Thomas Plos

Compact implementation and performance evaluation of block ciphers in ATtiny devices

The design of lightweight block ciphers has been a very active research topic over the last years. However, the lack of comparative source codes generally makes it hard to evaluate the extent to which implementations of different ciphers actually reach their low-cost goals on various platforms. This paper reports on an initiative aiming to relax this issue. First, we provide implementations of 12 block ciphers on an ATMEL AVR ATtiny45 8-bit microcontroller, and make the corresponding source code available on a web page. All implementations are made public under an open-source license. Common interfaces and design goals are followed by all designers to achieve comparable implementation results. Second, we evaluate performance figures of our implementations with respect to different metrics, including energy-consumption measurements and show our improvements compared to existing implementations.

An ECDSA Processor for RFID Authentication

In the last few years, a lot of research has been made to bring asymmetric cryptography on low-cost RFID tags. Many of the proposed implementations include elliptic-curve based coprocessors to provide entity-authentication services through for example identification schemes. This paper presents first results of an 192-bit Elliptic Curve Digital Signature Algorithm (ECDSA) processor that allows both entity and also message authentication by digitally signing challenges from a reader. The proposed architecture enhances the state-of-the-art in designing a low-resource ECDSA-enabled RFID hardware implementation. A tiny microcontroller is integrated to provide protocol scalability and re-use of common algorithms. The proposed processor signs a message within 859 188 clock cycles (127,ms at 6.78,MHz) and has a total chip size of 19 115 gate equivalents.

RFID and Its Vulnerability to Faults

Radio Frequency Identification (RFID) is a rapidly upcoming technology that has become more and more important also in security-related applications. In this article, we discuss the impact of faults on this kind of devices. We have analyzed conventional passive RFID tags from different vendors operating in the High Frequency (HF) and Ultra-High Frequency (UHF) band. First, we consider faults that have been enforced globally affecting the entire RFID chip. We have induced faults caused by temporarily antenna tearing, electromagnetic interferences, and optical inductions. Second, we consider faults that have been caused locally using a focused laser beam. Our experiments have led us to the result that RFID tags are exceedingly vulnerable to faults during the writing of data that is stored into the internal memory. We show that it is possible to prevent the writing of this data as well as to allow the writing of faulty values. In both cases, tags confirm the operation to be successful. We conclude that fault analysis poses a serious threat in this context and has to be considered if cryptographic primitives are embedded into low-cost RFID tags.

Susceptibility of UHF RFID tags to electromagnetic analysis

The number of applications that use radio-frequency identification (RFID) technology has grown continually in the last few years. Current RFID tags are mainly used for identification purposes and do not include crypto functionality. Therefore, classical RFID tags are not designed as secure devices and do not contain countermeasures against side-channel analysis (SCA). The lack of such countermeasures makes RFID tags vulnerable to attacks relying on electromagnetic (EM) analysis. When attaching crypto functionality to future RFID tags which is considered for many use cases like forgery protection of goods, SCA becomes a concern. In this work we show the susceptibility of UHF RFID tags to EM analysis by using differential-EM analysis attacks. We have examined commercially-available passive UHF RFID tags with a microchip. The results show that a simple dipole antenna and a digitalstorage oscilloscope connected to a computer are enough to determine data-dependent emanation of the microchip of passive UHF RFID tags at distances up to 1 m. Enhancement of RFID tags with crypto functionality therefore requires re-design of the whole tag architecture with respect to SCA.

Cache-Access pattern attack on disaligned AES t-tables

Cache attacks are a special form of implementation attacks and focus on the exploitation of weaknesses in the implementation of a specific algorithm. We demonstrate an access-driven cache attack, which is based on the analysis of memory-access patterns due to the T-table accesses of the Advanced Encryption Standard (AES). Based on the work of Tromer etal. [20] we gather the cache-memory access patterns of AES T-table implementations and perform a pattern-matching attack in order to recover the used secret key. These T-tables usually do not start at memory addresses which are mapped to the beginning of a specific cache line. Thus, focusing on disaligned AES T-tables allows us to recover the whole secret key by considering only the first round of the AES. We apply the presented cache attack on a Google Nexus S smartphone, which employs a Cortex-A8 processor and runs a fully-functioning operating system. The attack is purely implemented in software and the only requirement is a rooted mobile device. To the best of our knowledge, we are the first to launch an access-driven attack on an ARM Cortex-A processor. Based on our observations of the gathered access patterns we also present an enhancement, which in some cases allows us to recover the secret key without a subsequent brute-force key search.

Optical Fault Attacks on AES: A Threat in Violet

Microprocessors are the heart of the devices we rely on every day. However, their non-volatile memory, which often contains sensitive information, can be manipulated by ultraviolet (UV) irradiation. This paper gives practical results demonstrating that the non-volatile memory can be erased with UV light by investigating the effects of UV-Clight with a wavelength of 254nm on four different depackaged microcontrollers. We demonstrate that an adversary can use this effect to attack an AES software implementation by manipulating the 256-bit S-box table. We show that if only a single byte of the table is changed, 2 500 pairs of correct and faulty encrypted inputs are sufficient to recover the key with a probability of 90%, in case the key schedule is not modified by the attack. Furthermore, we emphasize this by presenting a practical attack on an AES implementation running on an 8-bit microcontroller. Our attack involves only a standard decapsulation procedure and the use of alow-cost UV lamp.

On the Applicability of Time-Driven Cache Attacks on Mobile Devices ,

Cache attacks are known to be sophisticated attacks against crypto- graphic implementations on desktop computers. Recently, also investigations of such attacks on testbeds with processors that are employed in mobile devices have been done. In this work we investigate the applicability of Bernsteins (4) timing attack and the cache-collision attack by Bogdanov et al. (6) in real environments on three state-of-the-art mobile devices. These devices are: an Acer Iconia A510, a Google Nexus S, and a Samsung Galaxy SIII. We show that T-table based im- plementations of the Advanced Encryption Standard (AES) leak enough timing information on these devices in order to recover parts of the used secret key using Bernsteins timing attack. We also show that systems with a cache-line size larger than 32 bytes exacerbate the cache-collision attack by Bogdanov et al. (6).

Security-Enabled Near-Field Communication Tag With Flexible Architecture Supporting Asymmetric Cryptography

This paper presents the design and implementation of a complete near-field communication (NFC) tag system that supports high-security features. The tag design contains all hardware modules required for a practical realization, which are: an analog 13.56-MHz radio-frequency identification (RFID) front-end, a digital part that includes a tiny (programmable) 8-b microcontroller, a framing logic for data transmission, a memory unit, and a crypto unit. All components have been highly optimized to meet the fierce requirements of passively powered RFID devices while providing a high level of flexibility and security. The tag is fully compliant with the NFC Forum Type-4 specification and supports the ISO/IEC 14443A (layer 1-4) communication protocol as well as block transmission according to ISO/IEC 7816. Its security features include support of encryption and decryption using the Advanced Encryption Standard (AES-128), the generation of digital signatures using the elliptic curve digital signature algorithm according to NIST P-192, and several countermeasures against common implementation attacks, such as side-channel attacks and fault analyses. The chip has been fabricated in a 0.35- μm CMOS process technology, and requires 49999 GEs of chip area in total (including digital parts and analog front-end). Finally, we present a practical realization of our design that can be powered passively by a conventional NFC-enabled mobile phone for realizing proof-of-origin applications to prevent counterfeiting of goods, or to provide location-aware services using RFID technology.

On the security of RFID devices against implementation attacks

Radio-Frequency Identification (RFID) is a wireless technology that already plays an important role in security-related applications. As soon as cryptographic features are integrated into RFID-enabled devices, the issue of implementation security becomes highly important. Implementation attacks exploit potential weaknesses of such devices and allow the extraction of sensitive information like secret keys. In this paper, we evaluate the efficiency of implementation attacks by conducting side-channel attacks and fault analysis on both High Frequency (HF) and Ultra-High Frequency (UHF) RFID tags. The results of our investigations disclose the potential vulnerability of RFID-tag implementations against practical attacks. Furthermore, this paper shows possible countermeasures that are optimised for resource-restricted devices like passive RFID tags.

On Comparing Side-Channel Preprocessing Techniques for Attacking RFID Devices

Security-enabled RFID tags become more and more important and integrated in our daily life. While the tags implement cryptographic algorithms that are secure in a mathematical sense, their implementation is susceptible to attacks. Physical side channels leak information about the processed secrets. This article focuses on practical analysis of electromagnetic (EM) side channels and evaluates different preprocessing techniques to increase the attacking performance. In particular, we have applied filtering and EM trace-integration techniques as well as Differential Frequency Analysis (DFA) to extract the secret key. We have investigated HF and UHF tag prototypes that implement a randomized AES implementation in software. Our experiments prove the applicability of different preprocessing techniques in a practical case study and demonstrate their efficiency on RFID devices. The results clarify that randomization as a countermeasure against side-channel attacks might be an insufficient protection for RFID tags and has to be combined with other proven countermeasure approaches.