Introduction Tamper resistant device: Pay TV Mobile Phone Smart card electronic wallet DES – Data Encryption Standard 56 bits key 8 bits parities 16 sub keys to each run in the 16 rounds Function Symmetric Key System
Differential Fault Analysis Attack on DES based on 200 cipher texts in which one-bit error have been introduce by environmental stress Assumption – By exposing a processor to a low level of ionising radiation, that one-bit error can be induced in the data used and specifically in the key material fed into the successive rounds Attack by observation – Error cause leakage of information about Key material or Algorithm Structure
Differential Fault Analysis (Not so Realistic) No one has demonstrate the feasibility of this fault model Key material is held in EEPROM together with executable code Error in the key = error in the code Results: Processor crashes or uninformative error
The ideas is to apply a glitch Glitch – A rapid transient – in either the clock or the power supply to the chip Typical attacks – replacing 5MHz clock pulse with 20 MHz clock pulse to a smart card A Realistic Differential Attack Time
A Realistic Differential Attack (Cont) By varying the precise timing and and duration of the glitch, the CPU can be made to execute a number of completely different wrong instructions (Vary from one chips to another) Attack by using the instruction to writes the contents of a limited memory range to the serial port Example : Pay TV Smartcards
A Realistic Differential Attack (Cont) 1 b = answer_address 2 a = answer_length 3 if (a == 0) goto 8 4 transmit(*b) 5 b = b + 1 6 a = a – 1 7 goto 3 8 … The idea is to find a glitch that increase the program counter as usual but transforms either the conditional jump in line 3 or the loop variable decrement in line 6 into something else. The entire memory can be dumped Easier to induce error into the code than in the data Register x Register y Serial Port z x y u 3 Program Stack b Answer address
Rom Overwrite Attacks Single bit in ROM can be overwritten using laser cutter microscope Known implementation We can find one bit with the property that changing it will enable the key to be extracted easily
EEPROM Modification Attacks Where the algorithm is kept in EEPROM We can use two micro-probing needles to set and reset the target bit DES – Algorithm with parity check Wrong parity check will return error message Assumption – Key location are known Key can be attack directly First set the bit in EEPROM to 1 and operate the device. If it still work then the bit was 1. But if you get “key parity error” then the bit was 0. Move to next bit and repeat the process 101001001001011010101110101010010010011101110
Protocol Failure Poorly Design Protocol Only require simple/cheap equipment to exploit Example : Satellite TV Decoders Hardware crypto-processor that decipher video signal Micro-controller which passes message between the crypto-processor and the customer smart card If the customer stops paying his subscription, the system will send a message to disable the card
Protocol Failure (Cont) Replace the micro-controller with one which blocked that particular message Disable Disable Card “ Kentucky Fried Chip” Hack Disable Disable Card
Summery Differential Fault – induce error into the data using low radiation Realistic Differential Fault Attack – induce error into the code by applying a glitch Easier to induce error in code than data Rom Overwrite Attack – using laser cutter microscope to set one bit EEPROM Modification Attack – using 2 micro- probing needles to set/reset bits Protocol Failure
Question In a Realistic Differential Attack where we use a glitch to clause the CPU to execute wrong instruction. Is it possible to make the program crash similarly to the Differential Fault Analysis? Or is there another ways to prevent such attack?
Your consent to our cookies if you continue to use this website.