Presentation is loading. Please wait.

Presentation is loading. Please wait.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

Similar presentations

Presentation on theme: "Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong."— Presentation transcript:

1 Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong

2 Outline  Introduction  Differential Fault Analysis  A Realistic Differential Attack  Chip Rewriting Attacks  Protocol Failure  Summery  Questions

3 Introduction  Tamper resistant device: Pay TV Mobile Phone Smart card electronic wallet  DES – Data Encryption Standard 56 bits key 8 bits parities 16 sub keys to each run in the 16 rounds Function Symmetric Key System

4 Differential Fault Analysis  Attack on DES based on 200 cipher texts in which one-bit error have been introduce by environmental stress  Assumption – By exposing a processor to a low level of ionising radiation, that one-bit error can be induced in the data used and specifically in the key material fed into the successive rounds  Attack by observation – Error cause leakage of information about Key material or Algorithm Structure

5 Differential Fault Analysis (Not so Realistic)  No one has demonstrate the feasibility of this fault model  Key material is held in EEPROM together with executable code  Error in the key = error in the code  Results: Processor crashes or uninformative error

6  The ideas is to apply a glitch  Glitch – A rapid transient – in either the clock or the power supply to the chip  Typical attacks – replacing 5MHz clock pulse with 20 MHz clock pulse to a smart card A Realistic Differential Attack Time

7 A Realistic Differential Attack (Cont)  By varying the precise timing and and duration of the glitch, the CPU can be made to execute a number of completely different wrong instructions (Vary from one chips to another)  Attack by using the instruction to writes the contents of a limited memory range to the serial port  Example : Pay TV Smartcards

8 A Realistic Differential Attack (Cont) 1 b = answer_address 2 a = answer_length 3 if (a == 0) goto 8 4 transmit(*b) 5 b = b + 1 6 a = a – 1 7 goto 3 8 …  The idea is to find a glitch that increase the program counter as usual but transforms either the conditional jump in line 3 or the loop variable decrement in line 6 into something else.  The entire memory can be dumped  Easier to induce error into the code than in the data Register x Register y Serial Port z x y u 3 Program Stack b Answer address

9 Rom Overwrite Attacks  Single bit in ROM can be overwritten using laser cutter microscope  Known implementation We can find one bit with the property that changing it will enable the key to be extracted easily

10 EEPROM Modification Attacks  Where the algorithm is kept in EEPROM We can use two micro-probing needles to set and reset the target bit  DES – Algorithm with parity check Wrong parity check will return error message  Assumption – Key location are known  Key can be attack directly First set the bit in EEPROM to 1 and operate the device. If it still work then the bit was 1. But if you get “key parity error” then the bit was 0. Move to next bit and repeat the process 101001001001011010101110101010010010011101110

11 Protocol Failure  Poorly Design Protocol  Only require simple/cheap equipment to exploit  Example : Satellite TV Decoders Hardware crypto-processor that decipher video signal Micro-controller which passes message between the crypto-processor and the customer smart card If the customer stops paying his subscription, the system will send a message to disable the card

12 Protocol Failure (Cont)  Replace the micro-controller with one which blocked that particular message Disable Disable Card “ Kentucky Fried Chip” Hack Disable Disable Card

13 Summery  Differential Fault – induce error into the data using low radiation  Realistic Differential Fault Attack – induce error into the code by applying a glitch Easier to induce error in code than data  Rom Overwrite Attack – using laser cutter microscope to set one bit  EEPROM Modification Attack – using 2 micro- probing needles to set/reset bits  Protocol Failure

14 Question  In a Realistic Differential Attack where we use a glitch to clause the CPU to execute wrong instruction. Is it possible to make the program crash similarly to the Differential Fault Analysis? Or is there another ways to prevent such attack?

Download ppt "Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong."

Similar presentations

Ads by Google