Four live demonstrations are presented: Timing Attack; Simple Power Analysis; Fault Attack, and finally an RFID Relay Attack demo.
- Timing Attack demo
The Timing Attack demo shows the importance of securely implementing a PIN
verification. If a PIN verification is implemented with operations which are
not time-invariant - for example an if-else construction - it is possible to identify
when an incorrect PIN digit is being compared by observing the timing information
of the corresponding EM side-channel measurement. By iterating through all possible
values of a PIN digit the correct character will be identified in a maximum of 10 attempts.
To make the PIN query secure, a time-invariant comparison has to be implemented.
For example, a bitwise XOR comparison and subsequent OR operation for all PIN digits,
ensures the same time is taken for all possible comparisons. This scheme is illustrated in
the block diagram.
- Simple Power Analysis demo
The RSA-Algorithm implemented in the Simple Power Analysis demo application is reduced
to a simple 8-Bit implementation for illustrative purposes. The physical smart card interface
used is contact-based.
By monitoring the voltage drop across a shunt resistor it is possible to measure the power
consumption of an RSA operation on a digital oscilloscope. Observation of the resulting
measurements reveal that it is possible to visually distinguish single square operations
from square and multiply operations. By iteratively logging this sequence of operations,
the bits of the exponent, that is the secret key, can be directly identified.
By using countermeasures like the square and always multiply algorithm, the decoding
of the exponent bits can be prevented and the key protected. The square and always
multiply algorithm is illustrated in the block diagram.
- Fault Attack demo
The Fault Attack demo shows what can happen at software execution, if a flashlight is
fired on a decapsulated chip which has no security measures.
With simple tools – a mechanical grinding tool and some chemical etchant - it is
possible to expose the surface of the chip and crudely inject photons into the
sensitive silicon substrate.
In this case the flashlight causes a skip in the execution of the PIN verification
code if the flash is discharged close to the surface at the correct moment.
In normal function expiration the UserPin is either correct or incorrect and access
to the data is granted or denied accordingly. With a successful flashlight
attack it doesn’t matter which value for UserPin is entered - after several tries
the attacker skips the query and has access to the secret data.
- RFID Relay Attack demo
The RFID Relay Attack demo demonstrates a new paradigm in
relay attacks in the context of software emulated smartcards on mobile devices.
Previous conditions about proximity of the attacker to the victim and the time
when the victim is approached, are negated. With a software emulated smartcard
on a mobile device an attacker can intercept and relay the transaction of a
potential victim remotely. This new attack paradigm greatly enhances the value
of this attack for criminals, and consequently will result in greater malware development efforts.
- Additional Information on the individual attacks