SlideShare une entreprise Scribd logo

How multi-fault injection breaks the security of smart cards

Riscure
Riscure

At RSA Conference 2010 Riscure's Marc Witteman presented an essential overview of fault injection attacks theory and showed a number of practical attacks at hardware using FI.

Technologie
1  sur  57
Télécharger pour lire hors ligne
Title of Presentation Marc Witteman Riscure Session ID: RR-201 Session Classification: Advanced How multi-fault injection breaks the security of smart cards
Imagine you could turn your BART EZ Rider fare card into a military CAC card… 2
Objectives • Get an overview of fault injection threats • Learn about countermeasures • Discover the possibilities of next generation fault injection methods 3
Agenda Countermeasures Method improvements Attacks in practice 4 Fault Injection Wrap-up
Fault injection 5
Fault Attack channels • Voltage glitching • Clock glitching • Optical glitching 6
Fault attack scenarios Some example attack scenarios • Verification bypass • Code dump • Differential Fault Analysis 7
Tools Tools used for fault injection • Hardware for glitch control • Flash bulbs and lasers • Software for experiment control 8
Countermeasures 9
Countermeasures • Double checking • Signature verification • Traps • Randomization • Shields and sensors 10
Double checking 11 short pin_check(byte* buffer) { if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check if(array_compare(pin,buffer,4) != 0) { auth = FALSE; // PIN not ok at second check return 0x6986; } else { // PIN ok … } } else { // PIN not ok at first check … }
Double checking 12 short pin_check(byte* buffer) { if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check if(array_compare(pin,buffer,4) != 0) { auth = FALSE; // PIN not ok at second check return 0x6986; } else { // PIN ok … } } else { // PIN not ok at first check … } Second check detects fault Glitch forces acceptance of false PIN
Verify signatures 13 short sign_and_verify(byte* buffer) { sign( buffer, signature ); if (verify( buffer, signature) { auth = TRUE; // signature verification success send( signature ); } // send signature return 0x9000; } // report success else { auth = FALSE; // signature verification fail return 0x6986; } // no signature transmission
Verify signatures 14 short sign_and_verify(byte* buffer) { sign( buffer, signature ); if (verify( buffer, signature) { auth = TRUE; // signature verification success send( signature ); } // send signature return 0x9000; } // report success else { auth = FALSE; // signature verification fail return 0x6986; } // no signature transmission Glitch corrupts signature Verify detects corrupted signature
Traps 15 byte result = SOME_VALUE; byte resultChecksum = ~SOME_VALUE; // create checksum … if ((result ^ resultChecksum) != 0xFF) fail(); // verify checksum
Traps 16 byte result = SOME_VALUE; byte resultChecksum = ~SOME_VALUE; // create checksum … if ((result ^ resultChecksum) != 0xFF) fail(); // verify checksum Glitch corrupts value Trap may mute or kill card
Randomization 17 short pin_check(byte* buffer) { // get random number in range 0..255 int rnd = get_random( 256 ); while (rnd > 0) rnd--; // random delay if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) { … Randomness introduced by • Random delays (software loop) • Cycle stealing (CPU skips clock cycle) • Drifting clock
Randomization 18 short pin_check(byte* buffer) { // get random number in range 0..255 int rnd = get_random( 256 ); while (rnd > 0) rnd--; // random delay if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) { … Randomness introduced by • Random delays (software loop) • Cycle stealing (CPU skips clock cycle) • Drifting clock Random delay stops time-based glitches
Shields and Sensors 19 • Shields block optical glitches • Sensors detect glitches
Method improvements 20
Limitations of common equipment • Standard signal generators lack flexibility • Laser cutters are coarse • Diode lasers are divergent and weak • Process control inefficient 21 ???
Improvements in design • Flexible glitch control hardware • Smart triggering • Effective diode lasers • Efficient control software 22
Glitch control hardware requirements and design 23 Multi channel • Clock, • VCC (supply voltage) • Optical Precise • low latency • short pulses • exact timing Adaptive • configure remotely • diverse triggers • Monitor side channel ControlUSB Trigger in LaserContact smart card LCD Display Trigger out Smart card RST Smart card I/O Smart card VCC Smart card CLK Glitch circuit with smart card Glitch generatorCPU+ memory Switch Power monitor mode CLK VCC vcc/clk/laser
Glitch control hardware implementation General-purpose high speed FPGA board mounted on top of dedicated PCB with analog and digital drivers and interfaces 24
Smart triggering, what for? Variable delays stop time based glitch triggers 25 Instruction to hit
Smart triggering concept 26 • Real time comparison of signal arrays • Use Sum of Absolute Differences
Smart triggering result Trigger moment is now fixed to device behavior 27 Instruction to hit
Smart triggering on noisy signals? • Noise hides useful signals 28
Spectrum of noisy signals • Spectrum reveals signals obscured by noise • High frequencies include distinguishing features 29
Frequency conversion of noisy signals • High frequencies are difficult to sample • Pattern matching easiest on DC components • Frequency mixing and demodulation makes high frequent features detectable 30
Feature recognition in noisy signals • Filtering produces detectable signal 31
Smart triggering architecture and implementation FPGA board combined with dedicated electronics 32 Control Filter Reference signal (2x) Acquisition SAD processor (2×) USB Trigger in Filter in Filter out Signal in Trigger out (2×) SAD out
Diode laser requirements Lasers must support • fast switching • power control • multiple colors 33 33 Source: Sergei Skorobogatov
Diode laser system requirements System requirements • Camera view • Motorized XY stage Optics requirements • Correct beam divergence • Small spot size (~1 µm) Remote controllable parameters • XY position • Glitch timing & amplitude 34
Fault Injection Software Fault injection process requirements • Configurable and repeatable • Automated execution and logging 35
Attacks in practice 36
Attacks in practice • Backside attacks • Virtual imaging • Real time multi glitching 37
Backside attacks (1) 38
Backside attacks (2) 39
Side channel observation after fault injection Behavior shifted in time 40
Virtual imaging 41
Multi glitch timing Diode lasers can switch at high frequency 42
Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find end with smart triggering 43
Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Glitch condition 44
Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find begin with smart triggering and force power down 45
Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Glitch condition 46
Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find end with smart triggering 47
Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Glitch condition 48
Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find begin with smart triggering and force power down 49
Real time multi glitch user experience 50
Wrap-up 51
Multi glitch practical limitations • Evaluation of many parameters is time consuming (timing, amplitude, xy position, etc) • Sensors and traps slow down analysis careful tuning of equipment needed • Navigation without design is cumbersome crypto core is needle in hay-stack 52
Impact • So can I turn my BART card into a CAC card? • No, for dictating instructions and operands, you would need multiple controlled beams (32) • But, an attacker wouldn’t even want that: just shake out the keys and clone a victim 53
Analysis & Mitigation • How do I know if my smart card is vulnerable? – Risk analysis – Source code review – Security testing • How can I protect my smart cards? – Use newest and certified chips – Harden your code (OS & application) http://www.riscure.com/fileadmin/images/Docs/Paper_Side_Channel_Patterns.pdf 54
Future research Automation • Can we further automate the analysis and reduce user intervention? • Can we reverse engineer code by analyzing fault impact? Multi beam attacks • Can we by-pass multiple defenses if separate laser beams are used? • Can we push specific values on a data bus? 55
Summary and conclusion • Fault injection is most significant threat for smart cards • Diode laser systems generate fast and precise pulses that modify CPU instructions • Sophisticated new fault injection equipment defeats countermeasures • Best defense by mix of strong hardware and software countermeasures 56
57 Questions & Discussion Marc Witteman Chief Technology Officer witteman@riscure.com Riscure B.V. Frontier Building Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 (0)15 251 4090 www.riscure.com Thank you 57

Recommandé

Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
Riscure
 
Practical Differential Fault Attack on AES
Practical Differential Fault Attack on AESPractical Differential Fault Attack on AES
Practical Differential Fault Attack on AES
Riscure
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresDefeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Riscure
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysis
Riscure
 
1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks
Positive Hack Days
 
DEF CON 23 - Rodringo Almeida - embedded system design from electronics
DEF CON 23 - Rodringo Almeida - embedded system design from electronics DEF CON 23 - Rodringo Almeida - embedded system design from electronics
DEF CON 23 - Rodringo Almeida - embedded system design from electronics
Felipe Prado
 
Side Channel Attacks on AES
Side Channel Attacks on AESSide Channel Attacks on AES
Side Channel Attacks on AES
Ravi Prakash Giri
 
Soviet Russia Smartcard Hacks You
Soviet Russia Smartcard Hacks YouSoviet Russia Smartcard Hacks You
Soviet Russia Smartcard Hacks You
Priyanka Aash
 

Recommandé

Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?Why are we still vulnerable to Side Channel Attacks?
Why are we still vulnerable to Side Channel Attacks?
Riscure
 
Practical Differential Fault Attack on AES
Practical Differential Fault Attack on AESPractical Differential Fault Attack on AES
Practical Differential Fault Attack on AES
Riscure
 
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding CountermeasuresDefeating RSA Multiply-Always and Message Blinding Countermeasures
Defeating RSA Multiply-Always and Message Blinding Countermeasures
Riscure
 
Lowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysisLowering the bar: deep learning for side-channel analysis
Lowering the bar: deep learning for side-channel analysis
Riscure
 
1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks
Positive Hack Days
 
DEF CON 23 - Rodringo Almeida - embedded system design from electronics
DEF CON 23 - Rodringo Almeida - embedded system design from electronics DEF CON 23 - Rodringo Almeida - embedded system design from electronics
DEF CON 23 - Rodringo Almeida - embedded system design from electronics
Felipe Prado
 
Side Channel Attacks on AES
Side Channel Attacks on AESSide Channel Attacks on AES
Side Channel Attacks on AES
Ravi Prakash Giri
 
Soviet Russia Smartcard Hacks You
Soviet Russia Smartcard Hacks YouSoviet Russia Smartcard Hacks You
Soviet Russia Smartcard Hacks You
Priyanka Aash
 
amrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdf
amrapalibuildersreviews
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
 
Lcd module interface with xilinx software using verilog
Lcd module interface with xilinx software using verilogLcd module interface with xilinx software using verilog
Lcd module interface with xilinx software using verilog
sumedh23
 
Uart VHDL RTL design tutorial
Uart VHDL RTL design tutorialUart VHDL RTL design tutorial
Uart VHDL RTL design tutorial
Nabil Chouba
 
Never Trust Your Inputs
Never Trust Your InputsNever Trust Your Inputs
Never Trust Your Inputs
Alexander Bolshev
 
REPORT
REPORTREPORT
REPORT
Taimoor Tahir
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
 
OWASP Much ado about randomness
OWASP Much ado about randomnessOWASP Much ado about randomness
OWASP Much ado about randomness
Aleksandr Yampolskiy
 
Secure coding for developers
Secure coding for developersSecure coding for developers
Secure coding for developers
sluge
 
Dpdk 2019-ipsec-eventdev
Dpdk 2019-ipsec-eventdevDpdk 2019-ipsec-eventdev
Dpdk 2019-ipsec-eventdev
Hemant Agrawal
 
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
 
Lee 2020 what the clock !
Lee 2020 what the clock !Lee 2020 what the clock !
Lee 2020 what the clock !
Neil Armstrong
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...
CODE BLUE
 
VHDL Practical Exam Guide
VHDL Practical Exam GuideVHDL Practical Exam Guide
VHDL Practical Exam Guide
Eslam Mohammed
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processors
RISC-V International
 
Senzations’15: Secure Internet of Things
Senzations’15: Secure Internet of ThingsSenzations’15: Secure Internet of Things
Senzations’15: Secure Internet of Things
SenZations Summer School
 
Testing CAN network with help of CANToolz
Testing CAN network with help of CANToolzTesting CAN network with help of CANToolz
Testing CAN network with help of CANToolz
Alexey Sintsov
 
Computers or something
Computers or somethingComputers or something
Computers or something
dattmamon
 
VGA VHDL RTL design tutorial
VGA VHDL RTL design tutorialVGA VHDL RTL design tutorial
VGA VHDL RTL design tutorial
Nabil Chouba
 
Attack your Trusted Core
Attack your Trusted CoreAttack your Trusted Core
Attack your Trusted Core
Di Shen
 
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
Teddy Hsiung
 
Magnetic door lock using arduino
Magnetic door lock using arduinoMagnetic door lock using arduino
Magnetic door lock using arduino
Sravanthi Sinha
 

Contenu connexe

Tendances

amrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdf
amrapalibuildersreviews
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
DefconRussia
 
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
DefconRussia
 
Lee 2020 what the clock !
Lee 2020 what the clock !Lee 2020 what the clock !
Lee 2020 what the clock !
Neil Armstrong
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...
CODE BLUE
 
Computers or something
Computers or somethingComputers or something
Computers or something
dattmamon
 

Tendances (20)

amrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdfamrapali builders@@sub way hacking.pdf
amrapali builders@@sub way hacking.pdf
 
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC [DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
[DCG 25] Александр Большев - Never Trust Your Inputs or How To Fool an ADC
 
Lcd module interface with xilinx software using verilog
Lcd module interface with xilinx software using verilogLcd module interface with xilinx software using verilog
Lcd module interface with xilinx software using verilog
 
Uart VHDL RTL design tutorial
Uart VHDL RTL design tutorialUart VHDL RTL design tutorial
Uart VHDL RTL design tutorial
 
Never Trust Your Inputs
Never Trust Your InputsNever Trust Your Inputs
Never Trust Your Inputs
 
REPORT
REPORTREPORT
REPORT
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
 
OWASP Much ado about randomness
OWASP Much ado about randomnessOWASP Much ado about randomness
OWASP Much ado about randomness
 
Secure coding for developers
Secure coding for developersSecure coding for developers
Secure coding for developers
 
Dpdk 2019-ipsec-eventdev
Dpdk 2019-ipsec-eventdevDpdk 2019-ipsec-eventdev
Dpdk 2019-ipsec-eventdev
 
Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23Advanced cfg bypass on adobe flash player 18 defcon russia 23
Advanced cfg bypass on adobe flash player 18 defcon russia 23
 
Lee 2020 what the clock !
Lee 2020 what the clock !Lee 2020 what the clock !
Lee 2020 what the clock !
 
Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...Key recovery attacks against commercial white-box cryptography implementation...
Key recovery attacks against commercial white-box cryptography implementation...
 
VHDL Practical Exam Guide
VHDL Practical Exam GuideVHDL Practical Exam Guide
VHDL Practical Exam Guide
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processors
 
Senzations’15: Secure Internet of Things
Senzations’15: Secure Internet of ThingsSenzations’15: Secure Internet of Things
Senzations’15: Secure Internet of Things
 
Testing CAN network with help of CANToolz
Testing CAN network with help of CANToolzTesting CAN network with help of CANToolz
Testing CAN network with help of CANToolz
 
Computers or something
Computers or somethingComputers or something
Computers or something
 
VGA VHDL RTL design tutorial
VGA VHDL RTL design tutorialVGA VHDL RTL design tutorial
VGA VHDL RTL design tutorial
 
Attack your Trusted Core
Attack your Trusted CoreAttack your Trusted Core
Attack your Trusted Core
 

Similaire à How multi-fault injection breaks the security of smart cards

ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
Teddy Hsiung
 
Magnetic door lock using arduino
Magnetic door lock using arduinoMagnetic door lock using arduino
Magnetic door lock using arduino
Sravanthi Sinha
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bw
jktjpc
 
Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)
James Clause
 
Cpu高效编程技术
Cpu高效编程技术Cpu高效编程技术
Cpu高效编程技术
Feng Yu
 
Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9
Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9
Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9
Irfan Qadoos
 
What will be quantization step size in numbers and in voltage for th.pdf
What will be quantization step size in numbers and in voltage for th.pdfWhat will be quantization step size in numbers and in voltage for th.pdf
What will be quantization step size in numbers and in voltage for th.pdf
SIGMATAX1
 
-----------------------------------------------------CPU.java------.pdf
-----------------------------------------------------CPU.java------.pdf -----------------------------------------------------CPU.java------.pdf
-----------------------------------------------------CPU.java------.pdf
annikasarees
 
Arduino shield wifi-monitorizarelocuinta
Arduino shield wifi-monitorizarelocuintaArduino shield wifi-monitorizarelocuinta
Arduino shield wifi-monitorizarelocuinta
Iulius Bors
 

Similaire à How multi-fault injection breaks the security of smart cards (20)

ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
ExperiencesSharingOnEmbeddedSystemDevelopment_20160321
 
Magnetic door lock using arduino
Magnetic door lock using arduinoMagnetic door lock using arduino
Magnetic door lock using arduino
 
Arduino Programming
Arduino ProgrammingArduino Programming
Arduino Programming
 
Cs423 raw sockets_bw
Cs423 raw sockets_bwCs423 raw sockets_bw
Cs423 raw sockets_bw
 
Microcontroladores: programas de CCS Compiler.docx
Microcontroladores: programas de CCS Compiler.docxMicrocontroladores: programas de CCS Compiler.docx
Microcontroladores: programas de CCS Compiler.docx
 
Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)
 
Cpu高效编程技术
Cpu高效编程技术Cpu高效编程技术
Cpu高效编程技术
 
Linux Serial Driver
Linux Serial DriverLinux Serial Driver
Linux Serial Driver
 
StatsCraft 2015: Monitoring using riemann - Moshe Zada
StatsCraft 2015: Monitoring using riemann - Moshe ZadaStatsCraft 2015: Monitoring using riemann - Moshe Zada
StatsCraft 2015: Monitoring using riemann - Moshe Zada
 
Static analysis and writing C/C++ of high quality code for embedded systems
Static analysis and writing C/C++ of high quality code for embedded systemsStatic analysis and writing C/C++ of high quality code for embedded systems
Static analysis and writing C/C++ of high quality code for embedded systems
 
Sysprog 12
Sysprog 12Sysprog 12
Sysprog 12
 
Sysprog 12
Sysprog 12Sysprog 12
Sysprog 12
 
Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9
Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9
Temperature Sensor with LED matrix Display BY ►iRFAN QADOOS◄ 9
 
Introduction to Arduino and Circuits
Introduction to Arduino and CircuitsIntroduction to Arduino and Circuits
Introduction to Arduino and Circuits
 
Rootkit on linux_x86_v2.6
Rootkit on linux_x86_v2.6Rootkit on linux_x86_v2.6
Rootkit on linux_x86_v2.6
 
What will be quantization step size in numbers and in voltage for th.pdf
What will be quantization step size in numbers and in voltage for th.pdfWhat will be quantization step size in numbers and in voltage for th.pdf
What will be quantization step size in numbers and in voltage for th.pdf
 
-----------------------------------------------------CPU.java------.pdf
-----------------------------------------------------CPU.java------.pdf -----------------------------------------------------CPU.java------.pdf
-----------------------------------------------------CPU.java------.pdf
 
Arduino shield wifi-monitorizarelocuinta
Arduino shield wifi-monitorizarelocuintaArduino shield wifi-monitorizarelocuinta
Arduino shield wifi-monitorizarelocuinta
 
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
Spectre(v1%2 fv2%2fv4) v.s. meltdown(v3)
 
Temperature sensor with a led matrix display (arduino controlled)
Temperature sensor with a led matrix display (arduino controlled)Temperature sensor with a led matrix display (arduino controlled)
Temperature sensor with a led matrix display (arduino controlled)
 

Plus de Riscure

Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Riscure
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
Riscure
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis Protocols
Riscure
 

Plus de Riscure (15)

Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & DefensesSecure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses
 
PEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot SecurelyPEW PEW PEW: Designing Secure Boot Securely
PEW PEW PEW: Designing Secure Boot Securely
 
Riscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glanceRiscure Assurance for Premium Content at a glance
Riscure Assurance for Premium Content at a glance
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
 
Efficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive FirmwareEfficient Reverse Engineering of Automotive Firmware
Efficient Reverse Engineering of Automotive Firmware
 
Fault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis ProtocolsFault Injection on Automotive Diagnosis Protocols
Fault Injection on Automotive Diagnosis Protocols
 
CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60CheapSCAte: Attacking IoT with less than $60
CheapSCAte: Attacking IoT with less than $60
 
Riscure Introduction
Riscure IntroductionRiscure Introduction
Riscure Introduction
 
Bypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault InjectionBypassing Secure Boot using Fault Injection
Bypassing Secure Boot using Fault Injection
 
Java Card Security
Java Card SecurityJava Card Security
Java Card Security
 
How to secure electronic passports
How to secure electronic passportsHow to secure electronic passports
How to secure electronic passports
 
Why is it so hard to make secure chips?
Why is it so hard to make secure chips?Why is it so hard to make secure chips?
Why is it so hard to make secure chips?
 
How to secure HCE
How to secure HCEHow to secure HCE
How to secure HCE
 
Controlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault InjectionControlling PC on ARM using Fault Injection
Controlling PC on ARM using Fault Injection
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
 

Dernier

Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

How multi-fault injection breaks the security of smart cards

  • 1. Title of Presentation Marc Witteman Riscure Session ID: RR-201 Session Classification: Advanced How multi-fault injection breaks the security of smart cards
  • 2. Imagine you could turn your BART EZ Rider fare card into a military CAC card… 2
  • 3. Objectives • Get an overview of fault injection threats • Learn about countermeasures • Discover the possibilities of next generation fault injection methods 3
  • 4. Agenda Countermeasures Method improvements Attacks in practice 4 Fault Injection Wrap-up
  • 6. Fault Attack channels • Voltage glitching • Clock glitching • Optical glitching 6
  • 7. Fault attack scenarios Some example attack scenarios • Verification bypass • Code dump • Differential Fault Analysis 7
  • 8. Tools Tools used for fault injection • Hardware for glitch control • Flash bulbs and lasers • Software for experiment control 8
  • 10. Countermeasures • Double checking • Signature verification • Traps • Randomization • Shields and sensors 10
  • 11. Double checking 11 short pin_check(byte* buffer) { if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check if(array_compare(pin,buffer,4) != 0) { auth = FALSE; // PIN not ok at second check return 0x6986; } else { // PIN ok … } } else { // PIN not ok at first check … }
  • 12. Double checking 12 short pin_check(byte* buffer) { if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check if(array_compare(pin,buffer,4) != 0) { auth = FALSE; // PIN not ok at second check return 0x6986; } else { // PIN ok … } } else { // PIN not ok at first check … } Second check detects fault Glitch forces acceptance of false PIN
  • 13. Verify signatures 13 short sign_and_verify(byte* buffer) { sign( buffer, signature ); if (verify( buffer, signature) { auth = TRUE; // signature verification success send( signature ); } // send signature return 0x9000; } // report success else { auth = FALSE; // signature verification fail return 0x6986; } // no signature transmission
  • 14. Verify signatures 14 short sign_and_verify(byte* buffer) { sign( buffer, signature ); if (verify( buffer, signature) { auth = TRUE; // signature verification success send( signature ); } // send signature return 0x9000; } // report success else { auth = FALSE; // signature verification fail return 0x6986; } // no signature transmission Glitch corrupts signature Verify detects corrupted signature
  • 15. Traps 15 byte result = SOME_VALUE; byte resultChecksum = ~SOME_VALUE; // create checksum … if ((result ^ resultChecksum) != 0xFF) fail(); // verify checksum
  • 16. Traps 16 byte result = SOME_VALUE; byte resultChecksum = ~SOME_VALUE; // create checksum … if ((result ^ resultChecksum) != 0xFF) fail(); // verify checksum Glitch corrupts value Trap may mute or kill card
  • 17. Randomization 17 short pin_check(byte* buffer) { // get random number in range 0..255 int rnd = get_random( 256 ); while (rnd > 0) rnd--; // random delay if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) { … Randomness introduced by • Random delays (software loop) • Cycle stealing (CPU skips clock cycle) • Drifting clock
  • 18. Randomization 18 short pin_check(byte* buffer) { // get random number in range 0..255 int rnd = get_random( 256 ); while (rnd > 0) rnd--; // random delay if(pin_ctr > 0) { pin_ctr--; if(array_compare(pin,buffer,4) == 0) { … Randomness introduced by • Random delays (software loop) • Cycle stealing (CPU skips clock cycle) • Drifting clock Random delay stops time-based glitches
  • 19. Shields and Sensors 19 • Shields block optical glitches • Sensors detect glitches
  • 21. Limitations of common equipment • Standard signal generators lack flexibility • Laser cutters are coarse • Diode lasers are divergent and weak • Process control inefficient 21 ???
  • 22. Improvements in design • Flexible glitch control hardware • Smart triggering • Effective diode lasers • Efficient control software 22
  • 23. Glitch control hardware requirements and design 23 Multi channel • Clock, • VCC (supply voltage) • Optical Precise • low latency • short pulses • exact timing Adaptive • configure remotely • diverse triggers • Monitor side channel ControlUSB Trigger in LaserContact smart card LCD Display Trigger out Smart card RST Smart card I/O Smart card VCC Smart card CLK Glitch circuit with smart card Glitch generatorCPU+ memory Switch Power monitor mode CLK VCC vcc/clk/laser
  • 24. Glitch control hardware implementation General-purpose high speed FPGA board mounted on top of dedicated PCB with analog and digital drivers and interfaces 24
  • 25. Smart triggering, what for? Variable delays stop time based glitch triggers 25 Instruction to hit
  • 26. Smart triggering concept 26 • Real time comparison of signal arrays • Use Sum of Absolute Differences
  • 27. Smart triggering result Trigger moment is now fixed to device behavior 27 Instruction to hit
  • 28. Smart triggering on noisy signals? • Noise hides useful signals 28
  • 29. Spectrum of noisy signals • Spectrum reveals signals obscured by noise • High frequencies include distinguishing features 29
  • 30. Frequency conversion of noisy signals • High frequencies are difficult to sample • Pattern matching easiest on DC components • Frequency mixing and demodulation makes high frequent features detectable 30
  • 31. Feature recognition in noisy signals • Filtering produces detectable signal 31
  • 32. Smart triggering architecture and implementation FPGA board combined with dedicated electronics 32 Control Filter Reference signal (2x) Acquisition SAD processor (2×) USB Trigger in Filter in Filter out Signal in Trigger out (2×) SAD out
  • 33. Diode laser requirements Lasers must support • fast switching • power control • multiple colors 33 33 Source: Sergei Skorobogatov
  • 34. Diode laser system requirements System requirements • Camera view • Motorized XY stage Optics requirements • Correct beam divergence • Small spot size (~1 µm) Remote controllable parameters • XY position • Glitch timing & amplitude 34
  • 35. Fault Injection Software Fault injection process requirements • Configurable and repeatable • Automated execution and logging 35
  • 37. Attacks in practice • Backside attacks • Virtual imaging • Real time multi glitching 37
  • 40. Side channel observation after fault injection Behavior shifted in time 40
  • 42. Multi glitch timing Diode lasers can switch at high frequency 42
  • 43. Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find end with smart triggering 43
  • 44. Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Glitch condition 44
  • 45. Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find begin with smart triggering and force power down 45
  • 46. Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Glitch condition 46
  • 47. Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find end with smart triggering 47
  • 48. Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Glitch condition 48
  • 49. Real time multi glitch process short pin_check(byte* buffer) { if(pin_ctr > 0) { random_delay(); if(pin_ctr <= 0) suicide(); pin_ctr--; if(array_compare(pin,buffer,4) == 0) {// PIN ok at first check random_delay(); if(array_compare(pin,buffer,4) != 0) suicide(); else { … } // PIN ok } else { … } // PIN not ok at first check Find begin with smart triggering and force power down 49
  • 50. Real time multi glitch user experience 50
  • 52. Multi glitch practical limitations • Evaluation of many parameters is time consuming (timing, amplitude, xy position, etc) • Sensors and traps slow down analysis careful tuning of equipment needed • Navigation without design is cumbersome crypto core is needle in hay-stack 52
  • 53. Impact • So can I turn my BART card into a CAC card? • No, for dictating instructions and operands, you would need multiple controlled beams (32) • But, an attacker wouldn’t even want that: just shake out the keys and clone a victim 53
  • 54. Analysis & Mitigation • How do I know if my smart card is vulnerable? – Risk analysis – Source code review – Security testing • How can I protect my smart cards? – Use newest and certified chips – Harden your code (OS & application) http://www.riscure.com/fileadmin/images/Docs/Paper_Side_Channel_Patterns.pdf 54
  • 55. Future research Automation • Can we further automate the analysis and reduce user intervention? • Can we reverse engineer code by analyzing fault impact? Multi beam attacks • Can we by-pass multiple defenses if separate laser beams are used? • Can we push specific values on a data bus? 55
  • 56. Summary and conclusion • Fault injection is most significant threat for smart cards • Diode laser systems generate fast and precise pulses that modify CPU instructions • Sophisticated new fault injection equipment defeats countermeasures • Best defense by mix of strong hardware and software countermeasures 56
  • 57. 57 Questions & Discussion Marc Witteman Chief Technology Officer witteman@riscure.com Riscure B.V. Frontier Building Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 (0)15 251 4090 www.riscure.com Thank you 57