attacks on smart cards - oocities...presentation title here - security level power attacks...
TRANSCRIPT
![Page 2: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/2.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Outline
• Smart Cards: What and Why
• Attacks on cards! Physical! Timing, spa, dpa, dfa
• Attacks on systems using Smart Cards
• Examples
![Page 3: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/3.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
What is a Smart Card
![Page 4: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/4.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Chip Structure
![Page 5: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/5.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Why Use Smart Cards?
• Tamper resistance! Storage
• Portability
• Tamper resistance! Processing
• Ease of use• Onboard key generation• Cost
[Blah Blah]
[@ç^#~r&¤]
![Page 6: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/6.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Outline
• Smart Cards: What and Why
• Attacks on cards! Physical! Timing, spa, dpa, dfa
• Attacks on systems using smart cards
• Examples
![Page 7: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/7.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Classes of Attacks
• Physical
• Side-channel
• Software
• Environment
![Page 8: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/8.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Power Outage
Vcc
Reset
Clock
Ground
Vpp
I/O
• Attack on VPP• Using nail polish• Card not debited…
![Page 9: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/9.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Probe Stations, F.I.B.
• If you have more money or if you are a student.
![Page 10: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/10.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Chip Re-Wiring
![Page 11: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/11.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Addition of a Track
![Page 12: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/12.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Cutting of a Track
![Page 13: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/13.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Countermeasures
• Metal layers• Bus scrambling• Onboard sensors
! Temperature, light, frequency! Integrity :
![Page 14: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/14.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Chip Structure
![Page 15: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/15.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Physical Attacks Summary
• Difficult to defeat completely• Expensive• Destructive• Target dependant• Time consuming
![Page 16: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/16.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Classes of Attacks
• Physical
• Side-channel
• Software
• Environment
![Page 17: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/17.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Side Channel Attacks
• Exploit information on secret data leaked byt the card.! Time (Timing Attacks)! Power (SPA, DPA)! Radiation (Electromagnetic SPA/DPA)
![Page 18: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/18.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
$28 $10$10 $28
Timing Attacks
• You put $28 in one of the pots and $10 in the other:
• Question: Compute! Blue * 10 + Red *7 ! Tell me if the result is odd or even.
• Is your answer enough to reveal what’s in each pot?
![Page 19: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/19.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Timing Attacks
• Well, normally not :
28∗ 7 + 10 * 10 = 296 is an even number
and
10 * 7 + 28 * 10 = 350 is also even…
• However, just by monitoring the time it takes to give the answer one can tell where each amount is!
![Page 20: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/20.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Timing Attack on a Smart Card
Process 1Process 2
Start
Decision
tt +∆t
end
![Page 21: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/21.jpg)
Presentation title here - Security level
Power Attacks
• Measure the circuit's processing time and current consumption to infer what is going on inside it.
input output
-
+
![Page 22: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/22.jpg)
Presentation title here - Security level
Power Attacks
• Seattle, 1999.• US and French delegates negotiate under which conditions beef could be imported to France. «The Sun» sends a journalist to investigate:
?
![Page 23: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/23.jpg)
Presentation title here - Security level
Power Attacks
• But there is a technical problem: negotiations take place in a hotel which windows are opaque.
![Page 24: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/24.jpg)
Presentation title here - Security level
Power Attacks
• Idea: look at the hotel’s electricity meter!
![Page 25: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/25.jpg)
Presentation title here - Security level
Power Attacks
• Disk is spinning slowly:
+
DEAL CONCLUDED
![Page 26: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/26.jpg)
Presentation title here - Security level
• But if the disk is spinning quickly:
+
+
THE SUN
A London homeless eaten by giant rat!
Experts say : sterility is
hereditary !
NEGOTIATORSBREAK !
Power Attacks
![Page 27: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/27.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
SPA attack on RSA
• SPA against RSA private exponentiation
s = md mod n
! n large modulus, say 1024 bits ! m message ! s signature! d private exponent
• The attacker aims at retrieving d
![Page 28: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/28.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
• Implementation (assumed known hereafter)! basic “square and multiply” algorithm! exponent bits scanned from MSB to LSB (left to right)
Example : s = m9 = m1001b
init (MSB 1) s = m
round 2 (bit 0) s = m2
round 1 (bit 0) s = (m2 )2 = m4
round 0 (bit 1) s = (m4 )2 * m = m9
Let k = bitsizeof d
Let s = m
For i = k-2 down to 0
Let s = s*s mod n (SQUARE)
If (bit i of d) is 1 thenLet s = s*m mod n (MULTIPLY)End if
End for
SPA attack on RSA
![Page 29: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/29.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
SPA attack on RSA
![Page 30: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/30.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Test key value : 0F 00 F0 00 FF 00
SMSMSM SMSMSMSMSSS S SMSMSMSMSMSMSMSMSSSS SSSSSSSS SSSS SSSS SSSS
1 1 1 1
0F 0000 0000
00
1 1 1 1 0000
F0 0000 0000
000000 0000
00
1 1 1 1 1 1 1 1
FF
SPA attack on RSA
![Page 31: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/31.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Key value : 2E C6 91 5B F9 4A
2
0010
E
1 1 10
C
1 100
6
0 1 10
9
100 1
1
000 1
5
0 10 1
B
10 1 1
F
1 1 1 1
9
100 1
4
0 100
A
10 10
SPA attack on RSA
![Page 32: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/32.jpg)
Presentation title here - Security level
Randomising RSA
• RSA signature:
![Page 33: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/33.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Summary on SPA
• SPA uses implementation related patterns• SPA strategy
! algorithm knowledge! reverse engineering phase (signature location)! representation tuning (height of view, zoom, visualisation)! playing with implementation assumptions...
• SPA is always specific due to ! the algorithm implementation! the applicative constraints! the chip’s technology (electrical properties)! possible counter-measures...
![Page 34: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/34.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA
• Based on SPAAdding the power of statistics to separate signal from noise
![Page 35: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/35.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Algorithm Output(cipher texts Ci)
Input data(messages Mi)
Power Consumption
Curves Wi (or other side channel
leakage like EM radiation)
Play the algorithm N times(100 < N < 100000)
DPA Hypothesis
![Page 36: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/36.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Acquisition procedure
• After data collection, what is available ?! N plain and/or cipher random texts
00 B688EE57BB63E03E01 185D04D77509F36F02 C031A0392DC881E6 …
! N corresponding power consumption waveforms
![Page 37: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/37.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
M’i = f [Mi]fMi
• Now select a single bit among M’ bits (in M’ buffer)
• One can predict the true story of its variationsi Message bit
0 B688EE57BB63E03E 1
1 185D04D77509F36F 0
2 C031A0392DC881E6 1 ….
Selection & Prediction
• Assume the data are processed by a known deterministic function f (transfer, permutation...)
• Knowing the data, one can re-compute off line its image through f
![Page 38: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/38.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
• Partition the data and related curves into two packs, according to the selection bit value...
fMi
bit (Mi’) = 0
bit (Mi’) = 1
• … and assign -1 to pack 0 and +1 to pack 10 B688EE57BB63E03E 1 +1
1 185D04D77509F36F 0 -12 C031A0392DC881E6 1 +1 …
• Sum the signed consumption curves and normalise• <=> Difference of averages
(N0 + N1 = N)
0
0
1
1
N
W
N
WDPA ∑∑ −=
DPA Operator
![Page 39: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/39.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA Curve Construction
Selection bitN
C031A0...185D04D...
1
B688EE...M0
MN
M1
W0
1
Average
0
-
DPAcurve
![Page 40: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/40.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA Curve Example
• DPA curves for different selection bitsMax
Min
![Page 41: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/41.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Max
Min
DPA Curve Example
• Peaks are present when selection bits are handled
![Page 42: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/42.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA operator & curve
• Spikes explanation : Hamming Weight of the bit’s byte
Average = E [HW0] = 0 + 3.5 Average = E [HW1] = 1 + 3.5
∆ = E [HW1] - E [HW0 ] = 1
1 1 0 0 1 1 0 11 0 1 1 0 1 0 00 1 0 1 1 1 1 0
...
• Contrast (peak height) proportional to N1/2 (evaluation criterion)
• If prediction was wrong : selection bit would be random
E [HW0] = E [HW1] = 4 => ∆ = 0
0 1 0 0 1 0 1 10 1 1 0 1 0 1 01 1 0 0 1 0 0 0
...
Selection bit
012...
![Page 43: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/43.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA curves
Consumption curve
Reverse engineering using DPA
• Use DPA to locate when predictable things occur• Example : locate an algo trace by targeting its output (ciphertext transfer to RAM, ciphertext is given)
Computation is before
Bit of the 1st byte Bit of the last byte
![Page 44: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/44.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Attacking a Secret Key Algorithm• DPA works thanks to the perfect prediction of the selection bit
• How to break a key ?
CryptographicAlgorithm
Key ?
CiphertextsCi
MessagesMi
Power ConsumptionCurves Wi
![Page 45: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/45.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Exclusive OR
Non-linear substitution
by table look-up :
S = SB(K"M)
Keybyte K
Message byte M
SBox
S
Selection bits
DPA: typical target• Basic mechanism in Secret Key algorithms (AES, DES…)
![Page 46: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/46.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Attacking a Secret Key Agorithm
• Try different keys a valid them with DPA• Isn’t it like cryptographic exhaustive search ?• Not exactly … • … because the research space is drastically reduced !
![Page 47: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/47.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Hypothesis Testing (guess)• Example : AES 128 bits key = 16 bytes Ki (i = 1 to 16)
! Test 256 guesses per Ki with 256 DPA! 128 key bits disclosed with 16 x 256 = 4096 DPA ( << 2128 !)
Average
Selection bit
x
n
A79C36...fdgcxv
1
B688EE...
M0
Mn
M1
-
Ki
W0
DPA
![Page 48: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/48.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Hypothesis Testing (guess)DPA on AES : 1st round and 1st byte (right guess = 1)
Max
MinGuess 1 Guess 98 Guess 204
![Page 49: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/49.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Hypothesis Testing (guess)• The right guess provides the highest spikes !
0 2n-11
1
![Page 50: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/50.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
D = 1
D = 1
Average 1
D = 0
D = 0
Average 0
Average 1 - Average 0DPA peak
Right guess
Exact prediction of the selection bit
0 B688EE57BB63E03E 1 1
1 185D04D77509F36F 0 0
2 C031A0392DC881E6 1 1
…Real
Predicted
Hypothesis Testing (right guess)
![Page 51: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/51.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Wrong guess
Wrong prediction of the selection bit
0 B688EE57BB63E03E 1 0
1 185D04D77509F36F 0 1
2 C031A0392DC881E6 1 1
…Real
Predicted
D = 1
D = 1
Average 1
D = 0
D = 0
Average 0
Average 1 - Average 0 No DPA peak
Hypothesis Testing (wrong guess)
![Page 52: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/52.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Hypothesis Testing (guess)• Wrong guesses may provide higher DPA peaks !
0 2n-11 27
58
![Page 53: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/53.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Hypothesis Testing• Typical difficulties
! low contrast between the guesses! wrong guesses leading to higher peaks (false alarm)
• Possible explanations! physical : lack of correlation between data & signals! cryptographic : algorithmic noise (implementation model)
• Practical solutions! try other selection bits (but they not necessarily agree !)! complementary exhaustive search on gleaned information
Right guess
![Page 54: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/54.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
• DES (64 - 8 = 56 key bits)! historically the 1st target of DPA! more complicated
• several possible targets• 8 Sboxes: 6 input bits, 4 output bits• key schedule (subkeys)
! 8 x 64 = 512 guesses! only 48 bits on 1st round! 2nd round attack for the whole key! possibility of last round DPA
IPerm
EPerm
S-Box
PPerm
SubKEY1Ki (6 bits) x 8
6 bits x 8
6 bits x 8
4 bits x 8 ( a )
4 bits x 84 bits x 8
4 bits x 8 ( g )
M (message)
R0 (32 bits)L0 (32 bits)
L1 (32 bits) R1 (32 bits)
DES 1st round
DPA on other algorithms
![Page 55: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/55.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA on other Algorithms
• Other SK algorithms! AES! 3-DES! Comp 128! Hash MAC! modular arithmetic (modulo 256, 257)! proprietary (GSM)
• RSA modular exponentiation ! No key schedule => prediction more difficult! The key is not entirely handled from the beginning, but
progressively introduced! Prediction by time slices : next bit inference requires the
previous bit to be broken
![Page 56: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/56.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA Countermeasures
Average
Selection bit
x
n
A79C36...fdgcxv
1
B688EE...
M0
Mn
M1
-
subKi
W0
DPA
![Page 57: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/57.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Anti-DPA counter-measures• Applicative counter-measures : make message free randomization impossible !! Fix some message bytes! Constrain the variable bytes (ex : transaction counter)
• Decorrelate power curves from data! by hardware : current scramblers (additive noise)! by software : data whitening
• Desynchronise the N traces (curves misalignment)! software random delays! software random orders (ex : SBoxes in random order)! hardware wait states (dummy cycles randomly added by the
CPU)! hardware unstable internal clock (phase shift)
• DPA is powerful, generic (to many algorithms) and robust (to model errors)…
• … but there are counter-measures !
![Page 58: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/58.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Anti-DPA counter-measures• Internal clock effects (phase shift)
1 GS/s
SynchronizedDesynchronized
![Page 59: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/59.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
DPA Summary
• Very effective• Target independent• Can be automated• Does not require expensive hardware• Effective countermeasures exist• Still need to get a hold of the card
![Page 60: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/60.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Electromagnetic Power Analysis
![Page 61: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/61.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Probe design
• Hamming distance model for information leakageCorrelated to the number of flipping bits (CMOS, VLSI)
• Electrical transitions disturb EM near field (and its flow φ )• Captation by inductive probe
Handmade solenoid
(Diameter = 150 to 500 µµµµm)Difficult to calibrate
(Bandwidth > 100 MHz, low voltage, parasitic effects)
Good acquisition chain required, but no Faraday cage(Sampling at 1GHz)
dtdV φφφφ−−−−====
3 mm
![Page 62: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/62.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Electromagnetic Signals
• Raw signals (TIA : transfer into accumulator instruction)Power is less noisyBut EM signatures are sharper !
TIA(00) & TIA(FF)
Power
EM
![Page 63: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/63.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Spatial positioning
• Horizontal cartography (XY plane)to pinpoint instruction related areasbetter if automated
CPU
EEPROM
EEPROM
ROM
ROM
RAM
CRYPTO
Probe
4.5 mm
5.5m
m
![Page 64: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/64.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Spatial positioning
• EM signals versus XY probe positionDifferential traces between (00h ⊕ 00h) and (FFh ⊕ 00h) picked up at different
locations
EM
Power
Data signatures
![Page 65: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/65.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
DEMA against the alleged COMP128
• First successful attack in Gemplus• The DETECTION problem
better signal to noise on DEMA curves than on DPAdespite more noisy measurements !
DPA
DEMA
![Page 66: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/66.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
SEMA against RSA
• SEMA/SPA exploit larger scale patterns (single trace)• Decapsulation (no statistical improvement for S/N)
2 exponentiations involving 3 bytes of the private key : FFA5FFh and 666666h (same message and modulus).
EM patterns :
possible SEMA
Power
(no pattern : no SPA)
![Page 67: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/67.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Electomagnetic Signals
• Advantage of EMA versus PALocal information more “data correlated”EMA bypasses current smoothersEMA goes through HW countermeasures: shields, randomizedlogic
• DrawbacksExperimentally more complicatedGeometrical scanning can be tediousLow level and noisy signals (decapsulation required)
![Page 68: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/68.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Countermeasures
• Software (crypto routines) : coding techniquessame as anti DPA/SPA (data whitening…)
• Hardware (chip designers) :confine the radiation (metal layer)blur the radiation (e-g by an active emitting grid)reduce the radiation (technology trends to shrinking)cancel the radiation (dual logic)
![Page 69: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/69.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Fault Induction (DFA)
• "Jolt" the smart card off its normal processing.• Exploit any information that might be revealed• Power glitches, flashes,…
![Page 70: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/70.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Fault Attacks
• Weights of coins:! a dollar 5 grams ! a cent 3 grams
• How much money a 15 gram vault contains?
• Trivially, one of the following:! either 5 × 3 = 3 dollars ! or 5 × 3 = 5 cents
• But how to make the difference?
![Page 71: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/71.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Fault Attacks• Assume that the owner of the vault has the habitude of counting
each evening the amount in the vault.
• Have him drink some Vodka so that he mistakes a cent for a dollar or the other way around.
• Put the vault on the balance again:! either 5 × 2 + 3 = 13 grams ! or 4 × 3 + 5 = 17 grams
• You can now tell exactly what was the amount in the vault.
![Page 72: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/72.jpg)
Presentation title here - Security level
RSA using the Chinese Remainder Theorem
• a and b are precumputed values, such that:
• The two elements that replace d will be half the size(in bits) compared to d.
![Page 73: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/73.jpg)
Presentation title here - Security level
RSA using the Chinese Remainder Theorem
• The secret key elements are used to calculate:
These two exponentiations will be computed four times faster than the usual md (mod n).
• Which can be used to generate a signature:
![Page 74: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/74.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Against an RSA using the Chinese Remainder Theorum
• Two exponentiations to generate a RSA signature.• A fault in one exponentation will provide an incorrect result
that can leak information on the secret key used.
![Page 75: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/75.jpg)
Presentation title here - Security level
If a fault occurs …
• If a fault occurs during the calculation of Sq then:
and the secret prime numbers can be found by
![Page 76: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/76.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Against an RSA using the Chinese Remainder Theorum
• A correct signature S and an incorrect signature S’ can be used to derive one of the prime numbers used in RSA.
• A GCD between the difference and n:
![Page 77: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/77.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Countermeasures
• Software! Execution redundancy
• repeating an algorithm• executing the inverse algorithm (ideal for RSA)
! Checksums on data transfers! Randomised Execution
![Page 78: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/78.jpg)
Attacks on Smart Cards -Copyright Gemplus Ltd 2003
Countermeasures
• Hardware! Redundancy - hardware implemented twice with a
comparison.! Better detectors
Bloc 1
Bloc 2
Comparison
Result1
Result 2
Data
DecisionFault
Detected
ITReset
Réaction
Result
![Page 79: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/79.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Outline
• Smart Cards: What and Why
• Attacks on cards! Physical! Timing, spa, dpa, dfa
• Attacks on systems using Smart Cards
• Examples
![Page 80: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/80.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Systems Using Smart Cards
• Smart cards can not interact directly with the card holder
• Smart cards are used in IT systems to store users credentials for authentication, signature or ciphering
• Classical IT security concepts apply to these systems! Trusted path! Security policies! Trojan horses
![Page 81: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/81.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Trusted Path: Normal PIN Verification on a PC
![Page 82: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/82.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Trusted Path: PIN code verification
VerifyPINVerifyPIN
********
EnterEnteryouryourPINPIN
![Page 83: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/83.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Trojan Horses: the Future
• Stealing the PIN might not be interesting• Placing calls on expensive numbers would…
• What about J2ME phones?
![Page 84: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/84.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Summary
• Bugs! Insecure Handling of data! Buffer Overflows
• Conceptions errors! Plain text or bad protocols! Reverse Engineering of programs
• Attack on the TCB! Trojan Horses! Viruses
![Page 85: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/85.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Wrong Cryptographic Design
• Short keys• Weak algorithms• Broken protocols• …
• Examples! French Credit Card! COMP128 for GSM
![Page 86: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/86.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Conclusion
• Smart cards are like any security devices: they have limitations
• A system should be designed with these limitations in mind
• A system should be upgradeable to deal with the (inevitable?) security breach or the aging of the technology
• The race goes on…
![Page 87: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/87.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #01
• Symptom : Merchants complain that their fund-deposits are never credited to their accounts.
• Deposits are sealed in specific envelops at the end of each day and deposited by the merchants in the front-door mailboxes of their banks. Physical access to mailboxes is smart-card protected.
• Police investigation : card access control OK, mailbox OK.
![Page 88: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/88.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #01 : what happened
• The criminal has opened an account at the attacked bank; pretending he was a merchant. He consequently got a smart-card granting him access to the mailbox.
• He then bought a heavy metal vault, made a rectangular hole in it and came to the bank just after office hour. Using his smart-card he accessed the mailbox's man-trap, taped shut the real mailbox's hole and placed the vault on the ground, securing it with a steel chain and an impressive padlock. Finally, he added a printed text (bearing the bank's logo) : "WORK IN PROGRESS, PLEASE PLACE YOUR DEPOSITS IN THE VAULT, THANKS".
![Page 89: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/89.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #02
• Symptom : Users insert their cards to ATMs, enter their PINs but get no money. The ATM swallows the card and displays the message "INVALID CARD CONTACT YOUR BANK", money was however withdrawn with the card later.
![Page 90: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/90.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #02 : what happened
• A false ATM...
![Page 91: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/91.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #03
• Symptom : Same as scenario 2, using a smart-card with an EEPROM counter limited to 3. The card is always returned to the user but if its EEPROM counter contains 3 the card can not be used anymore.
• An audit of the ATM's log file showed that although the thief presented three false PIN codes, he could somehow try again and again. The correct PIN was found by exhaustive search after approximately 5000 attempts.
![Page 92: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/92.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #03 : what happened
• In old cards, EEPROM programming was done using an external programming voltage (Vpp) supplied through a specific ISO contact. The thief had covered this specific card contact with a paper sticker (EEPROM programming made impossible).
![Page 93: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/93.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #04
• Symptom : The ATM's log file and cash stock do not match; money is missing.
• An audit of the ATM's log file showed that the same user withdrew money several times. He always forgot his banknotes that were swallowed back by the ATM after a short time-out (a security feature).
![Page 94: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/94.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #04 : what happened
• The thief would withdraw three banknotes but take only two of them. The remaining banknote was detected by the paper sensor and swallowed back by the ATM which automatically cancelled the transaction (no debit on user's account).
• The paper sensor could not distinguish between one, two or three banknotes...
![Page 95: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/95.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #05
• Symptom : Although PIN-protected, stolen smart credit cards were successfully used to withdraw money.
• An audit of the ATM's log file shows that the correct PIN was used in the withdrawal operation.
![Page 96: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/96.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #05 : what happened
• The fraud was technical : the smart-card's software was programmed to compare the presented PIN and if incorrect to increase the EEPROM counter.
• EEPROM programming is characterised by an increased power consumption and requires 5ms.
• The thief used a board that presented automatically all the PIN values (0000 to 9999) but detected the current consumption increase and powered off the card before the EEPROM error counter could be updated.
![Page 97: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/97.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #06
• Symptom : Users complain that the ATM has swallowed their card but when employees look into the ATM there is no card.
![Page 98: Attacks on Smart Cards - OoCities...Presentation title here - Security level Power Attacks •Measure the circuit's processing time and current consumption to infer what is going on](https://reader034.vdocuments.mx/reader034/viewer/2022042306/5ed2c2ebb34192408b7ad7e8/html5/thumbnails/98.jpg)
Attacks on Smart Cards - Copyright Gemplus Ltd 2003
Scenario #06 : what happened
• A collar was put on the front of the hole, once the card was in it was impossible to get out.
• A thief told the victim to go in the bank to ask for the card and then get out the card and the collar and ran away.
• Unfortunately for us this technique was quite popular in Marseilles and was called “Le collet marseillais”