1 / 17

Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security 2008

Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes. Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security 2008 09. - 11.07.2008, Budapest, Hungary. Outline. Motivation Prevalent countermeasures

aira
Download Presentation

Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security 2008 09. - 11.07.2008, Budapest, Hungary

  2. Outline • Motivation • Prevalent countermeasures • Hiding in time dimension • Attacking techniques on hiding • Arguments for using FFT • Conducted attacks • Tag prototypes • Measurement setup • Results • Conclusion

  3. Motivation (1) > 1 billion RFID tags sold in 2006 Movement towards “internet of things” Current low-cost tags cannot prevent fake products Enhanced functionality opens field for new applications Sensors Actuators Weakest link of the system determines security  crypto on tags

  4. Motivation (2) It was long believed that strong crypto is unfeasible on passive RFID tags Meanwhile great effort to bring standardized crypto on low-cost tags Secure algorithm  secure implementation Side-channel analysis (SCA) exploits implementation weaknesses Protection via countermeasures necessary

  5. Prevalent Countermeasures Make power consumption independent of intermediate values Principally two ‘types’ of countermeasures: Hiding In time dimension: random insertion of dummy cycles shuffling In amplitude dimension: increase noise reduce signal Masking Boolean masking (e.g. ) Arithmetic masking (e.g. +, *)

  6. Hiding in Time Dimension Highly suitable for low-resource devices like RFID tags Mainly effects control logic Cost efficient in terms of hardware Time is not a critical parameter in RFID due to rather low data rates in protocols Using the example of AES: Dummy operations Byte shuffling

  7. Attacking Techniques on Hiding Filtering (amplitude dimension) Attenuation of disturbing signals Requires knowledge of wanted signal/disturbing signal Integration techniques (time dimension) Summing up “specific points” defined by a comb or a window Requires knowledge of “specific points” Identification of parameters for filtering/integration techniques could be challenging Can FFT help us?

  8. Arguments for Using FFT FFT is time-shift invariant Efficiency of randomization is diminished Influence of misaligned traces during measurements is reduced Filtering of disturbing signals not necessary (e.g. carrier signal of RFID reader) Differential Frequency Analysis (DFA) first mentioned by C. Gebotys (CHES 2005)

  9. Conducted Attacks Analysis of RFID devices (HF and UHF) Current low-cost RFID tags do not contain strong crypto + randomization Using self-made tag prototypes Integration of 128-bit AES with randomization Comparing DEMA with DFA Disturbing carrier signal: DEMA + filtering vs. DFA Disturbing carrier signal + randomization of AES: DEMA + filtering + windowing vs. DFA

  10. Tag Prototypes HF tag prototype 13.56MHz ISO14443-A Semi passive UHF tag prototype 868MHz ISO18000-6C Semi passive

  11. Measurement Setup

  12. Results (1) HF tag prototype Disturbing 13.56 MHz carrier signal DEMA + filtering DFA

  13. Results (2) UHF tag prototype Disturbing 868 MHz carrier signal DEMA + filtering DFA

  14. Results (3) HF tag prototype Disturbing 13.56 MHz carrier signal + randomization of AES enabled DEMA + filtering + windowing DFA

  15. Results (4) UHF tag prototype Disturbing 868 MHz carrier signal + randomization of AES enabled DEMA + filtering + windowing DFA

  16. Conclusion Evaluation of SCA pre-processing techniques on RFID devices using hiding in time domain HF and UHF RFID-tag prototypes implementing 128-bit AES with randomization DEMA + filtering (+windowing) vs. DFA All attacks successful  DFA offers good resultswithout furtherknowledge about implementation  Hiding alone as countermeasure for RFID tags not sufficient

  17. Thomas.Plos@iaik.tugraz.at Michael.Hutter@iaik.tugraz.at Martin.Feldhofer@iaik.tugraz.at http://www.iaik.tugraz.at/research/sca-lab

More Related