Presentation is loading. Please wait.

Presentation is loading. Please wait.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Published byBaby Whittlesey Modified over 9 years ago

Similar presentations

Presentation on theme: "Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie."— Presentation transcript:

1 Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie

2 1. Project Goals To illustrate a dangerous weakness in cryptographic smartcards and microprocessors - private information can be leaked through power usage (and other side channels). 1.Construct a system to acquire a large number of power traces from a smartcard or microprocessor. 2.Analyse captured power traces and search for leaked information. 3.Recover secret key information from a smartcard or microprocessor. 4.Suggest ways of preventing such power analysis attacks. 5.Discuss legal, political and commercial ramifications of this work.

3 2. Smartcard Technology Several varieties of smartcards exist: –Simple memory cards –Cards with a microprocessor and file system –Cards with a cryptographic coprocessor –Even cards that run a Java virtual machine Smartcards run an operating system that may allow additional programs to be loaded on to the card. The two most widely used operating systems are MULTOS and JavaCard. Smartcards conform to the ISO7816 standard which specifies physical and electrical characteristics. Other high level standards exist such as EMV which covers smartcards used in payment systems.

4 3. Smartcard Applications Smartcards have been used overseas for many years (especially in Europe), for applications such as healthcare and transport ticketing. Smartcard usage is growing, recent applications include: –Credit cards and payment systems (ANZ First, American Express Blue etc). –Personal identity cards – SMARTICS is currently being rolled out in Hong Kong, every citizen will be issued with a card containing identity information, and third party data. –Phone cards, building access cards, computer access cards…

5 4. Power Analysis Attacks Microprocessor-based devices, such as smartcards, consume different amounts of power depending on the instructions executed. This is due to the switching current drawn by the transistors along the logic path of each instruction. It is possible to discover the algorithms used inside smartcards by examining power traces (Simple Power Analysis). More sophisticated statistical techniques exist that can recover secret key material from cryptographic smartcards (Differential Power Analysis).

6 5. Example – DES Encryption Many cryptographic smartcards use the DES encryption algorithm to securely store sensitive information. DES takes a 64-bit plaintext input and a 56-bit key, and produces a 64-bit ciphertext output. The algorithm performs an initial permutation of the plaintext, followed by 16 feistel rounds, and finally an inverse permutation to produce the ciphertext. We observe the encryption operation to try and discover the secret key.

7 6. Equipment Setup For demonstration purposes, a PIC microprocessor is examined as it allows direct access to the source code. Smartcards use general purpose microprocessors so the results shown here also apply to smartcards. PIC running DES encryptions High Precision CRO Computer controls CRO and stores acquired waveforms

8 7. Simple Power Analysis A single power trace shows some characteristics of the algorithm. DES rounds are not easily observable at this macro level.

9 8. Simple Power Analysis Zooming in on a single DES round, the algorithm is now readily observable. Thus SPA can be used to discover the hidden implementation details of smartcards and other microprocessor-based devices.

10 9. Differential Power Analysis The effect of an individual key bit can be observed in a differential trace. Several regular peaks are visible at the start, large peaks are visible at the end. Differential trace of two encryptions with the same key Two encryptions with a different key (one bit different)

11 10. Commercial Ramifications Given that information is leaked through power analysis, smartcards can NOT be assumed safe and tamper resistant. It is not recommended that smartcards be used in applications that require high security, such as banking, personal identification, building security etc. Recent smartcards are addressing the problem of power analysis attacks and implement protection measures. It has not yet been ascertained if these measures are sufficient.

12 11. Conclusions Simple power analysis can be used to identify macro characteristics of algorithms used within smartcards and microprocessors. This allows discovery of hidden implementation details, and reverse engineering. Differential power analysis can be used to recover specific information such as the individual bits in a secret key. Specific protection measures must be implemented in all new smartcards, to ensure that information is not leaked via power consumption and other side channels.

Download ppt "Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie."

Similar presentations

Slides created by: Professor Ian G. Harris Method of Attack, Physical Access Attacker has physical possession of the device  Many devices are small and.

Slides created by: Professor Ian G. Harris Method of Attack, Physical Access Attacker has physical possession of the device  Many devices are small and.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.
White-Box Cryptography

White-Box Cryptography
Cryptography and Network Security Chapter 3

Cryptography and Network Security Chapter 3
Block Ciphers and the Data Encryption Standard

Block Ciphers and the Data Encryption Standard
A Presentation by: ~Ksenia Potapov ~Amariah Condon ~Janette Fong ~Janice Lau CRYPTOGRAPHY.

A Presentation by: ~Ksenia Potapov ~Amariah Condon ~Janette Fong ~Janice Lau CRYPTOGRAPHY.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 3 – Block Ciphers and the Data Encryption Standard
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.

Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.

Similar presentations

Ads by Google