Smart Card security analysis Marc Witteman, TNO Do we need smart card security? What are the threats ? receiver sender Confidentiality: unauthorized disclosure of information Integrity: unauthorized modification of information Authenticity: unauthorized use of service What’s inside a smart card ? databus CPU test logic ROM security logic RAM serial i/o interface EEPROM Smart card security evaluations • logical analysis: software • internal analysis: hardware • side channel analysis: both hw and sw Logical analysis Communication • Functional testing • Protocol analysis • Code review Internal Analysis Internal analysis tools • Etching tools • Optical microscope • Probe stations • Laser cutters • Scanning Electron Microscope • Focussed Ion Beam System • and more……. Reverse engineering Staining of ion implant ROM array Sub micron probe station Probing with eight needles FIB: fuse repair Side channel analysis • Use of ‘hidden’ signals – timing – power consumption – electromagnetic emission – etc.. • Insertion of signals – power glitches – electromagnetic pulses Power consumption in clock cycle peak shape slope Iddq area time Power consumption in routines Power consumption in programs Timing attack on RSA • RSA principle: – Key set e,d,n – Encipherment: C = Me mod n – Decipherment: M = Cd mod n • RSA-implementation (binary exponentiation) – M := 1 – For i from t down to 0 do: • M := M * M • If di = 1, then M := M*C Timing Attack on RSA (2) 1 0 0 0 1 1 1 Differential Power Analysis • Assume power consumption relates to hamming weight of data • Subtract traces with high and low hamming weight • Resulting trace shows hamming weight and data manipulation Fault injection on smart cards Change a value read from memory to another value by manipulating the supply power: Threshold of read value A power dip at the moment of reading a memory cell Differential Fault Analysis on RSA Efficient implementation splits exponentiation: dp = d mod (p-1) dq = d mod (q-1) K = p-1 mod q dp mod p dq mod q Mp = C Mq = C M = Cd mod n = ( ( (Mq - Mp)*K ) mod q ) * p + Mp DFA on CRT Inject a fault during CRT that corrupts Mq: M’q is a corrupted result of Mq computation M’ = ( ( (M’q - Mp)*K ) mod q ) * p + Mp subtract M and M’: M - M’ = (((Mq - Mp)*K) mod q)*p - (((M’q - Mp)*K) mod q)*p = (x1-x2)*p compute Gcd( M-M’, n ) = Gcd( (x1-x2)*p, p*q ) = p compute q = n / p Conclusions • Smart cards can be broken by advanced analysis techniques. • Users of security systems should think about: – What is the value of our secrets? – What are the risks (e.g. fraud, eavesdropping) – What are the costs and benefits of fraud? • Perfect security does not exist! For information: TNO Evaluation Centre Marc Witteman PO-Box 5013 2600 GA Delft, The Netherlands Phone: +31 15 269 2375 Fax: +31 15 269 2111 E-mail: [email protected] E-mail: [email protected]
© Copyright 2024 Paperzz
