Smart Card security analysis Marc Witteman, TNO - PowerPoint PPT Presentation

Loading...

PPT – Smart Card security analysis Marc Witteman, TNO PowerPoint presentation | free to view - id: e2643-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Smart Card security analysis Marc Witteman, TNO

Description:

1. 1. 1. Differential Power Analysis. Assume power consumption relates to hamming weight of data ... Smart cards can be broken by advanced analysis techniques. ... – PowerPoint PPT presentation

Number of Views:121
Avg rating:3.0/5.0
Slides: 26
Provided by: win4
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Smart Card security analysis Marc Witteman, TNO


1
Smart Card security analysis Marc Witteman, TNO
2
Do we need smart card security?
3
What are the threats ?
receiver
sender
Confidentiality unauthorized disclosure of
information
Integrity unauthorized modification of
information
Authenticity unauthorized use of service
4
Whats inside a smart card ?
5
Smart card security evaluations
  • logical analysis software
  • internal analysis hardware
  • side channel analysis both hw and sw

6
Logical analysis
Communication
  • Functional testing
  • Protocol analysis
  • Code review

7
Internal Analysis
8
Internal analysis tools
  • Etching tools
  • Optical microscope
  • Probe stations
  • Laser cutters
  • Scanning Electron Microscope
  • Focussed Ion Beam System
  • and more.

9
Reverse engineering
10
Staining of ion implant ROM array
11
Sub micron probe station
12
Probing with eight needles
13
FIB fuse repair
14
Side channel analysis
  • Use of hidden signals
  • timing
  • power consumption
  • electromagnetic emission
  • etc..
  • Insertion of signals
  • power glitches
  • electromagnetic pulses

15
Power consumption in clock cycle
peak
shape
slope
Iddq
area
time
16
Power consumption in routines
17
Power consumption in programs
18
Timing attack on RSA
  • RSA principle
  • Key set e,d,n
  • Encipherment C Me mod n
  • Decipherment M Cd mod n
  • RSA-implementation (binary exponentiation)
  • M 1
  • For i from t down to 0 do
  • M M M
  • If di 1, then M MC

19
Timing Attack on RSA (2)
1
0
0
0
1
1
1
20
Differential Power Analysis
  • Assume power consumption relates to hamming
    weight of data
  • Subtract traces with high and low hamming weight
  • Resulting trace shows hamming weight and data
    manipulation

21
Fault injection on smart cards
  • Change a value read from memory to another value
    by manipulating the supply power

Threshold of read value
A power dip at the moment of reading a memory
cell
22
Differential Fault Analysis on RSA
  • Efficient implementation splits exponentiation
  • dp d mod (p-1)
  • dq d mod (q-1)
  • K p-1 mod q
  • Mp Cdp mod p
  • Mq Cdq mod q
  • M Cd mod n ( ( (Mq - Mp)K ) mod q ) p Mp

23
DFA on CRT
  • Inject a fault during CRT that corrupts Mq
  • Mq is a corrupted result of Mq computation
  • M ( ( (Mq - Mp)K ) mod q ) p Mp
  • subtract M and M
  • M - M (((Mq - Mp)K) mod q)p - (((Mq -
    Mp)K) mod q)p
  • (x1-x2)p
  • compute Gcd( M-M, n ) Gcd( (x1-x2)p, pq )
    p
  • compute q n / p

24
Conclusions
  • Smart cards can be broken by advanced analysis
    techniques.
  • Users of security systems should think about
  • What is the value of our secrets?
  • What are the risks (e.g. fraud, eavesdropping)
  • What are the costs and benefits of fraud?
  • Perfect security does not exist!

25
For information
  • TNO Evaluation Centre
  • Marc Witteman
  • PO-Box 5013
  • 2600 GA Delft, The Netherlands
  • Phone 31 15 269 2375
  • Fax 31 15 269 2111
  • E-mail witteman_at_tpd.tno.nl
  • E-mail eib_at_tpd.tno.nl
About PowerShow.com