thomas plos, michael hutter, martin feldhofer workshop on rfid security 2008
DESCRIPTION
Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes. Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security 2008 09. - 11.07.2008, Budapest, Hungary. Outline. Motivation Prevalent countermeasures - PowerPoint PPT PresentationTRANSCRIPT
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
1
TU Graz/Computer Science/IAIK/VLSI
Institute for Applied Information Processing and Communications (IAIK)
Graz University of Technology
VLSI
Thomas Plos
Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF
and UHF RFID-Tag Prototypes
Thomas Plos, Michael Hutter, Martin Feldhofer
Workshop on RFID Security 200809. - 11.07.2008, Budapest, Hungary
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
2
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Outline
Motivation Prevalent countermeasures Hiding in time dimension Attacking techniques on hiding Arguments for using FFT Conducted attacks Tag prototypes Measurement setup Results Conclusion
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
3
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Motivation (1)
> 1 billion RFID tags sold in 2006
Movement towards “internet of things”
Current low-cost tags cannot prevent fake products
Enhanced functionality opens field for new applications Sensors Actuators
Weakest link of the system determines security crypto on tags
RFID tags (in billions)
1 billion
2017201520102006
100
500
Year
© IDTechEx Ltd
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
4
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Motivation (2) It was long believed that strong crypto is unfeasible on
passive RFID tags
Meanwhile great effort to bring standardized crypto on low-cost tags
Secure algorithm secure implementation
Side-channel analysis (SCA) exploits implementation weaknesses
Protection via countermeasures necessary
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
5
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Prevalent Countermeasures
Make power consumption independent of intermediate values
Principally two ‘types’ of countermeasures: Hiding
In time dimension: random insertion of dummy cycles shuffling
In amplitude dimension: increase noise reduce signal
Masking Boolean masking (e.g. ) Arithmetic masking (e.g. +, *)
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
6
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Hiding in Time Dimension
Highly suitable for low-resource devices like RFID tags Mainly effects control logic Cost efficient in terms of hardware
Time is not a critical parameter in RFID due to rather low data rates in protocols
Using the example of AES:
DD AES
Time
Encryption 1
Encryption 2
Encryption 3
AES
AES
DD
D D
b1
AES stateb1 b2 b3 b4
b5 b6 b7 b8
b9 b10 b11 b12
b13 b14 b15 b16
Encryption 1
Encryption 2
Encryption 3
b1 b2 b3 b4 b5 b6 b7 b8 b9 ...
b5 b6b7b8 b9 b10b11b12 b4 ...
b13 b14b15 b16 b1 b2b3 b4 ...b11
Dummy operations Byte shuffling
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
7
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Attacking Techniques on Hiding
Filtering (amplitude dimension) Attenuation of disturbing signals Requires knowledge of wanted signal/disturbing signal
Integration techniques (time dimension) Summing up “specific points” defined by a comb or a window Requires knowledge of “specific points”
Identification of parameters for filtering/integration techniques could be challenging
Can FFT help us?
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
8
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Arguments for Using FFT FFT is time-shift invariant
Efficiency of randomization is diminished Influence of misaligned traces during measurements is reduced
Filtering of disturbing signals not necessary (e.g. carrier signal of RFID reader)
Differential Frequency Analysis (DFA) first mentioned by C. Gebotys (CHES 2005)
Time domainTime domainFrequency
domainFFTTime domain
Frequency domain
Filtering
Integrating
Aligning
DPA/DEMA DFA
FFT
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
9
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Conducted Attacks
Analysis of RFID devices (HF and UHF) Current low-cost RFID tags do not contain
strong crypto + randomization Using self-made tag prototypes Integration of 128-bit AES with randomization Comparing DEMA with DFA
Disturbing carrier signal:DEMA + filtering vs. DFA
Disturbing carrier signal + randomization of AES:DEMA + filtering + windowing vs. DFA
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
10
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Tag Prototypes HF tag prototype
13.56MHz ISO14443-A Semi passive
UHF tag prototype 868MHz ISO18000-6C Semi passive
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
11
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Measurement Setup
RFID reader
Analog front end
PC
μC
Reader control
Tag prototype
Digital-storage
oscilloscope
EM probe
EM signalTrigger
Oscilloscope control
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
12
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Results (1)
HF tag prototype Disturbing 13.56 MHz carrier signal
DEMA + filtering DFA
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
13
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Results (2)
UHF tag prototype Disturbing 868 MHz carrier signal
DEMA + filtering DFA
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
14
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Results (3) HF tag prototype Disturbing 13.56 MHz carrier signal + randomization of
AES enabled
DEMA + filtering + windowing DFA
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
15
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Results (4) UHF tag prototype Disturbing 868 MHz carrier signal + randomization of
AES enabled
DEMA + filtering + windowing DFA
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
16
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Conclusion
Evaluation of SCA pre-processing techniques on RFID devices using hiding in time domain
HF and UHF RFID-tag prototypes implementing 128-bit AES with randomization
DEMA + filtering (+windowing) vs. DFA All attacks successful DFA offers good results without further
knowledge about implementation Hiding alone as countermeasure for RFID
tags not sufficient
http://www.iaik.tugraz.at
Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security
17
TU Graz/Computer Science/IAIK/VLSI
VLSI
Thomas Plos
Side-Channel Analysis Lab
http://www.iaik.tugraz.at/research/sca-lab