Conference Paper

ElectroMagnetic Attack Test Platform for Validating RFID Tag Architectures

To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Full-text available
Radio Frequency Identification (RFID) is an emerging technology, which allows identifying targets without physical contact. The full-fledged High Frequency (HF) tags are the most popular RFID tags that are widely spread in many security applications such as electronic passports, access control, and contactless payment. These applications require relatively high cost security operations implemented in HF tags. However, these HF tags remain threatened by many passive attacks such as eavesdropping, desynchronization and ElectroMagnetic (EM) Side Channel Attacks (SCA). This thesis propose low cost security solutions for full-fledged HF RFID tags to ensure a secured communication. For this reason, we proposed low cost and secured digital tag architectures that implement a simple logic controller based on a Finite State Machine (FSM) (rather than a more complex controller based on a processor) and respect the ISO/IEC 14443 type A. These tag architectures implement classic block ciphers as AES and 3DES, and lightweight block ciphers as PRESENT and XTEA. We validated all these tag designs using a FPGA-based emulation platform. In addition, to evaluate the security of the digital tags against Electromagnetic Attack (EMA), we proposed a hardware test platform to apply the attacks. In order to secure the attacked designs against EMA, we proposed efficient and low cost security enhancements of the mutual authentication protocols (respecting the ISO/IEC 9798-2) using additional key update operations or using delay time functions.
Full-text available
Radio Frequency IDentification (RFID) is used in many applications such as access control, transport, ticketing and contactless payment. The full-fledged High Frequency (HF) tags are the most popular RFID tags for these applications that require relatively high cost security operations. However, these HF tags are threatened by many passive attacks such as eavesdropping, desynchronization and ElectroMagnetic (EM) Side Channel Attacks (SCA). In this article, we propose the implementation and the validation of a full-fledged HF tag architecture using an enhanced mutual authentication protocol. This is achieved using a FPGA platform. Security analysis against Electromagnetic Attack (EMA) and desynchronization attacks on the original protocol are presented. Then enhancements at the protocol level are proposed to overcome these attacks. The implementation of these security enhancements shows a low overhead (+22 LUTs) compared to previous existing security hardware solutions (+598 LUTs).
Full-text available
Amongst the many existing countermeasures against Side Channel Attacks (SCA) on symmetrical cryptographic algorithms, masking is one of the most widespread, thanks to its relatively low overhead, its low performance loss and its robustness against first-order attacks. However, several articles have recently pinpointed the limitations of this countermeasure when matched with variance-based and other high-order analyses. In this article, we present a new form of Boolean masking for the Advanced Encryption Standard (AES) called “RSM”, which shows the same level in performances as the state-of-the-art, while being less area consuming, and secure against Variance-based Power Analysis (VPA) and second-order zero-offset CPA. Our theoretical security evaluation is then validated with simulations as well as real-life CPA and VPA on an AES 256 implemented on FPGA.
Conference Paper
Full-text available
As most modern cryptographic Radio Frequency Identification (RFID) devices are based on ciphers that are secure from a purely theoretical point of view, e.g., (Triple-)DES or AES, adversaries have been adopting new methods to extract secret information and cryptographic keys from contactless smartcards: Side-Channel Analysis (SCA) targets the physical implementation of a cipher and allows to recover secret keys by exploiting a side-channel, for instance, the electro-magnetic (EM) emanation of an Integrated Circuit (IC). In this paper we present an analog demodulator specifically designed for refining the SCA of contactless smartcards. The customized analogue hardware increases the quality of EM measurements, facilitates the processing of the side-channel leakage and can serve as a plug-in component to enhance any existing SCA laboratory. Employing it to obtain power profiles of several real-world cryptographic RFIDs, we demonstrate the effectiveness of our measurement setup and evaluate the improvement of our new analog technique compared to previously proposed approaches. Using the example of the popular Mifare DESFire MF3ICD40 contactless smartcard, we show that commercial RFID devices are susceptible to the proposed SCA methods. The security analyses presented in this paper do not require expensive equipment and demonstrate that SCA poses a severe threat to many real-world systems. This novel attack vector has to be taken into account when employing contactless smartcards in security-sensitive applications, e.g., for wireless payment or identification.
Conference Paper
Full-text available
We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequency Identification Devices (RFID) and develop techniques for facilitating a correlation power analysis (CPA) in the presence of the field of an RFID reader. We practically verify the effectiveness of the developed methods by analysing the security of commercial contactless smartcards employing strong cryptography, pinpointing weaknesses in the protocol and revealing a vulnerability towards side-channel attacks. Employing the developed hardware, we present the first successful key-recovery attack on commercially available contactless smartcards based on the Data Encryption Standard (DES) or Triple-DES (3DES) cipher that are widely used for security-sensitive applications, e.g., payment purposes.
Counterfeiting is a major problem plaguing global supply chains. While small low-cost tagging solutions for supply-chain management exist, security in the face of fault-injection [1] and side-channel attacks [2] remains a concern. Power glitch attacks [3] in particular attempt to leak key-bits by inducing fault conditions during cryptographic operation through the use of over-voltage and under-voltage conditions. This paper presents the design of a secure authentication tag with wireless power and data delivery optimized for compact size and near-field applications. Power-glitch attacks are mitigated through state backup on FeRAM based non-volatile flip-flops (NVDFFs) [4]. The tag uses Keccak [5] (the cryptographic core of SHA3) to update the key before each protocol invocation, limiting side-channel leakage to a single trace per key. Fig. 1 shows the complete system including the tag, reader, and backend server implemented in this work. Tags are seeded at manufacture and this initial seed is stored in the server database before a tag is affixed to an item. A wireless power and data transfer (WPDT) frontend harvests energy from the reader (433 MHz inductive link) and powers the on-chip authentication engine (AE). On startup the AE updates its key using a PRNG (seeded with the old key) and increments the key index. The AE then responds to the subsequent challenge, by encrypting the challenge under the new key. These challenge-response pairs can be validated by a trusted server to authenticate the tag. Additionally, the server can use the key-index to resynchronize with the tag in the event of packet loss.
This paper gives a hands-on introduction to the Proxmark, a versatile tool for RFID security research. It can be used to analyze and reverse engineer RFID protocols de-ployed in billions of cards, tags, fobs, phones and keys. We give a heads up introduction on how to embed new modulation and encoding schemes into the Proxmark, which helps to get a grip on the low level RF-communication details. As example we point out several (dev-astating) weaknesses which are made at this low levels. Most notably the MIFARE Classic with its weakly encrypted parity bits, which enables an attacker to recover the secret key. Furthermore, we describe the practical cryptanalysis of several proprietary RFID protocols and ciphers. In this part we introduce the Proxmark as an effective attack tool that can perform practical attacks a hundred times faster than regular RFID readers.
Cloning Cryptographic RFID Cards for 25$
  • Timo Kasper
  • David Ingo Von Maurich
  • Christof Oswald
  • Paar
Nexys3 Board Reference Manual
  • Xilinx
A Keccak-Based Wireless Authentication Tag with per-Query Key Update and Power-Glitch Attack Countermeasures
  • S Chiraag
  • Hyungmin Juvekar
  • Joyce Lee
  • Anantha P Kwong
  • Chandrakasan