Active electromagnetic attacks on secure hardware

نویسنده

  • Athanasios Theodore Markettos
چکیده

The field of side-channel attacks on cryptographic hardware has been extensively studied. In many cases it is easier to derive the secret key from these attacks than to break the cryptography itself. One such side-channel attack is the electromagnetic side-channel attack, giving rise to electromagnetic analysis (EMA). EMA, when otherwise known as 'TEMPEST' or 'compromising eman-ations', has a long history in the military context over almost the whole of the twentieth century. The US military also mention three related attacks , believed to be: HIJACK (modulation of secret data onto conducted signals), NONSTOP (modulation of secret data onto radiated signals) and TEAPOT (intentional malicious emissions). In this thesis I perform a fusion of TEAPOT and HIJACK/NONSTOP techniques on secure integrated circuits. An attacker is able to introduce one or more frequencies into a cryptographic system with the intention of forcing it to misbehave or to radiate secrets. I demonstrate two approaches to this attack. To perform the reception, I assess a variety of electromagnetic sensors to perform EMA. I choose an inductive hard drive head and a metal foil electric field sensor to measure near-field EM emissions. The first approach, named the re-emission attack, injects frequencies into the power supply of a device to cause it to modulate up baseband signals. In this way I detect data-dependent timing from a 'secure' micro-controller. Such up-conversion enables a more compact and more distant receiving antenna. The second approach involves injecting one or more frequencies into the power supply of a random number generator that uses jitter of ring oscillators as its random number source. I am able to force injection locking of the oscillators, greatly diminishing the entropy available. I demonstrate this with the random number generators on two commercial devices. I cause a 2004 EMV banking smartcard to fail statistical test suites by generating a periodicity. For a secure 8-bit microcontroller that has been used in banking ATMs, I am able to reduce the random number entropy from 2 32 to 225. This enables a 50% probability of a successful attack on cash withdrawal in 15 attempts. Acknowledgments This work would not have been possible without the support of a large number of people. Firstly, a number of parts were done in collaboration with others. I'd like to thank the following for the contributions they made: • Andrew West laid out the antennas for the Lochside Emissions Testing Block (ETB). • …

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Threshold Implementation as a Countermeasure against Power Analysis Attacks

One of the usual ways to find sensitive data or secret parameters of cryptographic devices is to use their physical leakages. Power analysis is one of the attacks which lay in such a model. In comparison with other types of side-channels, power analysis is so efficient and has a high success rate. So it is important to provide a countermeasure against it. Different types of countermeasures use ...

متن کامل

Secure FPGA Design by Filling Unused Spaces

Nowadays there are different kinds of attacks on Field Programmable Gate Array (FPGA). As FPGAs are used in many different applications, its security becomes an important concern, especially in Internet of Things (IoT) applications. Hardware Trojan Horse (HTH) insertion is one of the major security threats that can be implemented in unused space of the FPGA. This unused space is unavoidable to ...

متن کامل

Contactless Electromagnetic Active Attack on Ring Oscillator Based True Random Number Generator

True random number generators (TRNGs) are ubiquitous in data security as one of basic cryptographic primitives. They are primarily used as generators of confidential keys, to initialize vectors, to pad values, but also as random masks generators in some side channel attacks countermeasures. As such, they must have good statistical properties, be unpredictable and robust against attacks. This pa...

متن کامل

Arithmetic and Architectures for Secure Hardware Implementations of Public - Key Cryptography

This thesis studies implementations of cryptographic algorithms and protocols for embedded systems, which contribute towards the development of the future secure pervasive computing environment; this context puts tight constraints on performance, memory, power, area and bandwidth. Effective information protection against eavesdropping and modifications in open systems can only be achieved using...

متن کامل

Trusted-HB: a low-cost version of HB+ secure against Man-in-The-Middle attacks

Since the introduction at Crypto’05 by Juels and Weis of the protocol HB, a lightweight protocol secure against active attacks but only in a detection based-model, many works have tried to enhance its security. We propose here a new approach to achieve resistance against Man-in-The-Middle attacks. Our requirements – in terms of extra communications and hardware – are surprisingly low.

متن کامل

Characterization of the Information Leakage of Cryptographic Devices by Using EM Analysis

Cryptographic modules (software or hardware implementations of cryptographic algorithms) are widely used in our daily life in different applications in order to secure digital transactions and exchanges. In particular, cryptographic hardware is essential in smartcards, identification systems, mobile phones, pay television set-top boxes, transportation services and so on. This hardware component...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011