Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security 2008

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security

1

TU Graz/Computer Science/IAIK/VLSI

Institute for Applied Information Processing and Communications (IAIK)

Graz University of Technology

VLSI

Thomas Plos

Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF

and UHF RFID-Tag Prototypes

Thomas Plos, Michael Hutter, Martin Feldhofer

Workshop on RFID Security 200809. - 11.07.2008, Budapest, Hungary

http://www.iaik.tugraz.at


2


VLSI

Thomas Plos

Outline

Motivation Prevalent countermeasures Hiding in time dimension Attacking techniques on hiding Arguments for using FFT Conducted attacks Tag prototypes Measurement setup Results Conclusion



3


VLSI

Thomas Plos

Motivation (1)

> 1 billion RFID tags sold in 2006

Movement towards “internet of things”

Current low-cost tags cannot prevent fake products

Enhanced functionality opens field for new applications Sensors Actuators

Weakest link of the system determines security crypto on tags

RFID tags (in billions)

1 billion

2017201520102006

100

500

Year

© IDTechEx Ltd



4


VLSI

Thomas Plos

Motivation (2) It was long believed that strong crypto is unfeasible on

passive RFID tags

Meanwhile great effort to bring standardized crypto on low-cost tags

Secure algorithm secure implementation

Side-channel analysis (SCA) exploits implementation weaknesses

Protection via countermeasures necessary



5


VLSI

Thomas Plos

Prevalent Countermeasures

Make power consumption independent of intermediate values

Principally two ‘types’ of countermeasures: Hiding

In time dimension: random insertion of dummy cycles shuffling

In amplitude dimension: increase noise reduce signal

Masking Boolean masking (e.g. ) Arithmetic masking (e.g. +, *)



6


VLSI

Thomas Plos

Hiding in Time Dimension

Highly suitable for low-resource devices like RFID tags Mainly effects control logic Cost efficient in terms of hardware

Time is not a critical parameter in RFID due to rather low data rates in protocols

Using the example of AES:

DD AES

Time

Encryption 1

Encryption 2

Encryption 3

AES

AES

DD

D D

b1

AES stateb1 b2 b3 b4

b5 b6 b7 b8

b9 b10 b11 b12

b13 b14 b15 b16

Encryption 1

Encryption 2

Encryption 3

b1 b2 b3 b4 b5 b6 b7 b8 b9 ...

b5 b6b7b8 b9 b10b11b12 b4 ...

b13 b14b15 b16 b1 b2b3 b4 ...b11

Dummy operations Byte shuffling



7


VLSI

Thomas Plos

Attacking Techniques on Hiding

Filtering (amplitude dimension) Attenuation of disturbing signals Requires knowledge of wanted signal/disturbing signal

Integration techniques (time dimension) Summing up “specific points” defined by a comb or a window Requires knowledge of “specific points”

Identification of parameters for filtering/integration techniques could be challenging

Can FFT help us?



8


VLSI

Thomas Plos

Arguments for Using FFT FFT is time-shift invariant

Efficiency of randomization is diminished Influence of misaligned traces during measurements is reduced

Filtering of disturbing signals not necessary (e.g. carrier signal of RFID reader)

Differential Frequency Analysis (DFA) first mentioned by C. Gebotys (CHES 2005)

Time domainTime domainFrequency

domainFFTTime domain

Frequency domain

Filtering

Integrating

Aligning

DPA/DEMA DFA

FFT



9


VLSI

Thomas Plos

Conducted Attacks

Analysis of RFID devices (HF and UHF) Current low-cost RFID tags do not contain

strong crypto + randomization Using self-made tag prototypes Integration of 128-bit AES with randomization Comparing DEMA with DFA

Disturbing carrier signal:DEMA + filtering vs. DFA

Disturbing carrier signal + randomization of AES:DEMA + filtering + windowing vs. DFA



10


VLSI

Thomas Plos

Tag Prototypes HF tag prototype

13.56MHz ISO14443-A Semi passive

UHF tag prototype 868MHz ISO18000-6C Semi passive



11


VLSI

Thomas Plos

Measurement Setup

RFID reader

Analog front end

PC

μC

Reader control

Tag prototype

Digital-storage

oscilloscope

EM probe

EM signalTrigger

Oscilloscope control



12


VLSI

Thomas Plos

Results (1)

HF tag prototype Disturbing 13.56 MHz carrier signal

DEMA + filtering DFA



13


VLSI

Thomas Plos

Results (2)

UHF tag prototype Disturbing 868 MHz carrier signal

DEMA + filtering DFA



14


VLSI

Thomas Plos

Results (3) HF tag prototype Disturbing 13.56 MHz carrier signal + randomization of

AES enabled

DEMA + filtering + windowing DFA



15


VLSI

Thomas Plos

Results (4) UHF tag prototype Disturbing 868 MHz carrier signal + randomization of

AES enabled

DEMA + filtering + windowing DFA



16


VLSI

Thomas Plos

Conclusion

Evaluation of SCA pre-processing techniques on RFID devices using hiding in time domain

HF and UHF RFID-tag prototypes implementing 128-bit AES with randomization

DEMA + filtering (+windowing) vs. DFA All attacks successful DFA offers good results without further

knowledge about implementation Hiding alone as countermeasure for RFID

tags not sufficient



17


VLSI

Thomas Plos

Side-Channel Analysis Lab

http://www.iaik.tugraz.at/research/sca-lab

[email protected]

[email protected]

[email protected]

Documents

Thomas Plos, Michael Hutter, Martin Feldhofer Workshop on RFID Security 2008