Learn, hack!

URL

http://events.ccc.de/congress/2004/fahrplan/files/167-lecture_ccc_2004_df.pdf

File name

167-lecture_ccc_2004_df.pdf

File size

1006.9 KB

MD5

2cf658b0d467887bb213a1d44c7ed9b4

SHA1

c23cf06c7a1181376e5d2683772dae20b4d4b728

Smart cards are used for authentication and for securing transactions. But even if the cryptographic algorithms and the protocols are secure, information about secret data may leak through so called side channels. Examples for side channels are timing of the computation as well as power consumption and electromagnetic emanation of the card. Nowadays cards which are used in security applications are protected against such attacks and are tested by IT security evaluation facilities. Smart cards are used for authentication and for securing transactions, e.g. in electronic banking systems. The key point for the use of smart cards in comparison with magnet stripe cards is that the smart card is not only used for the storage of data but also for cryptographic operations. The smart card can keep stored data secret and use them only as input for cryptographic operations, which can for instance be used for authenticating the card holder. The cryptographic operations base on symmetric or asymmetric cryptography. Commonly used algorithms are triple DES with a key length of 112 bits and AES with a key length of 128 bits as well as RSA with a key length of at least 1024 bits (or better at least 2048 bits). Let us assume that these cryptographic algorithms and also the transmission protocols are secure. This means, that the secret data on the card cannot be reconstructed on behalf of the knowledge of the input and output data alone. But there is also other information that the card emits to the outer world during the cryptographic computations and that can depend on the secret data. Examples for this information are timing of computation, power consumption of the smart card during the computation (most cards are power supplied from the outside) as well as electromagnetic emanations. Since this information is not transmitted over the defined interfaces, it is called side channel information. They can potentially expose the secret data as long there are no counter measures implemented on the card. There are various possible counter measures, which can be implemented on the hardware as well as the software of the card. But no counter measure can protect the side channels alone. Only a combination of several counter measures make it too hard for an attacker to successfully gain information about the secret data. The quality of those countermeasures can only be approved by tests, which are performed normally by the manufacturer during the development process to harden the card against side channel analysis. These tests have to be also performed by independent IT security evaluation facilities in order to approve side channel resistance of the card for possible consumers. It is distinguished between active and passive side channel attacks. The lecture concentrates on passive side channel attacks. Active side channel attacks try to induce faults in the computation and gain information from the results of such erroneous computations. The lecture shows the result of a successful performed side channel analysis of unprotected smart cards, so called simple power analysis (SPA) and differential power analysis (DPA) for a Rijndael implementation and some results about an RSA implementation. Typically these tests are performed as an iterative process. First the unprotected cards are successfully corrupted and than different counter measures are implemented and their quality in protecting the side channels is tested. Finally the card should be resistant against known side channel attacks.