1 / 25

Smart Card security analysis Marc Witteman, TNO

Smart Card security analysis Marc Witteman, TNO. Do we need smart card security?. What are the threats ?. receiver. sender. Confidentiality: unauthorized disclosure of information. Integrity: unauthorized modification of information. Authenticity: unauthorized use of service.

sivan
Download Presentation

Smart Card security analysis Marc Witteman, TNO

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Smart Card security analysisMarc Witteman, TNO

  2. Do we need smart card security?

  3. What are the threats ? receiver sender Confidentiality: unauthorized disclosure of information Integrity: unauthorized modification of information Authenticity: unauthorized use of service

  4. databus test logic CPU ROM security logic RAM serial i/o interface EEPROM What’s inside a smart card ?

  5. Smart card security evaluations • logical analysis: software • internal analysis: hardware • side channel analysis: both hw and sw

  6. Logical analysis Communication • Functional testing • Protocol analysis • Code review

  7. Internal Analysis

  8. Internal analysis tools • Etching tools • Optical microscope • Probe stations • Laser cutters • Scanning Electron Microscope • Focussed Ion Beam System • and more…….

  9. Reverse engineering

  10. Staining of ion implant ROM array

  11. Sub micron probe station

  12. Probing with eight needles

  13. FIB: fuse repair

  14. Side channel analysis • Use of ‘hidden’ signals • timing • power consumption • electromagnetic emission • etc.. • Insertion of signals • power glitches • electromagnetic pulses

  15. Power consumption in clock cycle peak shape slope Iddq area time

  16. Power consumption in routines

  17. Power consumption in programs

  18. Timing attack on RSA • RSA principle: • Key set e,d,n • Encipherment: C = Me mod n • Decipherment: M = Cd mod n • RSA-implementation (binary exponentiation) • M := 1 • For i from t down to 0 do: • M := M * M • If di = 1, then M := M*C

  19. Timing Attack on RSA (2) 1 0 0 0 1 1 1

  20. Differential Power Analysis • Assume power consumption relates to hamming weight of data • Subtract traces with high and low hamming weight • Resulting trace shows hamming weight and data manipulation

  21. Fault injection on smart cards Change a value read from memory to another value by manipulating the supply power: Threshold of read value A power dip at the moment of reading a memory cell

  22. Differential Fault Analysis on RSA Efficient implementation splits exponentiation: dp = d mod (p-1) dq = d mod (q-1) K = p-1 mod q Mp = Cdp mod p Mq = Cdq mod q M = Cd mod n = ( ( (Mq - Mp)*K ) mod q ) * p + Mp

  23. DFA on CRT Inject a fault during CRT that corrupts Mq: M’q is a corrupted result of Mq computation M’ = ( ( (M’q - Mp)*K ) mod q ) * p + Mp subtract M and M’: M - M’ = (((Mq - Mp)*K) mod q)*p - (((M’q - Mp)*K) mod q)*p = (x1-x2)*p compute Gcd( M-M’, n ) = Gcd( (x1-x2)*p, p*q ) = p compute q = n / p

  24. Conclusions • Smart cards can be broken by advanced analysis techniques. • Users of security systems should think about: • What is the value of our secrets? • What are the risks (e.g. fraud, eavesdropping) • What are the costs and benefits of fraud? • Perfect security does not exist!

  25. For information: TNO Evaluation Centre Marc Witteman PO-Box 5013 2600 GA Delft, The Netherlands Phone: +31 15 269 2375 Fax: +31 15 269 2111 E-mail: witteman@tpd.tno.nl E-mail: eib@tpd.tno.nl

More Related