A Study on Smart Card Security A Study on Smart Card Security - PDF document

[ICCSA’ ’2004] 2004] [ICCSA A Study on Smart Card Security A Study on Smart Card Security Evaluation Criteria for Evaluation Criteria for Side Channel Attacks Side Channel Attacks Presented at the workshop ICCSA ICCSA 200 2004 4, , Presented at the workshop May 1 14 4- -1 17 7, 200 , 2004 4, , Assisi Assisi, , Italy Italy May 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 1 1 1

Agenda Agenda 1. Introduction Introduction 1. 2. Preliminaries 2. Preliminaries 3. Experiments of power analysis attacks Experiments of power analysis attacks 3. The MESD- -DPA attacks DPA attacks for RSA for RSA The MESD � � 4. The propose of the smart card security The propose of the smart card security 4. evaluation criteria for side channel attacks evaluation criteria for side channel attacks AVA- AVA -SCA SCA assurance family and 3 components assurance family and 3 components � � 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 2 2 2

1. Introduction 1. Introduction � In Practical In Practical � � A A small small cryptographic module cryptographic module leaks out leaks out the the � unwilling information information: : unwilling � Timing Timing � “Side Channel Information Side Channel Information” ” “ � Power Power � � Electromagnetic Electromagnetic Radiations Radiations � “Side Channel Attacks Side Channel Attacks” ” “ � Fault etc.. Fault etc.. � � In the power analysis attacks In the power analysis attacks � � The power trace is measured for an execution The power trace is measured for an execution � of a cryptographic operation of a cryptographic operation � The power analysis is more powerful than The power analysis is more powerful than � others others 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 3 3 3

1. Introduction 1. Introduction � Proposal Proposal - - t the smart card security he smart card security � evaluation criteria for side channel attacks evaluation criteria for side channel attacks � The vulnerability assessment activities in The vulnerability assessment activities in � Security Assurance Requirements Security Assurance Requirements � AVA_SCA assurance family and 3 components � The side channel analysis (SCA) is different to the The side channel analysis (SCA) is different to the � covert channel analysis (CCA) covert channel analysis (CCA) � Much stronger than the CCA for smartcard Much stronger than the CCA for smartcard � 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 4 4 4

2. Preliminaries Preliminaries 2. � Common Criteria Common Criteria (CC) (CC) & Protection Profile & Protection Profile (PP) (PP) � � CC CC : : Single international (common) IT product & system Single international (common) IT product & system � security criteria security criteria � Develops Protection Profiles (PP) and Security Targets � Develops Protection Profiles (PP) and Security Targets (ST) (ST) � Evaluation of products and systems against known � Evaluation of products and systems against known requirements requirements � PP : a detailed level of security requirements and PP : a detailed level of security requirements and � standards standards 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 5 5 5

2. Preliminaries Preliminaries 2. � Common Criteria Common Criteria (CC) (CC) � Part 3 Security Assurance Requirements Part 2 Security • Assurance Classes Functional Requirements • Assurance Families • Functional Classes Part 1 • Assurance Introduction & Model • Functional Families Components • Introduction to • Functional • Detailed Requests Approach Components • Eval. Assur. Levels • Terms & Model • Detailed Requests • Requirements for Protection Profiles Part 4 & Security Targets Registry of Protection Profiles 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 6 6 6

2. Preliminaries Preliminaries 2. � Protection Profiles (PP) or Security Targets (ST) Protection Profiles (PP) or Security Targets (ST) � PP (or) ST Introduction CC Conformance Claim (ST only) TOE Description Protection Profile & Security Target Security Threats Environment Security Policies Common Contents Secure Usage Assumptions Security TOE IT Security Objectives Objectives Environmental Security Objectives IT Security TOE IT Functional & Assurance Requirements Requirements Requirements for IT environment TOE Summary Security Target TOE IT Security Functions Specification TOE Assurance Measures Additions >> PP Claims 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 7 7 7

2. Preliminaries Preliminaries 2. � Vulnerability assessment Vulnerability assessment ( (class AVA class AVA) in CC/PP ) in CC/PP � � Covert channel analysis Covert channel analysis (AVA_CCA) (AVA_CCA) � � Misuse (AVA_MSU) Misuse (AVA_MSU) � � Strength TOE security functions (AVA_SOF) Strength TOE security functions (AVA_SOF) � � Vulnerability analysis (AVA_VLA) Vulnerability analysis (AVA_VLA) � � The threat The threats s in relation to side channel attacks in relation to side channel attacks � � T.P_Probe T.P_Probe (Physical probing) (Physical probing) � � T.P_Alter T.P_Alter � � T.Flt_Ins T.Flt_Ins � � T.I_Leak T.I_Leak � � T.link T.link � � T.Env_Str T.Env_Str � 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 8 8 8

3. The experiments The experiments 3. � In IDEAL crypto system � Secret keys are keep in secret C r y p t o g r a p h ic p r o c e s s in g I n p u t O u t p u t ( E n c r y p t /D e c r y p t /S ig n /e t c .) S e c r e t K e y s � In REAL crypto system Timing Leaked Information Power consumption(RSA, ECC … Power consumption(RSA, ECC …) ) Fault Insertion Fault Insertion Electromagnetic radiation ….. Cryptographic processing Input Output (Encrypt/Decrypt/Sign/etc.) Secret Keys 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 9 9 9

3. The experiments The experiments 3. � S ma r t C a r d – I n t e r n a l S t r u c t u r e C1 C5 C2 C6 C3 C7 C4 C8 • C1 : power supply input ( Vcc ) • C2 : RST for reset signal to card CPU CPU • C3 : CLK ( clock ) Reset Reset ROM ROM • C4 : not defined BUS BUS RAM RAM • C5 : GND ( ground ) Memory Memory • C6 : Vpp EEPROM EEPROM I/O I/O • C7 : communication Clock Clock • C8 : not defined 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 10 10 10

3. The experiments The experiments 3. � The Power analysis attack The Power analysis attack configurations configurations � 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 11 11 11

3. The experiments The experiments 3. � The Power analysis attacks The Power analysis attacks � In RSA, L- In RSA, L -R method R method � � It is possible to distinguish multiplication from squaring It is possible to distinguish multiplication from squar ing � � MESD- -RSA DPA differential signals: RSA DPA differential signals: MESD � � − − K 1 K 1 1 1 ∑ ∑ = − D [ r ] S [ r ] T [ r ] j j K K = = j 0 j 0 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 12 12 12

3. The experiments The experiments 3. � The MESD The MESD- -DPA attacks DPA attacks (RSA, L (RSA, L- -R method) R method) � � Secret Card Secret Card : : The correct secret digits The correct secret digits � { 1,0,1 1,0…} ,0…} { 1,0, � Guessing Card Guessing Card : : The guessed digits The guessed digits � rd bit is miss ,…} � � peak (3 peak (3 rd { 1,0,0 { 1,0, 0,…} bit is miss- -guessed!!) guessed!!) 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 13 13 13

3. The experiments The experiments 3. � In the results of the DPA attack, In the results of the DPA attack, � � Two hundred traces were analyzed at the Two hundred traces were analyzed at the � target bit position target bit position � Because the attacker guessed wrongly, the Because the attacker guessed wrongly, the � peak signal present at the fourth digit position peak signal present at the fourth digit position of the right picture of the right picture � The MESD attack is in success easily The MESD attack is in success easily � 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 14 14 14

4. The propose of side channel The propose of side channel 4. analysis family analysis family � Side channel analysis family (AVA_SCA) Side channel analysis family (AVA_SCA) � � T The side channel a he side channel analysis (SCA) nalysis (SCA) is different to is different to a a � covert channel a covert channel analysis (CCA) nalysis (CCA) � SCA is much stronger than CCA for smartcard SCA is much stronger than CCA for smartcard � � S � Separate the side eparate the side channel analysis channel analysis (AVA_SCA) (AVA_SCA) from AVA_CCA and AVA_VLA from AVA_CCA and AVA_VLA 2004- 2004 -05 05- -19 19 Dongseo University Dongseo University 15 15 15