Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Slides:

Advertisements

Similar presentations

Slides created by: Professor Ian G. Harris Method of Attack, Physical Access Attacker has physical possession of the device  Many devices are small and.

Advertisements

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 CIS 5371 Cryptography 5b. Pseudorandom Objects in Practice Block Ciphers.

White-Box Cryptography

Cryptography and Network Security Chapter 3

Block Ciphers and the Data Encryption Standard

A Presentation by: ~Ksenia Potapov ~Amariah Condon ~Janette Fong ~Janice Lau CRYPTOGRAPHY.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.

DES 1 Data Encryption Standard DES 2 Data Encryption Standard  DES developed in 1970’s  Based on IBM Lucifer cipher  U.S. government standard  DES.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

In the last part of the course we make a review of selected technical problems in multimedia signal processing First problem: CONTENT SECURITY AND WATERMARKING.

Lecture 23 Symmetric Encryption

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Decryption Algorithms Characterization Project ECE 526 spring 2007 Ravimohan Boggula,Rajesh reddy Bandala Southern Illinois University Carbondale.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

Chapter 3 – Block Ciphers and the Data Encryption Standard

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

Dr. Khalid A. Kaabneh Amman Arab University

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Chapter 20 Symmetric Encryption and Message Confidentiality.

Smart card security Nora Dabbous Security Technologies Department.

Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

DIFFERENTIAL CRYPTANALYSIS Chapter 3.4. Ciphertext only attack. The cryptanalyst knows the cryptograms. This happens, if he can eavesdrop the communication.

Sandrine AGAGLIATE, FTFC Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès.

Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.

CRYPTOGRAPHY & NETWORK SECURITY Introduction and Basic Concepts Eng. Wafaa Kanakri Computer Engineering Umm Al-Qura University.

Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

Lecture 23 Symmetric Encryption

OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.

Computer and Network Security Rabie A. Ramadan Lecture 3.

The RC5 Encryption Algorithm: Two Years On Lisa Yin RC5 Encryption –Ron Rivest, December 1994 –Fast Block Cipher –Software and Hardware Implementations.

CRYPTOGRAPHY PRESENTED BY : NILAY JAYSWAL BRANCH : COMPUTER SCIENCE & ENGINEERING ENTRY NO. : 14BCS033 1.

Chapter 2 Symmetric Encryption.

© Information Security Group, ICU1 Block Cipher- introduction  DES Description: Feistel, S-box Exhaustive Search, DC and LC Modes of Operation  AES Description:

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

Block Cipher- introduction

1 Information Security – Theory vs. Reality , Winter Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer.

DES: Data Encryption Standard

CSE 5/7353 – January 25 th 2006 Cryptography. Conventional Encryption Shared Key Substitution Transposition.

CST 312 Pablo Breuer. A block of plaintext is treated as a whole and used to produce a ciphertext block of equal length Typically a block size of 64 or.

Embedded system security

INCS 741: Cryptography Overview and Basic Concepts.

Yossi Oren, yos strudel bgu.ac.il, yossioren System Security Engineering course, Dec

Overview on Hardware Security

Chapter3: Block Ciphers and the Data Encryption Standard

Xin Fang, Pei Luo, Yunsi Fei, and Miriam Leeser

ABYSS : An Architecture for Software Protection

By Theodora Kontogianni

Protect Your Hardware from Hacking and Theft

User-mode Secret Protection (SP) architecture

Chapter -2 Block Ciphers and the Data Encryption Standard

International Data Encryption Algorithm

Security in SDR & cognitive radio

Presentation transcript:

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie

1. Project Goals To illustrate a dangerous weakness in cryptographic smartcards and microprocessors - private information can be leaked through power usage (and other side channels). 1.Construct a system to acquire a large number of power traces from a smartcard or microprocessor. 2.Analyse captured power traces and search for leaked information. 3.Recover secret key information from a smartcard or microprocessor. 4.Suggest ways of preventing such power analysis attacks. 5.Discuss legal, political and commercial ramifications of this work.

2. Smartcard Technology Several varieties of smartcards exist: –Simple memory cards –Cards with a microprocessor and file system –Cards with a cryptographic coprocessor –Even cards that run a Java virtual machine Smartcards run an operating system that may allow additional programs to be loaded on to the card. The two most widely used operating systems are MULTOS and JavaCard. Smartcards conform to the ISO7816 standard which specifies physical and electrical characteristics. Other high level standards exist such as EMV which covers smartcards used in payment systems.

3. Smartcard Applications Smartcards have been used overseas for many years (especially in Europe), for applications such as healthcare and transport ticketing. Smartcard usage is growing, recent applications include: –Credit cards and payment systems (ANZ First, American Express Blue etc). –Personal identity cards – SMARTICS is currently being rolled out in Hong Kong, every citizen will be issued with a card containing identity information, and third party data. –Phone cards, building access cards, computer access cards…

4. Power Analysis Attacks Microprocessor-based devices, such as smartcards, consume different amounts of power depending on the instructions executed. This is due to the switching current drawn by the transistors along the logic path of each instruction. It is possible to discover the algorithms used inside smartcards by examining power traces (Simple Power Analysis). More sophisticated statistical techniques exist that can recover secret key material from cryptographic smartcards (Differential Power Analysis).

5. Example – DES Encryption Many cryptographic smartcards use the DES encryption algorithm to securely store sensitive information. DES takes a 64-bit plaintext input and a 56-bit key, and produces a 64-bit ciphertext output. The algorithm performs an initial permutation of the plaintext, followed by 16 feistel rounds, and finally an inverse permutation to produce the ciphertext. We observe the encryption operation to try and discover the secret key.

6. Equipment Setup For demonstration purposes, a PIC microprocessor is examined as it allows direct access to the source code. Smartcards use general purpose microprocessors so the results shown here also apply to smartcards. PIC running DES encryptions High Precision CRO Computer controls CRO and stores acquired waveforms

7. Simple Power Analysis A single power trace shows some characteristics of the algorithm. DES rounds are not easily observable at this macro level.

8. Simple Power Analysis Zooming in on a single DES round, the algorithm is now readily observable. Thus SPA can be used to discover the hidden implementation details of smartcards and other microprocessor-based devices.

9. Differential Power Analysis The effect of an individual key bit can be observed in a differential trace. Several regular peaks are visible at the start, large peaks are visible at the end. Differential trace of two encryptions with the same key Two encryptions with a different key (one bit different)

10. Commercial Ramifications Given that information is leaked through power analysis, smartcards can NOT be assumed safe and tamper resistant. It is not recommended that smartcards be used in applications that require high security, such as banking, personal identification, building security etc. Recent smartcards are addressing the problem of power analysis attacks and implement protection measures. It has not yet been ascertained if these measures are sufficient.

11. Conclusions Simple power analysis can be used to identify macro characteristics of algorithms used within smartcards and microprocessors. This allows discovery of hidden implementation details, and reverse engineering. Differential power analysis can be used to recover specific information such as the individual bits in a secret key. Specific protection measures must be implemented in all new smartcards, to ensure that information is not leaked via power consumption and other side channels.