerPoint PPT Presentation

Feb 09, 2023 •203 likes •586 views

Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick March 5, 2008 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 Limerick 1 / 37 Introduction Outline

  1. Physical Security of Smart Cards Michael Tunstall University College Cork, Ireland. Limerick — March 5, 2008 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 1 / 37

  2. Introduction Outline Introduction 1 What is a Smart Card? Why use Smart Cards? Measuring the Power Consumption 2 The Experimental Setup Simple Power Analysis 3 Attacking an Algorithm Attacking an Algorithm Reverse Engineering Differential Power Analysis 4 Correlation Power Analysis Using the Partial Correlation Case Study: The DES block cipher Fault Analysis 5 Case Study: The DES block cipher Countermeasures 6 Other Problems 7 Conclusion 8 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 2 / 37

  3. Introduction What is a Smart Card? What is a Smart Card? Essentially a small computer. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 3 / 37

  4. Introduction Why use Smart Cards? Why use Smart Cards? Tamper resistance. ◮ Storage. ◮ Processing (e.g. authentication/ciphering algorithms). Portability. ◮ Ease of use. ◮ Onboard key generation. ◮ Cost. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 4 / 37

  5. Measuring the Power Consumption Outline Introduction 1 What is a Smart Card? Why use Smart Cards? Measuring the Power Consumption 2 The Experimental Setup Simple Power Analysis 3 Attacking an Algorithm Attacking an Algorithm Reverse Engineering Differential Power Analysis 4 Correlation Power Analysis Using the Partial Correlation Case Study: The DES block cipher Fault Analysis 5 Case Study: The DES block cipher Countermeasures 6 Other Problems 7 Conclusion 8 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 5 / 37

  6. Measuring the Power Consumption The Experimental Setup The Experimental Setup Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 6 / 37

  7. Simple Power Analysis Outline Introduction 1 What is a Smart Card? Why use Smart Cards? Measuring the Power Consumption 2 The Experimental Setup Simple Power Analysis 3 Attacking an Algorithm Attacking an Algorithm Reverse Engineering Differential Power Analysis 4 Correlation Power Analysis Using the Partial Correlation Case Study: The DES block cipher Fault Analysis 5 Case Study: The DES block cipher Countermeasures 6 Other Problems 7 Conclusion 8 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 7 / 37

  8. Simple Power Analysis Simple Power Analysis (SPA) Simple Power Analysis is the analysis of one, or several, power consumption traces to determine what is occurring within a device. SPA will always be specific to one implementation, i.e. a given algorithm on a given device (electrical properties). SPA can be used to: ◮ Determine information on secret/private keys in some instances. ◮ Reverse engineering of algorithms. ⋆ Attacking an implementation of a cryptographic algorithm will involve the reverse engineering of the algorithm used and the key being manipulated. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 8 / 37

  9. Simple Power Analysis Attacking an Algorithm Simple Power Analysis (SPA) If we consider the square and multiply algorithm. Algorithm 1 : The Square and Multiply Algorithm Input : M , d = ( d x , d x − 1 , . . . , d 0 ) 2 , N Output : C = M d mod N R 0 ← 1 R 1 ← M for i ← x to 0 do R 0 ← R 02 mod N if ( d i = 1) then R 0 ← R 0 · R 1 mod N end end return R 0 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 9 / 37

  10. Simple Power Analysis Attacking an Algorithm Simple Power Analysis (SPA) Individual operations can potentially be identified. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 10 / 37

  11. Simple Power Analysis Reverse Engineering Reverse Engineering with SPA For example, cryptographic algorithms can be located in a power consumption trace because of the repeating rounds. In this case an implementation of AES on an ARM microprocessor — Nine identical rounds and a shorter tenth round. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 11 / 37

  12. Simple Power Analysis Reverse Engineering Reverse Engineering with SPA A closer analysis can determine the functions within a round, e.g.: ◮ Two initial permutations to reformat the message and key into a format convenient for calculating. ◮ ByteSub function (a bytewise substitution), MixColumn and key schedule. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 12 / 37

  13. Differential Power Analysis Outline Introduction 1 What is a Smart Card? Why use Smart Cards? Measuring the Power Consumption 2 The Experimental Setup Simple Power Analysis 3 Attacking an Algorithm Attacking an Algorithm Reverse Engineering Differential Power Analysis 4 Correlation Power Analysis Using the Partial Correlation Case Study: The DES block cipher Fault Analysis 5 Case Study: The DES block cipher Countermeasures 6 Other Problems 7 Conclusion 8 Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 13 / 37

  14. Differential Power Analysis Differential Power Analysis A statistical analysis of power consumption traces can be conducted with a series of acquisitions. ◮ Differential Power Analysis is often used as a generic term for any treatment involving more than one trace. A series of acquisitions will result in a series of traces and corresponding messages and ciphertexts. 01 B688EE57BB63E03EC031A0392DC881E6 02 185C881E64D7751A0392DC887509F36F 03 EE2DC88750957B673B63185C881E64E0 . . . . . . Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 14 / 37

  15. Differential Power Analysis Differential Power Analysis Looking closely at superposed traces, small differences can be observed. Where the difference is either: ◮ Proportional to the Hamming weight of the data being manipulated (Hamming weight model). ◮ Proportional to the Hamming weight of the data being manipulated XORed with some unknown constant previous state (Hamming distance model). Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 15 / 37

  16. Differential Power Analysis Correlation Power Analysis Correlation Power Analysis Where a given byte of a message is manipulated can be determined by calculating the correlation between that byte and the instantaneous power consumption. For example correlating the first byte of 1000 random plaintexts enciphered using AES: Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 16 / 37

  17. Differential Power Analysis Correlation Power Analysis Correlation Power Analysis To attack an implementation of a cryptographic algorithm using the correlation, one needs to predict the data being manipulated by the device during the computation of the algorithm. Knowing the secret key the output of one byte of the ByteSub can be computed and a correlation trace generated. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 17 / 37

  18. Differential Power Analysis Correlation Power Analysis Correlation Power Analysis If the key is unknown, all possible key values that affect the first byte ByteSub need to be considered, i.e. one key byte. A correlation trace can be generated for the each possible value of the key byte. ◮ A trace will also be necessary for each previous state if the device conforms to the Hamming distance model. The correct hypothesis should give the largest correlation. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 18 / 37

  19. Differential Power Analysis Using the Partial Correlation Using the Partial Correlation An attacker is obliged to predict a machine word that is being manipulated to be sure of their results. This is prohibitively time consuming for platforms with large word sizes, e.g. 32-bit platforms, FPGA implementations. The partial correlation can be used to determine portions of the data being manipulated to eliminate certain hypotheses. For a hardware DES implementation on a smart card the first 48-bit subkey can be determined by correlating with the 32-bit word produced by the output of the S-boxes (traces donated by Gemalto). Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 19 / 37

  20. Differential Power Analysis Case Study: The DES block cipher Case Study: The DES block cipher The DES round function: ◮ K n is 48-bits. ◮ Reduced to 32-bits after the S-box function. ◮ In hardware the S-box function can be applied to the 48-bits at the same point in time. Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 20 / 37

  21. Differential Power Analysis Case Study: The DES block cipher Case Study: The DES block cipher Michael Tunstall (UCC, Ireland) Physical Security of Smart Cards March 5, 2008 — Limerick 21 / 37

Recommend

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart Cards to NFC Smart Phone Attacks/countermeasures Security Near Field Communication (NFC) Keith Mayes NFC Security Elements

550 views • 8 slides
APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of

APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of

APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of Networks and Security, JKU Linz PhD defense 2 nd of March 2018 14:15-15:45, Science Park 3 Room S3 218 MOTIVATION Trend towards security and

541 views • 28 slides
Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer

Physical Security Attacks and Defenses for Computing Systems Steve Weingart Senior Engineer c1shw@us.ibm.com (561) 392 6100 Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY Physical Security Attacks &

334 views • 8 slides
Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela

Model-Based Security M. Ochoa Verification and Testing for F. Bouquet Smart-Cards J. Bottela E.Fourneret J.Jurjens P. Yousefi ARES 2011 OUTLINE Introduction Background UMLsec Model-based Testing Security in smart-card

356 views • 17 slides
Hardware-based Cryptography Smart cards, YubiKeys & more Karol Babioch Security Engineer

Hardware-based Cryptography Smart cards, YubiKeys & more Karol Babioch Security Engineer

Hardware-based Cryptography Smart cards, YubiKeys & more Karol Babioch Security Engineer kbabioch@suse.de Rationale - Computers running general purpose software can be compromised hacked Offline-access, etc. -

619 views • 26 slides
Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve

The IBM 4758 Secure Cryptographic Coprocessor Hardware Architecture and Physical Security Steve Weingart Senior Engineer (561) 392 6100 c1shw@us.ibm.com Secure Systems and Smart Cards IBM T.J. Watson Research Center Hawthorne, NY 4758 PCI

386 views • 11 slides
Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming

Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming

Gaming & Gaming & Smart Cards Smart Cards Empower Your Vision Gaming Industry Challenges Gaming Industry Challenges Customer Experience Customer Experience Security and Privacy Security and Privacy Integration

544 views • 27 slides
Security-by-Contract for Applications Evolution in Multi-Application Smart Cards Nicola

Security-by-Contract for Applications Evolution in Multi-Application Smart Cards Nicola

DTU Informatics Department of Informatics and Mathematical Modelling Security-by-Contract for Applications Evolution in Multi-Application Smart Cards Nicola Dragoni ndra@imm.dtu.dk http://www2.imm.dtu.dk/~ndra Embedded Systems Engineering

475 views • 35 slides
Supporting Software Evolution for Open Smart Cards by Security-by-Contract Olga Gadyatskaya*

Supporting Software Evolution for Open Smart Cards by Security-by-Contract Olga Gadyatskaya*

Supporting Software Evolution for Open Smart Cards by Security-by-Contract Olga Gadyatskaya* Joint work with F. Massacci*, N. Dragoni + , E. Lostal* *University of Trento (Italy) + Technical University of Denmark (Denmark) NODES Winter School,

355 views • 24 slides
Cyber Security in Smart Grids EE 772 : Smart Grids Prof. S. A. Khaparde Indian Institute of

Cyber Security in Smart Grids EE 772 : Smart Grids Prof. S. A. Khaparde Indian Institute of

Cyber Security in Smart Grids EE 772 : Smart Grids Prof. S. A. Khaparde Indian Institute of Technology Bombay Introduction to Cyber-Physical Systems - Communication between physical devices through a cyber layer - Sensors and Actuators

893 views • 53 slides
Cyber-Physical Systems Security Alvaro A. Crdenas Department of Computer Science University of

Cyber-Physical Systems Security Alvaro A. Crdenas Department of Computer Science University of

Cyber-Physical Systems Security Alvaro A. Crdenas Department of Computer Science University of Texas at Dallas Modernization of our Physical Infrastructures Physical Systems are Being Modernized with New Technologies Smart Smart

601 views • 23 slides
Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high security solutions Rohde & Schwarz SIT GmbH Stuttgart/Germany Dr. Torsten Schtze Workshop on Applied Cryptography Lightweight

595 views • 15 slides
Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility

Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility

Smart and Adaptive Cyber-Physical Systems Chapters 1,2 Cyber-Physical Systems Smart mobility Smart factory Smart grid Smart XX Smart health care Smart city But what does it mean to be smart ?

1.79k views • 102 slides
Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL

Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL

Smart Devices Need Smart People: Learn How to Be Smart! ELIZABETH A EVANS, DUKE DIGITAL INITIATIVE ALYSE ZAVALA, DUKE IT SECURITY OFFICE INTERNET OF THINGS (IoT) u The network of physical devices, smart appliances, vehicles, and other items

88 views • 8 slides
Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&M University (Joint work

Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&M University (Joint work

Cyber-Physical Security for the Smart Grid Deepa Kundur Texas A&M University (Joint work with Shan Liu, Takis Zourntos and Karen Butler-Purry) CYBER SECURITY POWER SYSTEMS DYNAMICAL SYSTEMS 2 A Smarter Grid MARRIAGE OF INFORMATION

1.86k views • 46 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya

Fault enabled viruses against smart cards 1 2 1 Samiya HAMADOUCHE , Jean-Louis LANET , Mohamed MEZGHICHE 1 LIMOSE Laboratory, University

898 views • 36 slides
Smart Grid Cyber Security Deakin University, La Trobe University, RMIT and The University of

Smart Grid Cyber Security Deakin University, La Trobe University, RMIT and The University of

Smart Grid Cyber Security Deakin University, La Trobe University, RMIT and The University of Melbourne Smart Grid Cyber Security The smart power grid is transforming towards a large cyber- physical system. The increased reliance of

397 views • 22 slides
Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus

Smart Cards Smart Cards a(s) a(s) Safety Critical Systems Safety Critical Systems Gemplus Labs Gemplus Labs Pierre.Paradinas Paradinas@ @gemplus gemplus.com .com Pierre. Agenda Agenda Smart Card Technologies Smart Card

358 views • 31 slides
National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO) www.sabteahval.ir/houshmand/ National Organization for Civil Tell: 60902701-2 Fax: 66736526 Registration(NOCR) Agenda 1. Traditional ID

370 views • 23 slides
The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of

The Ins and Outs of Programming Cryptography in Smart Cards . . . and announcing the launch of OpenCard Pascal Paillier CryptoExperts Real World Crypto 2015 Jan 2015 Real World Crypto 2015 Jan 2015 What are Smart Cards? Real World

968 views • 51 slides
Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics,

Carrying certificates around How do you use your [digital] identity? Install your certificate in browser Distributed Systems On-computer keychain file Need there be more? Smart Cards, Biometrics, & CAPTCHA Paul Krzyzanowski

215 views • 5 slides
Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com http://christian.amsuess.com/ 2010-05-06 Overview objective understand smart card communication based on sniffable communication hardware standard card

468 views • 20 slides

More recommend