Smart card security analysis

Smart Card
security analysis
Marc Witteman, TNO
Do we need smart
card security?
What are the threats ?
receiver
sender
Confidentiality: unauthorized disclosure of information
Integrity:
unauthorized modification of information
Authenticity:
unauthorized use of service
What’s inside a smart card ?
databus
CPU
test
logic
ROM
security
logic
RAM
serial i/o
interface
EEPROM
Smart card security evaluations
• logical analysis: software
• internal analysis: hardware
• side channel analysis: both hw and sw
Logical analysis
Communication
• Functional testing
• Protocol analysis
• Code review
Internal
Analysis
Internal analysis tools
• Etching tools
• Optical microscope
• Probe stations
• Laser cutters
• Scanning Electron Microscope
• Focussed Ion Beam System
• and more…….
Reverse engineering
Staining of ion implant ROM array
Sub micron probe station
Probing with eight needles
FIB: fuse repair
Side channel analysis
• Use of ‘hidden’ signals
– timing
– power consumption
– electromagnetic emission
– etc..
• Insertion of signals
– power glitches
– electromagnetic pulses
Power consumption in clock cycle
peak
shape
slope
Iddq
area
time
Power consumption in routines
Power consumption in programs
Timing attack on RSA
• RSA principle:
– Key set e,d,n
– Encipherment: C = Me mod n
– Decipherment: M = Cd mod n
• RSA-implementation (binary exponentiation)
– M := 1
– For i from t down to 0 do:
• M := M * M
• If di = 1, then M := M*C
Timing Attack on RSA (2)
1
0 0 0
1
1
1
Differential Power Analysis
• Assume power consumption relates to hamming weight of data
• Subtract traces with high and low hamming weight
• Resulting trace shows hamming weight and data manipulation
Fault injection on smart cards
Change a value read from memory to another
value by manipulating the supply power:
Threshold of
read value
A power dip at the
moment of reading a
memory cell
Differential Fault Analysis on RSA
Efficient implementation splits exponentiation:
dp = d mod (p-1)
dq = d mod (q-1)
K = p-1 mod q
dp
mod p
dq
mod q
Mp = C
Mq = C
M = Cd mod n = ( ( (Mq - Mp)*K ) mod q ) * p + Mp
DFA on CRT
Inject a fault during CRT that corrupts Mq:
M’q is a corrupted result of Mq computation
M’ = ( ( (M’q - Mp)*K ) mod q ) * p + Mp
subtract M and M’:
M - M’ = (((Mq - Mp)*K) mod q)*p - (((M’q - Mp)*K) mod q)*p
= (x1-x2)*p
compute Gcd( M-M’, n ) = Gcd( (x1-x2)*p, p*q ) = p
compute q = n / p
Conclusions
• Smart cards can be broken by advanced
analysis techniques.
• Users of security systems should think about:
– What is the value of our secrets?
– What are the risks (e.g. fraud, eavesdropping)
– What are the costs and benefits of fraud?
• Perfect security does not exist!
For information:
TNO Evaluation Centre
Marc Witteman
PO-Box 5013
2600 GA Delft, The Netherlands
Phone:
+31 15 269 2375
Fax:
+31 15 269 2111
E-mail:
witteman@tpd.tno.nl
E-mail:
eib@tpd.tno.nl