smart card security analysis smart card security analysis marc witteman, tno
TRANSCRIPT
Smart Card Smart Card security analysissecurity analysis
Marc Witteman, TNO
Do we need smart Do we need smart card security?card security?
What are the threats ?What are the threats ?
Confidentiality: unauthorized disclosuredisclosure of information
sender receiver
Integrity: unauthorized modificationmodification of information
Authenticity: unauthorized use of service
What’s inside a smart card ?What’s inside a smart card ?
CPU
RAM
test logic
ROM
EEPROMserial i/ointerfaceserial i/ointerface
security logic
security logic
databus
Smart card security evaluationsSmart card security evaluations
• logical analysis: software
• internal analysis: hardware
• side channel analysis: both hw and sw
Logical analysisLogical analysis
CommunicationCommunication
• Functional testing
• Protocol analysis
• Code review
InternalInternalAnalysisAnalysis
Internal analysis toolsInternal analysis tools
• Etching tools
• Optical microscope
• Probe stations
• Laser cutters
• Scanning Electron Microscope
• Focussed Ion Beam System
• and more…….
Reverse engineeringReverse engineering
Staining of ion implant ROM arrayStaining of ion implant ROM array
Sub micron probe stationSub micron probe station
Probing with eight needlesProbing with eight needles
FIB: fuse repairFIB: fuse repair
Side channel analysisSide channel analysis
• Use of ‘hidden’ signals– timing
– power consumption
– electromagnetic emission
– etc..
• Insertion of signals– power glitches
– electromagnetic pulses
Power consumption in clock cyclePower consumption in clock cycle
peak
slope
time
IIddqddq
area
shape
Power consumption in routinesPower consumption in routines
Power consumption in programsPower consumption in programs
Timing attack on RSATiming attack on RSA
• RSA principle:– Key set e,d,n
– Encipherment: C = Me mod n
– Decipherment: M = Cd mod n
• RSA-implementation (binary exponentiation)– M := 1
– For i from t down to 0 do:• M := M * M
• If di = 1, then M := M*C
Timing Attack on RSA (2)Timing Attack on RSA (2)
11 00 00 00 11 11 11
Differential Power AnalysisDifferential Power Analysis• Assume power consumption relates to hamming weight of data
• Subtract traces with high and low hamming weight
• Resulting trace shows hamming weight and data manipulation
Fault injection on smart cardsFault injection on smart cards
Change a value read from memory to another value by manipulating the supply power:
Threshold ofread value A power dip at the
moment of reading amemory cell
Differential Fault Analysis on RSADifferential Fault Analysis on RSA
Efficient implementation splits exponentiation:
dp = d mod (p-1)
dq = d mod (q-1)
K = p-1 mod q
Mp = Cdp mod p
Mq = Cdq mod q
M = Cd mod n = ( ( (Mq - Mp)*K ) mod q ) * p + Mp
DFA on CRTDFA on CRT
Inject a fault during CRT that corrupts Mq:
M’q is a corrupted result of Mq computation
M’ = ( ( (M’q - Mp)*K ) mod q ) * p + Mp
subtract M and M’:M - M’ = (((Mq - Mp)*K) mod q)*p - (((M’q - Mp)*K) mod q)*p
= (x1-x2)*p
compute Gcd( M-M’, n ) = Gcd( (x1-x2)*p, p*q ) = p
compute q = n / p
ConclusionsConclusions
• Smart cards can be broken by advanced analysis techniques.
• Users of security systems should think about:– What is the value of our secrets?
– What are the risks (e.g. fraud, eavesdropping)
– What are the costs and benefits of fraud?
• Perfect security does not exist!
For information:For information:
TNO Evaluation Centre
Marc Witteman
PO-Box 5013
2600 GA Delft, The Netherlands
Phone: +31 15 269 2375
Fax: +31 15 269 2111
E-mail: [email protected]
E-mail: [email protected]