Investigation of Implementation Attacks

In order to provide security for sensitive data on smart cards and embedded systems cryptographic algorithms are used. Unfortunately, even if such an algorithm has been evaluated in a mathematical model, the realization might leak information due to physical aspects of its implementation. Methods that use these aspects are called implementation attacks. They range from side-channel analysis, which exploit unintentionally leaking information during a critical operation, to fault attacks, which try to manipulate the behavior of a device. Side channel analysis as well as fault attacks have been widely researched in the cryptographic community. While side-channel analysis has been considered in theory and practice, most publications on fault attacks are theoretical. Thus, there are still many open questions in the field of practical fault injection. Furthermore, side-channel analysis and fault attacks are mostly considered separated. Recent research in combined attacks indicates that there are various possibilities to develop new attacks and appropriate countermeasures. The first goal of this project is to investigate different methods to influence the behavior of a device. Based on the possibilities of such a manipulation, fault attacks as well as countermeasures against them are developed. Our second goal is to expand the research on fault attacks by combining them with side-channel analysis. Our third goal is to continue our study on side-channels, which has been conducted within the FWF-funded project P18321-N15.

Every day, millions of small electronic devices face their task of processing and transmitting sensitive information in a vast number of various scenarios: e.g., conditional access modules like smart cards, secure data transmission between dedicated cryptographic coprocessors, secure storage of sensitive information in an embedded system. The so-called security devices usually execute some kind of mathematically secure cryptographic algorithm using a secret, usually denoted as secret key. The simplest attack on such devices would be a brute-force attack. Due to the high complexity of modern cryptographic algorithms, breaking (i.e. revealing the secret key) such devices by means of brute-force attacks would require thousands of billions of years using todays most powerful supercomputers. However, except for mathematical cryptanalysis there are several attack scenarios targeting the implementation of the cryptographic algorithm within a hardware device. The investigation of various types of so-called implementation attacks was the main goal of this project.During the project we intensively worked on practical methods to inject faults into various microcontrollers, i.e. to intentionally cause a malfunction of the devices to either reveal secret information stored on the device or to bypass / deactivate countermeasures against implementation attacks on the device. We successfully injected faults into various common microcontrollers by manipulating the clock signal, the power supply, the ambient temperature, as well as by laser shots in the devices using different types of laser diodes (different wavelengths). It turned out that modern asymmetric encryption schemes like RSA can be broken within minutes, even if they are protected against basic implementation attacks.Another very important part of the project was the investigation of electromagnetic emanations in the far field (approximately 30cm) of passive UHF RFID tags. It turned out that commercial low-cost RFID tags can be attacked from a certain distance by performing measurements in the EM far field. Contrary, modern WISP tags seemed to be more resistant to attacks based on measurements in the far field. In case of these devices, a different measurement procedure close to the tags was necessary to perform successful attacks.Further important results of the project in the field of side-channel attacks were: a combination of HW and SW countermeasures on a 32-bit processor platform resulting in very high security; the demonstration that stepped EM measurements on a microcontroller can be used to track the data flow within the device to a certain degree; and a completely new approach for hardware designers to verify the resistance against side-channel attacks based on exploiting the side-channel leakages of two devices at once.The results of the achieved project goals have been disseminated in more than 10 publications in international conference proceedings and journals.