Chong Hee Kim

The Swiss-Knife RFID Distance Bounding Protocol

Relay attacks are one of the most challenging threats RFID will have to face in the close future. They consist in making the verifier believe that the prover is in its close vicinity by surreptitiously forwarding the signal between the verifier and an out-of-field prover. Distance bounding protocols represent a promising way to thwart relay attacks, by measuring the round trip time of short authenticated messages. Several such protocols have been designed during the last years but none of them combine all the features one may expect in a RFID system. We introduce in this paper the first solution that compounds in a single protocol all these desirable features. We prove, with respect to the previous protocols, that our proposal is the best one in terms of security, privacy, tag computational overhead, and fault tolerance. We also point out a weakness in Tu and Piramuthus protocol, which was considered up to now as one of the most efficient distance bounding protocol.

Fault attacks for CRT based RSA: new attacks, new results and new countermeasures

Nowadays RSA using Chinese Remainder Theorem (CRT) is widely used in practical applications. However there is a very powerful attack against it with a fault injection during one of its exponentiations. Many countermeasures were proposed but almost all of them are proven to be insecure. In 2005, two new countermeasures were proposed. However they still have a weakness. The final signature is stored in a memory after CRT combination and there is an error-check routine just after CRT combination. Therefore, if an attacker can do a double-fault attack that gives the first fault during one of the exponentiation and the other to skip the error-checking routine, then he can succeed in breaking RSA. In this paper, we show this can be done with the concrete result employing a glitch attack and propose a simple and almost cost-free method to defeat it.

RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks

RFID systems suffer from different location-based attacks such as distance fraud, mafia fraud and terrorist fraud attacks. Among them mafia fraud attack is the most serious since this attack can be mounted without the notice of both the reader and the tag. An adversary performs a kind of man-in-the-middle attack between the reader and the tag. It is very difficult to prevent this attack since the adversary does not change any data between the reader and the tag. Recently distance bounding protocols measuring the round-trip time between the reader and the tag have been researched to prevent this attack. All the existing distance bounding protocols based on binary challenges, without final signature, provide an adversary success probability equal to (3/4) n where n is the number of rounds in the protocol. In this paper, we introduce a new protocol based on binary mixed challenges that converges toward the expected and optimal (1/2) n bound. We prove its security in case of both noisy and non-noisy channels.

Faults, Injection Methods, and Fault Attacks

An active attacker can induce errors during the computation of the cryptographic algorithm and exploit the faulty results to extract information about the secret key in embedded systems. We call this kind of attack a fault attack. Fault attacks can break an unprotected system more quickly than any other kind of side-channel attack such as simple power analysis (SPA), differential power analysis (DPA), or electromagnetic analysis (EMA). For example, the attacker can break RSA-CRT (RSA with Chinese Remainder Theorem) with one faulty result, and Data Encryption Standard (DES) and Advanced Encryption Standard (AES) with two. Furthermore, the protection of fault attacks is more costly in terms of chip area. Here, we survey fault injection methods, types of faults, and fault attack models.

Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults

The naive implementation of AES is known to be vulnerable to Differential Fault Analysis (DFA). We can findthe key of AES-128 (AES with 128-bit key) with one pair of correct and faulty cipher texts. Recently several works on the extension of the attack to AES with 192 and 256-bit key have been published. Due to the longer key size and the characteristic of AES key schedule, we need subtle caution in attacking AES-192and AES-256. We propose new DFA against AES with 192 and256-bit key. We could retrieve AES-192 key with two pairs of correct and faulty cipher texts. With three pairs we could succeed in finding the key of AES-256. These are the minimal faults among the existing methods.

RFID Distance Bounding Protocols with Mixed Challenges

RFID systems suffer from different location-based attacks such as distance fraud, mafia fraud, and terrorist fraud. Among them mafia fraud is the most serious one as it can be mounted without the awareness of neither the reader nor the tag. In such an attack, the adversary acts as a man-in-the-middle who relays the signal between the two entities, possibly without knowing the specifications of the protocol used on the channel. Recently, distance bounding protocols measuring the round-trip times of messages exchanged between the reader and the tag have been designed to prevent this attack. Almost all the existing proposals are based on binary challenges, with no final signature, and provide a mafia fraud success probability equal to (3/4)n, where n is the number of rounds in the protocol, or require too much memory. In this article, we introduce new distance bounding protocols, based on binary mixed challenges, that converge toward the expected and optimal (1/2)n bound and which only require little memory.

An Efficient Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack

We propose a new public key trace and revoke scheme secure against adaptive chosen ciphertext attack. Our scheme is more efficient than the DF scheme suggested by Y. Dodis and N. Fazio[9]. Our scheme reduces the length of enabling block of the DF scheme by (about) half. Additionally, the computational overhead of the user is lower than that of the DF scheme; instead, the computational overhead of the server is increased. The total computational overhead of the user and the server is the same as that of the DF scheme, and therefore, our scheme is more practical, since the computing power of the user is weaker than that of the server in many applications. In addition, our scheme is secure against adaptive chosen ciphertext attack under only the decision Diffie-Hellman (DDH) assumption and the collision-resistant hash function H assumption, whereas the DF scheme also needs the one-time MAC (message authentication code) assumption.

Mutual Distance Bounding Protocols

A distance bounding protocol enables one entity to determine an upper bound on the physical distance to the other entity as well as to authenticate the other entity. It has been actively researched during the recent years as distance-based attacks like Mafia fraud attacks become a threat in wireless environment, especially in RFID systems. Almost all distance bounding protocols deal with unilateral authentication as they consider authentication of a passive RFID tag to a reader. Recently, a distance bounding protocol providing mutual authentication has been proposed by Yum et al. asserting that it provides a lower false acceptance rate under Mafia fraud attack. However, we show in two ways that their security margins have been overestimated. First, we show that their analysis is not correct. Second, we introduce a new attack that achieves a higher false acceptance rate. Furthermore, we introduce a method that can modify existing distance bounding protocols with unilateral authentication to ones providing mutual authentication.

Practical pay-TV scheme using traitor tracing scheme for multiple channels

A Pay-TV scheme broadcasts a set of services or streams instead of one. That is, a pay-TV scheme is a specific application of a broadcast encryption scheme in which the secret to be broadcast is associated with a number of services. For example, a pay-TV broadcaster offers various channels such as a sports channel, a movie channel, and so on. A traitor tracing scheme is a variant of a broadcast encryption scheme, so can be applied to construct a pay-TV scheme. However, because most known traitor tracing schemes deal with the broadcast of a single stream, a direct extension to multiple streams is too inefficient, i.e., direct extension to an m-stream case would involve an m-fold increase in the users secret keys. In other words, if the number of streams to be sent increases, the number of secret keys each user must store in a secure memory also linearly increases. Therefore, we require a specific traitor tracing scheme which can be efficiently applied to a pay-TV scheme. We propose a new traitor tracing scheme for multiple channels and its application to a pay-TV scheme. The number of secret keys each user must store in a secure memory is just one regardless of the number of channels and it cannot be changed. Our scheme has a revocation property, i.e., we can revoke some users without redistributing a new secret key to other un-revoked users. Our scheme also provides a so called holding property – we can revoke some users and un-revoke them without redistribution of new keys after some period. This is very useful in a pay-TV scheme since a user may wish to un-subscribe from a channel for some periods and re-subscribe again later. Moreover, our pay-TV scheme is based on a public key traitor tracing scheme. Therefore, any content provider can send encrypted data to users with the public key the system manager provides. Our scheme can also be extended to provide asymmetric property and be secure against the adaptive chosen ciphertext attack.

A Probing Attack on AES

The Advanced Encryption Standard (AES) defines the most popular block cipher. It is commonly used and often implemented on smart cards. In this paper, we show how a 128-bit AES key can be retrieved by microprobing. Thereby, a probe is placed onto the chip to spy on inner values. Watching one arbitrary bit of the AES State during the first two rounds of about 210 encryptions is enough to reveal the whole key. For special positions of the probe, this number can be reduced to 168. The paper demonstrates that even few information is sufficient for a successful attack on AES.