[PPT] - Contact-based Fault Injections and Power Analysis on RFID Tags PowerPoint Presentation

SLIDE 1

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 1

TU Graz/Computer Science/IAIK/VLSI/SCA Antalya, 2009 ECCTD 2009

Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology

VLSI

Contact-based Fault Injections and Power Analysis on RFID Tags

Michael Hutter, Jörn-Marc Schmidt, Thomas Plos ECCTD 2009

SLIDE 2

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 2

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Presentation Outline

Introduction
Implementation attacks on RFID
Related work
Contact-based measurement setup
Fault injection setup and results
Power analysis setup and results
Conclusions and future work

SLIDE 3

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 3

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Introduction

RFID … Radio Frequency Identification
Small microchip attached to an antenna
Reader field is used for
Communication
Power supply
(Clock signal)

Reader

SLIDE 4

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 4

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Implementation Attacks on RFID

Active attacks
Fault attacks
Passive attacks
Physical probing
Side-channel attacks
Power consumption
Electromagnetic radiation
Timing analysis

SLIDE 5

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 5

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Recent Work

Oren and Shamir 2006
Simple power analysis attacks on UHF tags
Hutter et al. 2007
Differential electromagnetic analysis on HF tags
Plos 2008
Differential electromagnetic analysis on UHF tags
Hutter et al. 2008
Fault attacks on HF and UHF tags
This work
Differential power analysis and fault attacks on UHF and HF

Our Analysis

Performed fault attacks and power-analysis

attacks on different RFID tags

We induced over-voltage spikes into the chip-antenna

connections

Analyzed HF and UHF tags
ISO 15693 and ISO 18000-6C (EPC Gen2)
Focus on write operation
Critical in terms of power consumption and execution time
Used a contact-based measurement setup

SLIDE 7

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 7

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Contact-based Measurement Setup

Tag chip RFID reader

Rterm Rseries PC Reader control

The chip of the tag is separated from its antenna
Chip and reader are directly connected by 2 wires
No air interface (no inductive/electromagnetic coupling)
The setup allows…
… contact-based fault injections
… power-consumption measurements of

the chip

SLIDE 8

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 8

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Basic Communication Process

Response time Reader request Tag response

SLIDE 9

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 9

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Fault-Injection Setup

Reader control Trigger PC

Tag chip µC RFID reader

RTerm

FPGA board DC supply

Switch control

Two high-speed multiplexers connect the chip to

a DC voltage (over-voltage injection)

Trigger device

SLIDE 10

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 10

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Trigger Signal

Trigger device
SASEBO board used to control the trigger delay and duration
A microcontroller is used to listen to the reader communication

and to provide a trigger signal after a write command

Fault injections during the response time of the

chip (a few milliseconds)

Trigger device was programmed to sweep across the response

time (automatic sweep)

Injected spikes in steps of 9ns
Over-voltage was induced for at least 80ns

SLIDE 11

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 11

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Results

Faults cause the chip to write faulty values into

the memory

Tags perform a reset during the writing of data
The faulty value depends on

the trigger delay

Different tags have a

different writing time

Allows fingerprinting of RFID tags

SLIDE 12

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 12

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Power-Analysis Setup

For HF tags
Power is measured over a 100 Ohm resistor
For UHF tags
Power is measured over the internal capacity (0.1pF) of the differential

probe (no resistor used)

Reader control Trigger PC Differential probe Oscilloscope control Digital-storage

scilloscope

Tag chip µC RFID reader

RTerm RMeas

SLIDE 13

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 13

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Power-Analysis Attacks

Trace acquisition
1000 traces for UHF tags and 10000 traces for HF tags were

measured

Sampling rate: 100 MS/s
Post-processing techniques
Calculated the envelope signal (absolute values + 2 MHz low-

pass filter

Horizontal and vertical trace alignment
Target of the attack
8-bit value that was written into memory
Different Power models applied

SLIDE 14

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 14

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Results

All attacks have been successful

ISO 18006C UHF tag ISO 15693 HF tag

SLIDE 15

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 15

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

Summary

Performed fault and power-analysis attacks on

RFID

Analyzed HF and UHF RFID tags
Contact-based measurement setup used
All attacks have been performed successfully
Security-enabled RFID devices have to include

countermeasures to thwart these attacks

SLIDE 16

http://www.iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK) – VLSI & Security 16

TU Graz/Computer Science/IAIK/VLSI/SCA ECCTD 2009

VLSI

Antalya, 2009

http://www.iaik.tugraz.at/content/research/implementation_attacks/

Michael.Hutter@iaik.tugraz.at Jörn-Marc.Schmidt@iaik.tugraz.at Thomas.Plos@iaik.tugraz.at

Contact-based Fault Injections and Power Analysis on RFID Tags - - PowerPoint PPT Presentation

Contact-based Fault Injections and Power Analysis on RFID Tags

Presentation Outline

Introduction

Implementation Attacks on RFID

Recent Work

Our Analysis

attacks on different RFID tags

Contact-based Measurement Setup

the chip

Basic Communication Process

Response time Reader request Tag response

Fault-Injection Setup

a DC voltage (over-voltage injection)

Trigger Signal

chip (a few milliseconds)

Results

the memory

the trigger delay

different writing time

Power-Analysis Setup

Power-Analysis Attacks

Results

Summary

RFID

countermeasures to thwart these attacks

Thank you for your attention.

Questions?