Differential Power Analysis
From RFID Wiki
Contents |
[edit] Objective
The main goal of this project is to ensure whether RFID Guardian can perform Differential Power Analysis attack on the contactless smart cards.
[edit] Introduction
Power Analaysis attacks are the special form of side channel attacks , which exploits the fact that the instantaneous power consumption of a cryptographic device depends on the data it processess and operation it performs. Based upon this dependency it is possible to extract a secret key of a cryptographic device. The power consumption of most hardware devices is roughly proportional to the amount of bits changing their values at a certain time. This means a busy device consumes more power than an idle device, allowing an attacker to learn exactly how long an operation takes and raising the possibility of timing-based attacks. If an attacker has sufficiently sensitive equipment, he can even detect individual bits being flipped, allowing even more powerful attacks. Simple power analysis attack(SPA) is a technique that involves directly interpreting power consumption measurements collected during cryptographic operations. In other words, the attacker tries to derive the key more or less from a given trace. SPA requires a detailed knowledge about the implementation of the cryptographic algorithm that is executed by the device under attack.
[edit] Differential Power Analysis
Differential Power Analysis attack(DPA) is a technique to reveal secret keys of cryptographic devices based on a large number of power traces that have been recorded while the device encrypt or decrypt different data blocks. The main advantage of the DPA attacks compared to SPA attacks is that no detailed knowledge about the cryptographic device is necessary.In fact, it is fair enough to know the cryptographic algorithm that is executed by the device.
When a RFID reader contacts the RFID tag, reader generates an electromagenetic field and hits the antenna of the RFID tag. RFID tag gets charged due to the electrical current in the antenna produced by the electromagenetic field of the reader and starts communicating with the RFID reader. The communication in between them is monitored through the probe in the RFID Guardian. The measurement of EM power fluctuations during the period in between the communications, when RFID tag is performing cryptographic operation is observed to get insight to the secret key values.
What does a DPA attack require ?
1. Attacker must be able to precisely measure the power consumption.
2. Attacker needs to know what algorithm is computed.
3. Attacker needs the plain texts or cipher texts. The strategy of attacker is to make a lot of measurements, and then divide them with the aid of some oracle into two or more different sets. Then, statistical methods are used to verify the oracle. If and only if the oracle was right, one can see noticeable peaks in the statistics.
For more information on DPA, take a look at the following paper. [1]
[edit] Required Hardware/Software components
To perform a DPA attack on a smartcard several hardware and software components are required. On the hardware side we need the smart card and reader of course. To take the power/EM traces a high performance oscilloscope and probe are required. Initially we will be using a Picoscope 5203 as the oscilloscope and a custom loop antenna probe. Controlling the measurement hardware and performing the DPA analysis will be handled on the software side. Instead of developing our own software to perform these tasks we have opened a partnership with Riscure in the Netherlands and will be using their Inspector software. Inspector has modules already built in to perform most common trace analysis functions as well as the DPA analysis and interface nicely with the Picoscope line of oscilloscopes. Inspector also has can be customized through additional modules that can be developed using Java.
[edit] References
- "Power Analysis Attacks Revealing the Secrets of Smart Cards" by Stefan Mangard, Elisabeth Oswald, Thomas Popp.
