A Versatile Framework for Implementation Attacks on Cryptographic and Embedded Devices

Timo Kasper, David Oswald, Chris­tof Paar

Lecture Notes in Computer Science, 2010


We present a unified framework for advanced implementation attacks that allows for conducting automated side-channel analysis and fault injection targeting all kinds of embedded cryptographic devices including RFIDs. Our proposed low-cost setup consists of modular functional units that can be interchanged, depending on the demands of a concrete attack scenario. We give details of customized modules for the communication with many types of embedded devices and other modules that allow to inject various types of faults. An FPGA-based approach enables very accurate timing and flexible adaption to any extension module. The corresponding data acquisition system for side-channel attacks makes precise power and EM analyses possible. Our setup facilitates the promising combination of active and passive techniques, which is known to render many established security countermeasures ineffective. We introduce several methods for the automatic profiling of cryptographic devices and model their behaviour both with respect to side-channel analysis and fault injection. To demonstrate the capabilities of our framework, we perform the first practical full key-recovery on a cryptographic contactless smartcard employing Triple-DES reported in the literature and inject multiple faults in a widespread microcontroller. We thereby disprove the common belief that highly sophisticated and expensive equipment is required to conduct such attacks. Rather, we illustrate a cost-effective setup that can be tailored to any desired type of security evaluation or penetration test.

[web] [bib] [pdf]

tags: embedded computing, fault injection, mobile, models, RFID, security evaluation, Side-Channel