Presentation is loading. Please wait.

Presentation is loading. Please wait.

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information.

Similar presentations


Presentation on theme: "Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information."— Presentation transcript:

1 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Thomas Plos Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security , Budapest, Hungary

2 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 2 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Outline  Motivation  Prevalent countermeasures  Hiding in time dimension  Attacking techniques on hiding  Arguments for using FFT  Conducted attacks  Tag prototypes  Measurement setup  Results  Conclusion

3 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 3 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Motivation (1)  > 1 billion RFID tags sold in 2006  Movement towards “internet of things”  Current low-cost tags cannot prevent fake products  Enhanced functionality opens field for new applications  Sensors  Actuators  Weakest link of the system determines security  crypto on tags

4 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 4 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Motivation (2)  It was long believed that strong crypto is unfeasible on passive RFID tags  Meanwhile great effort to bring standardized crypto on low-cost tags  Secure algorithm  secure implementation  Side-channel analysis (SCA) exploits implementation weaknesses  Protection via countermeasures necessary

5 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 5 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Prevalent Countermeasures  Make power consumption independent of intermediate values  Principally two ‘types’ of countermeasures:  Hiding  In time dimension:  random insertion of dummy cycles  shuffling  In amplitude dimension:  increase noise  reduce signal  Masking  Boolean masking (e.g.  )  Arithmetic masking (e.g. +, *)

6 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 6 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Hiding in Time Dimension  Highly suitable for low-resource devices like RFID tags  Mainly effects control logic  Cost efficient in terms of hardware  Time is not a critical parameter in RFID due to rather low data rates in protocols  Using the example of AES: Dummy operationsByte shuffling

7 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 7 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Attacking Techniques on Hiding  Filtering (amplitude dimension)  Attenuation of disturbing signals  Requires knowledge of wanted signal/disturbing signal  Integration techniques (time dimension)  Summing up “specific points” defined by a comb or a window  Requires knowledge of “specific points”  Identification of parameters for filtering/integration techniques could be challenging  Can FFT help us?

8 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 8 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Arguments for Using FFT  FFT is time-shift invariant  Efficiency of randomization is diminished  Influence of misaligned traces during measurements is reduced  Filtering of disturbing signals not necessary (e.g. carrier signal of RFID reader)  Differential Frequency Analysis (DFA) first mentioned by C. Gebotys (CHES 2005)

9 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 9 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Conducted Attacks  Analysis of RFID devices (HF and UHF)  Current low-cost RFID tags do not contain strong crypto + randomization  Using self-made tag prototypes  Integration of 128-bit AES with randomization  Comparing DEMA with DFA  Disturbing carrier signal: DEMA + filteringvs.DFA  Disturbing carrier signal + randomization of AES: DEMA + filtering + windowingvs. DFA

10 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 10 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Tag Prototypes  HF tag prototype  13.56MHz  ISO14443-A  Semi passive  UHF tag prototype  868MHz  ISO C  Semi passive

11 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 11 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Measurement Setup

12 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 12 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (1)  HF tag prototype  Disturbing MHz carrier signal DEMA + filtering DFA

13 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 13 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (2)  UHF tag prototype  Disturbing 868 MHz carrier signal DEMA + filtering DFA

14 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 14 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (3)  HF tag prototype  Disturbing MHz carrier signal + randomization of AES enabled DEMA + filtering + windowing DFA

15 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 15 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Results (4)  UHF tag prototype  Disturbing 868 MHz carrier signal + randomization of AES enabled DEMA + filtering + windowing DFA

16 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 16 TU Graz/Computer Science/IAIK/VLSI Thomas Plos Conclusion  Evaluation of SCA pre-processing techniques on RFID devices using hiding in time domain  HF and UHF RFID-tag prototypes implementing 128-bit AES with randomization  DEMA + filtering (+windowing) vs. DFA  All attacks successful  DFA offers good results without further knowledge about implementation  Hiding alone as countermeasure for RFID tags not sufficient

17 Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 17 TU Graz/Computer Science/IAIK/VLSI Thomas Plos


Download ppt "Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1 TU Graz/Computer Science/IAIK/VLSI Institute for Applied Information."

Similar presentations


Ads by Google