Applying Remote Side-Channel Analysis Attacks on a Security-enabled NFC Tag

Similar documents
Side Channel Analysis and Embedded Systems Impact and Countermeasures

Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives

An Overview of Common Adversary Models

Lecture 5 - CPA security, Pseudorandom functions

Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks

PUF Physical Unclonable Functions

Victor Shoup Avi Rubin. Abstract

Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers

Unknown Plaintext Template Attacks

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc Theoretical Computer Science Konstantinos Vamvourellis

Application of Physical Attacks

Lecture 9 - Message Authentication Codes

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Remotely Keyed Encryption Using Non-Encrypting Smart Cards

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

Key Agreement from Close Secrets over Unsecured Channels Winter 2010

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak

Security in Near Field Communication (NFC)

Information Security Group (ISG) Core Research Areas. The ISG Smart Card Centre. From Smart Cards to NFC Smart Phone Security

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

1 Construction of CCA-secure encryption

RFID Penetration Tests when the truth is stranger than fiction

On Generating the Initial Key in the Bounded-Storage Model

Physical Security: Status and Outlook

SYMMETRIC ENCRYPTION. Mihir Bellare UCSD 1

Using RFID Techniques for a Universal Identification Device

Computational Soundness of Symbolic Security and Implicit Complexity

How To Perform Differential Frequency Analysis (Dfa) On A Powerline (Aes) On An Iphone Or Ipad (Ase) On Microsoft Powerline 2 (Aces) On Pc Or Ipa (Aas)

Paillier Threshold Encryption Toolbox

Limits of Computational Differential Privacy in the Client/Server Setting

What is a Smart Card?

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Mobile and Contactless Payment Security

Lecture Note 8 ATTACKS ON CRYPTOSYSTEMS I. Sourav Mukhopadhyay

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Lecture 9: Application of Cryptography

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Provable-Security Analysis of Authenticated Encryption in Kerberos

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Gemalto Mifare 1K Datasheet

A low-cost Alternative for OAEP

Lightweight Cryptography From an Engineers Perspective

Pertinent Side Channel Attacks on Elliptic Curve Cryptographic Systems

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13

Advanced Cryptography

Introduction Page 4. Inspector SCA Page 6. Inspector FI Page 10. Service & Product support Page 13. Inspector Hardware Matrix Page 14

CPSC 467b: Cryptography and Computer Security

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

Common Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July The OWASP Foundation

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Adversary Modelling 1

All You Can Eat. Breaking a Real-World Contactless Payment System

SECURITY EVALUATION OF ENCRYPTION USING RANDOM NOISE GENERATED BY LCG

Karsten Nohl University of Virginia. Henryk Plötz HU Berlin

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring Nitesh Saxena Polytechnic University

Lecture 11: The Goldreich-Levin Theorem

Reviving smart card analysis

The Misuse of RC4 in Microsoft Word and Excel

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

Network Security Technology Network Management

The Complexity of Online Memory Checking

The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)

Lightweight Cryptography. Lappeenranta University of Technology

Horst Görtz Institute for IT-Security

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Security Analysis for Order Preserving Encryption Schemes

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Proofs in Cryptography

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Security Analysis of DRBG Using HMAC in NIST SP

Secure Semi-Passive RFID Tags Prototype and Analysis

Advancements in Wireless Access-Control Security. By Vivien Delport Director of Applications. And

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

MTAT Cryptology II. Digital Signatures. Sven Laur University of Tartu

Public Key Cryptography: RSA and Lots of Number Theory

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

A Note on the Relay Attacks on e-passports

Cryptography and Network Security Chapter 12

Concrete Security of the Blum-Blum-Shub Pseudorandom Generator

Tor Anonymity Network & Traffic Analysis. Presented by Peter Likarish

Yale University Department of Computer Science

Simulation-Based Security with Inexhaustible Interactive Turing Machines

IMPROVISED SECURITY PROTOCOL USING NEAR FIELD COMMUNICATION IN SMART CARDS

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL

Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Perfectly Secure Password Protocols in the Bounded Retrieval Model

NFC APPLICATIONS IN THE TRACKING SYSTEMS

Security Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012

Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs

A NEW APPROACH FOR COMPLEX ENCRYPTING AND DECRYPTING DATA

Cryptography and Network Security Block Cipher

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

Guaranteed Slowdown, Generalized Encryption Scheme, and Function Sharing

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 7

Cryptography & Network Security

Transcription:

Applying Remote Side-Channel Analysis Attacks on a Security-enabled NFC Tag Thomas Korak Thomas Plos Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Austria. Session ID: Session Classification: CRYP-R32 Advanced

Outline Near Field Communication (NFC) Side-Channel Analysis (SCA) Attacks Remote SCA Attacks Experimental Setup Achieved Results Discussion of Results Conclusion

Basics

Near Field Communication (NFC) Contactless (short range) communication technology NFC functionality in many smartphones (Active) reader communicates with (passive) tag Prerequisites for (passive) tags Small chip size, low cost, low power consumption Adequate level of security (using cryptographic primitives (e.g. AES)) http://www.businessinsider.com http://www.nfcworld.com

Side-Channel Analysis (SCA) Attacks Powerful attacks against cryptographic primitives Measure side-channel information in order to reveal (parts of) a secret What are popular side channels? Small number of attacks on contactless devices in literature Most of them in close proximity Our work: Remote SCA attack on an NFC device

Remote SCA Attacks Measure EM emanation of the chip Distance between chip and measurement probe Reader signal is much stronger than side-channel signal Known solutions Separate chip from antenna (Carluccio et al. [1]) Use analogue demodulation (Kasper et al. [2]) Our approach Strong reader field = carrier for data-dependent signal Parasitic load modulation

Experimental Setup

Main parts Experimental Setup

Experimental Setup Main parts NFC reader, NFC tag (AES with secret key)

Experimental Setup Main parts NFC reader, NFC tag (AES with secret key) Trigger probe

Experimental Setup Main parts NFC reader, NFC tag (AES with secret key) Trigger probe Measurement antenna (self-made, 8cm diameter, 5 windings)

Experimental Setup Main parts NFC reader, NFC tag (AES with secret key) Trigger probe Measurement antenna (self-made, 8cm diameter, 5 windings) Amplifier

Experimental Setup Main parts NFC reader, NFC tag (AES with secret key, key known by us) Trigger probe Measurement antenna (self-made, 8cm diameter, 5 windings) Amplifier

Experimental Setup cont. Trace recording Increase resolution Only measure peaks of the signal Decrease trace size using downsampling Zoom factor (f zoom )

Achieved Results

Achieved Results Influence of distance on peak-to-peak voltage (U pp ) U pp = f(d) RF field 1 d 3 d Measurement antenna NFC reader

Achieved Results cont. Influence of angular offset on peak-to-peak voltage (U pp ) U pp = f(angular offset) 0 Measurement antenna 45 drf field 90 NFC reader

Achieved Results cont. Verification of the parasitic load modulation Two scenarios: Opened and closed chip housing 20 sets each containing 5000 traces at 7 cm distance Calculate mean and standard deviation of correlation values ρ opened = 0.244 σ opened = 0.032 ρ closed = 0.246 σ closed = 0.025

Achieved Results cont. Find best f zoom f zoom = 10% f zoom = 50%

Achieved Results cont. Relationship between correlation coefficient and distance 1 d 3 ρ 1 d 3

Discussion & Conclusion

Discussion Successful remote SCA attacks between 25 cm and 100 cm 25 cm 3,000 traces required 100 cm 30,000 traces required For distances exceeding 80 cm amplifier gain increased In order to achieve desired f zoom values Reader and tag in close proximity Power tag from distance Literature available (Kfir et al. [3])

Conclusion Performed remote SCA attacks on an NFC prototype tag No special equipment required Examined different distances up to 1 m Reading range only a few centimeters Parasitic load modulation Only record peaks of the signal and perform downsampling Increase resolution Decrease trace size Tackle attack Introduce countermeasures (e.g., random delays) Limit number of cryptographic operations

Thank you for your attention! Questions?

References [1] Carluccio, D., Lemke, K., Paar, C.: Electromagnetic Side Channel Analysis of a Contactless Smart Card: First Results. In: Oswald, E. (ed.) RFIDSec 2005, Graz, Austria, July 13-15, pp. 44 51 (2005) [2] Kasper, T., Oswald, D., Paar, C.: EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 79 93. Springer, Heidelberg (2009) [3] Kfir, Z., Wool, A.: Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems. In: Proceedings SecureComm 2005, Athens, Greece, September 5-9, pp. 47 58. IEEE Computer Society (2005)

PRACTICAL LEAKGE-RESILINET PSEUDO-RANDOM OBJECTS WITH MINIMUM PUBLIC RANDOMNESS Yu Yu Tsinghua University and East China Normal University Francois-Xavier Standaert UCL Crypto Group Session ID: CRYP-R32 Session Classification: Advanced

Outline of the talk Side-channel Attacks and Countermeasures Leakage-Resilient Stream Ciphers FOCS 2008 / Eurocrypt 2009 Constructions CCS 2010 / CHES 2012 Constructions Our Construction Overview Security Analysis

How cryptography works? Typical Assumptions: (1) A computational hard problem (RSA, DLP, AES ). (2) Black-box: attacker ONLY sees input-output and follows the protocol. Provable Security: Under assumptions #1 and #2, if one breaks the crypto-system (in polynomial-time), then it leads to efficient solution to the underlying hard problem, and hence acontradiction. Security guarantee voided if either assumption is not met. input output

Are these assumptions safe? Typical Assumptions: A commonly believed computational hard problem (RSA, DLP, AES ), where the secret key is randomly chosen from the key space. Black-box: attacker ONLY sees its input-output behavior and follows the protocols. Assumption #1 is ok, or otherwise a breakthrough. Assumption #2 not always respected. The implementation of a cryptographic algorithm (e.g. a security chip) might be leaking in many forms. input output

Side-channel attacks and beyond Definition: Any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms. It takes many forms: Timing Attacks Power Analysis (PA) Electro-Magnetic Analysis (EMA) Acoustic Analysis etc. More invasive physical attacks: fault injections attacks.

Countermeasures against SCA Implementation level. Software countermeasures: Masking, Hiding, etc. Hardware countermeasures: dual-rail pre-charge logic styles (e.g. SABL,WDDL). Design (algorithmic) level. Leakage-Resilient Cryptography: design of cryptographic protocols that remain secure in the presence of arbitrary, yet bounded, leakage about the secret key.

Leakage-Resilient Stream Ciphers What is a stream cipher? A symmetric key cipher where plaintext digits are combined with a pseudorandom key-stream. In practice, a stream cipher can be based on a block cipher (or PRG), and operate in iterations.

How to model the leakages? We admit arbitrary but restricted leakages. Let L on n-bit input K be the leakage function. L is subject to the following restrictions. Arbitrary. L is any efficiently computable function. Bounded leakage [DP08,Pie09]. For each i-th iteration, L i has bounded range, i.e., L i :{0,1} n {0,1} λ for λ<n.

Is bounded leakage sufficient? Without side-channels, it is a secure stream cipher. Is it leakage-resilient in the bounded leakage model? No. Future computation attacks, let each L i (k i ) be the i-th bit of some future state, say k 100. Note a realistic attack, but sufficient to show the SC is not provably leakage-resilient.

Leakage-Resilient Stream Ciphers in the Bounded Leakage Model In FOCS 2008, Dziembowski and Pietrzak presented a SC based on alternating extraction.

The FOCS 2008 Construction Key in two halves (k 0,k 1 ), public random value x 0. Function F is instantiated by a randomness extractor Ext and a pseudo-random generator G, i.e., F(k i,x i )=G(Ext(k i,x i )). Technical Ingredients: the output of an ε-secure PRG G:{0,1} n {0,1} 2n, when leaking about any λ O(log(1/ ε)) bits, will be having 2n - λ bit of pseudo-entropy.

The FOCS 2008 Construction Security (informal): even if the SC continuously leak λ bits (per iteration ) of adaptively chosen leakages, for as many as iterations, the final output (in absence of corresponding leakage) will be pseudo-random.

The Eurocrypt 2009 Construction Pietrzak simplified the FOCS 2008 construction: replacing the extractor+prg with a weak PRF. Technical lemma: weak PRF is a computational extractor.

Pros and Cons of the FOCS 2008/ Eurocrypt 2009 Constructions Advantage: strong security. I.e., prior to each iteration, the adversary can adaptively chosen the leakage function he wants to subscribe. Is this necessary? Disadvantage: a bit complicated (artificial?) construction. Efficiency issue: 2n bits of secret key only guarantees n bits of security. Question: can we construct something more practical? Hint: use the tradeoff between the above advantage and disadvantage.

The CCS 2010 Construction Yu et al. proposed a more practical construction. The idea: use alternating public values p 0 and p 1, and only allow non-adaptive (prefixed)) leakages.

The CHES 2012 Construction Faust et al. pointed out that the CCS 2010 SC needs more public values than 2 in the standard model. Thus, not randomness efficient.

Our motivation Can we reprove the CHES 2012 construction with much less public randomness (ideally one string)? The main contribution of our paper.

Overview of our construction Use a public seed s to generate all public random strings p 0, p 1, p 2,., where G is a pseudo-random function, e.g., p i =G(s, i) = AES s (i). The upper part is running in public. The lower part follows bounded leakage, i.e., each L i leaks λ bits.

How can we prove this? Trivial (due to CHES 2012) if s is kept secret and only p 0,p 1,..., are given to the adversary. The goal: showing that the security holds even if the adversary sees seed s.

CHES 2012 Construction Theorem (CHES 2012,informal). For any l poly(n), every adversary predicts b B with probability ½+negl(n).

Proof sketch. If by contradiction that when additionally given S, there exists efficient D and constant c such that Pr[D(R,view l )=b B ] >=½+n -c. Then, it implies the following 2-pass key agreement protocol. The protocol extends to public key encryption by parallel repetition, which is a contradiction to the known separation that no black-box construction of PKE from PRG [Impagliazzo and Rudich, STOC 89]. The contradiction also implies an OT protocol.

Conclusion Practical leakage-resilient stream ciphers in the standard model with simple construction and minimal public randomness. One can also use the technique to construct leakageresilient (GGM based) pseudo-random function (against non-adaptive inputs and leakages).

Questions. Thanks!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information