Smart Card Smart Card security analysissecurity analysis

Marc Witteman, TNO

Do we need smart Do we need smart card security?card security?

What are the threats ?What are the threats ?

Confidentiality: unauthorized disclosuredisclosure of information

sender receiver

Integrity: unauthorized modificationmodification of information

Authenticity: unauthorized use of service

What’s inside a smart card ?What’s inside a smart card ?

CPU

RAM

test logic

ROM

EEPROMserial i/ointerfaceserial i/ointerface

security logic

security logic

databus

Smart card security evaluationsSmart card security evaluations

• logical analysis: software

• internal analysis: hardware

• side channel analysis: both hw and sw

Logical analysisLogical analysis

CommunicationCommunication

• Functional testing

• Protocol analysis

• Code review

InternalInternalAnalysisAnalysis

Internal analysis toolsInternal analysis tools

• Etching tools

• Optical microscope

• Probe stations

• Laser cutters

• Scanning Electron Microscope

• Focussed Ion Beam System

• and more…….

Reverse engineeringReverse engineering

Staining of ion implant ROM arrayStaining of ion implant ROM array

Sub micron probe stationSub micron probe station

Probing with eight needlesProbing with eight needles

FIB: fuse repairFIB: fuse repair

Side channel analysisSide channel analysis

• Use of ‘hidden’ signals– timing

– power consumption

– electromagnetic emission

– etc..

• Insertion of signals– power glitches

– electromagnetic pulses

Power consumption in clock cyclePower consumption in clock cycle

peak

slope

time

IIddqddq

area

shape

Power consumption in routinesPower consumption in routines

Power consumption in programsPower consumption in programs

Timing attack on RSATiming attack on RSA

• RSA principle:– Key set e,d,n

– Encipherment: C = Me mod n

– Decipherment: M = Cd mod n

• RSA-implementation (binary exponentiation)– M := 1

– For i from t down to 0 do:• M := M * M

• If di = 1, then M := M*C

Timing Attack on RSA (2)Timing Attack on RSA (2)

11 00 00 00 11 11 11

Differential Power AnalysisDifferential Power Analysis• Assume power consumption relates to hamming weight of data

• Subtract traces with high and low hamming weight

• Resulting trace shows hamming weight and data manipulation

Fault injection on smart cardsFault injection on smart cards

Change a value read from memory to another value by manipulating the supply power:

Threshold ofread value A power dip at the

moment of reading amemory cell

Differential Fault Analysis on RSADifferential Fault Analysis on RSA

Efficient implementation splits exponentiation:

dp = d mod (p-1)

dq = d mod (q-1)

K = p-1 mod q

Mp = Cdp mod p

Mq = Cdq mod q

M = Cd mod n = ( ( (Mq - Mp)*K ) mod q ) * p + Mp

DFA on CRTDFA on CRT

Inject a fault during CRT that corrupts Mq:

M’q is a corrupted result of Mq computation

M’ = ( ( (M’q - Mp)*K ) mod q ) * p + Mp

subtract M and M’:M - M’ = (((Mq - Mp)*K) mod q)*p - (((M’q - Mp)*K) mod q)*p

= (x1-x2)*p

compute Gcd( M-M’, n ) = Gcd( (x1-x2)*p, p*q ) = p

compute q = n / p

ConclusionsConclusions

• Smart cards can be broken by advanced analysis techniques.

• Users of security systems should think about:– What is the value of our secrets?

– What are the risks (e.g. fraud, eavesdropping)

– What are the costs and benefits of fraud?

• Perfect security does not exist!

For information:For information:

TNO Evaluation Centre

Marc Witteman

PO-Box 5013

2600 GA Delft, The Netherlands

Phone: +31 15 269 2375

Fax: +31 15 269 2111

E-mail: witteman@tpd.tno.nl

E-mail: eib@tpd.tno.nl