Smart card security Nora Dabbous Security Technologies Department.

Slides:



Advertisements
Similar presentations
Smart Card Security Xufen Gao CS 265 Spring, 2004 San Jose State University.
Advertisements

Everything you always wanted to know about Smart Cards... Marc Witteman November 2001.
Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
+ CS 325: CS Hardware and Software Organization and Architecture Internal Memory.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Lesson 1 Computers and Computer Systems
FIRST COURSE Essential Computer Concepts. New Perspectives on Microsoft Office 2007: Windows XP Edition 2 Objectives Compare the types of computers Describe.
Lesson 1 Computers and Computer Systems
© 2014 by McGraw-Hill Education. This is proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.
Submitted by: Rahul Rastogi, CS Department.  Introduction  What is a smart card?  Better than magnetic stripe card.  Technology What’s in a card?
Main Memory Lecture 2 CSCI 1405, CSCI 1301 Introduction to Computer Science Fall 2009.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
System Unit By Sam Gibbs. System Unit The main part of a personal computer Includes a chassis, microprocessor, main memory, bus, and ports Does not include.
Basic Computer Organization CH-4 Richard Gomez 6/14/01 Computer Science Quote: John Von Neumann If people do not believe that mathematics is simple, it.
IC3 GS3 Standard Computing Fundamentals Module
Logic Device and Memory. Tri-state Devices Tri-state logic devices have three states: logic 1, logic 0, and high impedance. A tri-state device has three.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
F1020/F1031 COMPUTER HARDWARE MEMORY. Read-only Memory (ROM) Basic instructions for booting the computer and loading the operating system are stored in.
SMARTCARDS. What we’ll cover: How does the Smart Card work (layout and operating system)? Security issues for the card holder The present and future of.
Engineering 1040: Mechanisms & Electric Circuits Fall 2011 Introduction to Embedded Systems.
Unit 3: Hardware Components & Software Concepts
1 Lesson 1 Computers and Computer Systems Computer Literacy BASICS: A Comprehensive Guide to IC 3, 4 th Edition Morrison / Wells.
Computer maintenance chapters 1-7 review By Benjamin Houlton.
Today’s Topics  Chapter 6: System Unit  Chapter 7: Input/Output and Storage.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Techniques to Prevent Power Analysis on Encryption Hardware CS252 Final Project By Shengliang Song & Nikita Borisov Professor: Jan Rabaey & Kurt Keutzer.
Chapter 4 The System Unit: Processing and Memory Prepared by : Mrs. Sara salih.
Introduction to Computing: Lecture 4
Memory and Programmable Logic Dr. Ashraf Armoush © 2010 Dr. Ashraf Armoush.
Intro to Digital Technology HARDWARE CONCEPTS. IT-IDT-4 Identify, describe, evaluate, select, and use appropriate technology. IT-IDT-5 Understand, communicate,
CSCI 4717/5717 Computer Architecture
 Design model for a computer  Named after John von Neuman  Instructions that tell the computer what to do are stored in memory  Stored program Memory.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
What is a computer ?  A computer is an electronic device that can accept data and instruction, process them or store them for later retrieval, and sometimes.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
Chapter 8 Memory Interface
Smart Card Technology & Features
Memory Interface A Course in Microprocessor Electrical Engineering Dept. University of Indonesia.
1 Memory Design EE 208 – Logic Design Chapter 7 Sohaib Majzoub.
Sandrine AGAGLIATE, FTFC Power Consumption Analysis and Cryptography S. Agagliate Canal+Technologies P. Guillot Canal+Technologies O. Orcières Thalès.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Smart Cards by Mahadev Karadigudda. * Introduction * How smart cards assist in enhancing security * Security vulnerabilities * Conclusion.
Computer Organization. The digital computer is a digital system that performs various computational tasks Digital computer use binary number system which.
Cryptography Against Physical Attacks Dana Dachman-Soled University of Maryland
Hardware: Input and Processing. Input and Processing Technology Hardware devices can be grouped according to how and where they are used in the four steps.
Introduction Architecture Hardware Software Application Security Logical Attack Physical Attack Side channel Attack.
Fundamentals of Information Systems, Second Edition 1 Hardware and Software Chapter 2.
Lecture7 –More on Attacks Rice ELEC 528/ COMP 538 Farinaz Koushanfar Spring 2009.
1 Memory Hierarchy (I). 2 Outline Random-Access Memory (RAM) Nonvolatile Memory Disk Storage Suggested Reading: 6.1.
4 1 Computer Hardware Ch.5-A,B,C,D; Ch.4-B FALL 2000 Rob Wolfe.
SEPTEMBER 8, 2015 Computer Hardware 1-1. HARDWARE TERMS CPU — Central Processing Unit RAM — Random-Access Memory  “random-access” means the CPU can read.
1 Lesson 1 Computers and Computer Systems Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
COMPUTER COMPONENTS Ms Jennifer Computer Components.
PCs ENVIRONMENT and PERIPHERALS Lecture 3. operating system and other system software that control the usage of the computer equipment application programs.
Introduction to Information Technology, 2 nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc. 3-1 Introduction to Information Technology.
Advanced Information Security 6 Side Channel Attacks
The CPU is the brain of the computer
Overview of Computers and Programming Chapter 1
Chapter 7.2 Computer Architecture
Technology Literacy Hardware.
Memory Units Memories store data in units from one to eight bits. The most common unit is the byte, which by definition is 8 bits. Computer memories are.
How Things Work: Smart Cards Ian McConkey November 2, 2017
Electronics Technology
Timing Attacks.
Protect Your Hardware from Hacking and Theft
Hardware Components & Software Concepts
Lecture 5 Memory and storage
Computer Memory.
Presentation transcript:

Smart card security Nora Dabbous Security Technologies Department

2 The Smart Card... The smart card stores electronic data and programs in a protected file system  Protection by advanced security features  Tamper resistance Several types of smart cards  Contact Memory Microprocessor  Contactless Memory Microprocessor Smart card often means Microprocessor card

3 Close-up view...

4 Memory Characteristics EEPROM (non volatile memory, write times)  Up to 256K Bytes  Application data storage ROM (write once)  Up to 512 K Bytes  Software (Operating System) storage RAM (temporary)  Up to 5 K Bytes  Working memory Flash (non volatile memory)  Software patches or static application code & data

5 Contact Smart Cards Communication through electrical contacts

6 Contactless Smart Cards Communication over the air

The Chip Operating System File and directory management :  Create  Read Only  Add Information Only  Erase and Update Access protected by secret codes :  Data files  Secret Code files  Cryptographic key files

8 HOSTREADERSCARDS Application Players

9 Role of the Reader Application Software Reader Card The reader is the interface between the card and the application  It serves as a translator  It accepts the messages from the card and from the application software

10 Hardware Security

11 Smart card attack : Physical Security Smart card attacks : state of the art

12 Probing Data Used to know the data present on a bus micro-probing  probe the bus with a needle e-beam probing  probe the bus with an e-beam Si DATA BUS SI DATA BUS e-beam e - detector e -

13 Circuit modification Connect or disconnect security mechanism  disconnect security sensors  RNG stuck at a fixed value Cut or Paste tracks Add probe pads  make micro-probing of the buried layers possible Equipment Laser FIB Cut Metal strap

14 Fault Generation Vcc Clock Temperature UV Light X-Rays... Apply combinations of environmental conditions and bypass or infer secrets input key error

15 Hardware Security Measures Security Sensors (VCC, Temp. Light, UV, Clock) Data scrambling Address scrambling Current scrambling Several Independent Metal Layers Submicron scale Deeply buried buses Glue Logic

16 Embedded Software Security

17 Timing Attacks: Principles  TrueFalse Everything performed unconditionally before the test A test based on secret data is performed that leads to a boolean decision Depending on the boolean condition, the process may be long (t1) or short (t2) Everything performed unconditionally after the test

18 Power Attacks ICC's Power Consumption leaks information about data processing  Power Consumption = f(secret key, data) Deduce information about secret data and processing  empirical methods  statistical treatment Monitor ICC's Power Consumption  resistor  oscilloscope  post processing computer  chip

19 Power Analysis Tools for contact cards 5V 

20 Power Analysis Profiles Raw data, zoomed in Time Power 1m s Time

21 SPA attack on RSA Test key value : 0F 00 F0 00 FF F F FF

22 Key value : 2E C6 91 5B F9 4A SPA attack on RSA E C B F A 10 10

23 description :  choose a subset (subK i ) of n bits of K  perform a statistical test for each possible value of a subK i  Choose the best guess  Iterate on all possible subK i 's Differential Power Analysis 2 n n K subK i

24 Differential Power Analysis data processing for a value x of a subK i : Average D x n lklkjlsdq fdgcxv 1 0 dfdsffb M0M0 MnMn M1M1 -

25 Differential Power Analysis Choosing the right guess 012 n -1

26 Differential Power Analysis  wrong subK i  right subK i

27 Add noise Scramble power consumption or stabilize it Randomize all sensitive data variables with a fresh mask for every execution of an algorithm Randomize, randomize, randomize … Secret keys Messages Private exponents Bases Moduli Countermeasures

28 Electromagnetic Analysis on RSA Tests require a de-capsulation of chip with semi invasive method. A scanning of surface is needed to find the « good » area where electromagnetic analysis is possible. The chip is powered by contact reader

29 Electromagnetic Analysis One byte processed Power Em1 Em2 One bit processed SqMult d= d=..bf...

30 Radio Frequency Analysis (Contactless Cards) Tests are non-invasive. A simple magnetic loop made with copper wire is needed. An image of the magnetic field, modified by the card’s consumption, is collected. The chip is powered by a contactless reader.

31 Equipment (1/2)

32 There are many potential ways to attack a smart card But there are also many ways to counteract and efficiently protect your secrets Smart Cards are among the most secure embedded devices in the field today We try to keep it that way Conclusion

33 Read-on W. Rankl, W. Effing, Smart Card Handbook, 2nd edition, John Wiley & Sons, K. Vedder, Smart Cards - Requirements, Properties, and Applications, in State of the Art in Applied Cryptography, pages , LNCS 1528, Springer-Verlag,1997.

34 Any more questions?