| Русский Русский | English English |
   
Главная Archive
18 | 08 | 2018
10.14489/vkit.2016.07.pp.030-033

DOI: 10.14489/vkit.2016.07.pp.030-033

Левина А. Б., Слепцова Д. М.
АНАЛИЗ АТАК ПО СТОРОННИМ КАНАЛАМ НА RFID-СИСТЕМЫ НА ОСНОВЕ ПРОТОКОЛА MIFARE CLASSIC
(c. 30-33)

Аннотация. Изучена уязвимость систем радиочастотной идентификации к атакам по сторонним каналам. Выявлены уязвимости в дизайне криптоалгоритма Crypto-1. Даны описания результатов атаки по электромагнитному излучению на карту, использующую протокол Mifare Classic. Приведен план дальнейшего улучшения характеристик атаки.

Ключевые слова:  атаки по сторонним каналам; радиочастотная идентификация; анализ электромагнитного из-лучения; протокол Mifare Classic.

 

Levina А. B., Sleptsova D. M.
STUDY OF SIDE-CHANNEL ATTACKS ON RFID SYSTEMS BASED ON MIFARE CLASSIC
(pp. 30-33)

Abstract. RFID (Radio-Frequency IDentification) systems consist of a reader device and passive tags, powered from an electromagnetic field created by a reader. Majority of applications of such systems operate on secret data or financial information, e.g. person identification systems or fare systems. For this reason main part of their operation relies on cryptographic protocols, preserving confidentiality of secret information in transfer or storage. Security estimations of RFID-systems seldom include vulnerabilities to side-channel attacks. Said attacks exploit vulnerabilities in physical implementation of cryptosystem and provide opportunity to recover secret key of a system which is not vulnerable to classical cryptanalysis. In this paper side-channel attacks vulnerabilities of RFID-systems are studied. As a two main approaches to mounting an attack on Mifare Classic protocol power consumption and electromagnetic emanations are used. The attack vector is Crypto-1 algorithm, namely the moment of initialization of the LFSR (Linear Feedback Shift Register) with a secret key. Signal pre-processing included filtration, alignment and decimation of signal. Obtained signal depending on the exploited channel was compared to hypothetical values of power consumption or electromagnetic emanation, acquired on modeling step of the attack. Basis for model of Crypto-1 register was Hamming distance, obtained and hypothetical vectors comparison was made by means of correlation coefficient. As a result full key stored on a tag was recovered. Computing correlation coefficient and key recovery took 4 hours. Current lab setup has long signal acquisition and pre-processing time, that in the future can be shortened by using hardware pre-processing or oscilloscope made in the form of a PCI (Peripheral Component Interconnect) card. Conducted work shows possibility of side-channel exploitation of RFID-systems and proves it with a practical attack on a widely deployed system based on Mifare Classic protocol.

Keywords: Side-channel attacks; Radio-Frequency Identification; Electromagnetic analysis, Mifare Classic protocol.

Рус

А. Б. Левина,  Д. М. Слепцова (Санкт-Петербургский национальный исследовательский университет информационных технологий, механики и оптики, Санкт-Петербург, Россия) E-mail: Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript  

Eng

 А. B. Levina, D. M. Sleptsova (Saint-Petersburg University of Information Technologies, Mechanics and Optics, Saint-Petersburg, Russia) E-mail: Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript

Рус

1. ГОСТ Р ИСО/МЭК 14443-1–2013. Карты идентификационные. Карты на интегральных схемах бесконтактные. Карты близкого действия. Часть 1. Физические характеристики. Введ. 2015-01-01. М.: Стандартинформ, 2014. 14 с.
2. ГОСТ Р ИСО/МЭК 14443-2–2013. Карты идентификационные. Карты на интегральных схемах бесконтактные. Карты близкого действия. Часть 2. Радиочастотный энергетический и сигнальный интерфейс. Введ. 2016-01-01. М.: Стандартинформ, 2015. 35 с.
3. ГОСТ Р ИСО/МЭК 14443-3–2013. Карты идентификационные. Карты на интегральных схемах бесконтактные. Карты близкого действия. Часть 3. Инициализация и антиколлизия. Введ. 2016-01-01. М.: Стандартинформ, 2015. 68 с.
4. ГОСТ Р ИСО/МЭК 14443-4–2013. Карты идентификационные. Карты на интегральных схемах бесконтактные. Карты близкого действия. Часть 4. Протокол передачи. Введ. 2016-01-01. М.: Стандартинформ, 2015. 42 с.
5. Genkin D., Shamir A., Tromer E. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis (extended version) // IACR Cryptology ePrint Archive: Report 2013/857. 2013. 57 р.
6. Plos T. Susceptibility of UHF RFID Tags to Electromagnetic Analysis // The Cryptographers’ Track at the RSA Conf. Lecture Notes in Computer Science. San Francisco, CA, USA, 8 – 11 Apr. 2008. V. 4964. P. 288 – 300. doi: 10.1007/978-3-540-79263-5_18
7. Hutter M., Mangard S., Feldhofer M. Power and EM Attacks on Passive 13.56MHz RFID Devices // Cryptographic Hardware and Embedded Systems – CHES 2007. Lecture Notes in Computer Science. Vienna, Austria, 10 – 13 Sept. 2007. V. 4727. P. 320 – 333. doi: 10.1007/978-3-540-74735-2_22
8. Hutter M., Schmidt J.-M., Plos T. Contact-Based Fault Injections and Power Analysis on RFID Tags // European Conf. on Circuit Theory and Design. Antalya, 23 – 27 Aug. 2009. Р. 409 – 412. doi: 10.1109/ECCTD.2009.5275012
9. Hutter M., Schmidt J.-M., Plos T. RFID and its Vulnerability to Faults // Cryptographic Hardware and Embedded Systems – CHES 2008. Lecture Notes in Computer Science. Washington, D.C., USA, 10 – 13 Aug. 2008. V. 5154. P. 363 – 379. doi: 10.1007/978-3-540-85053-3_23
10. NXP Semiconductors [Электронный ресурс]: офиц. сайт. URL: www. nxp.com (дата обращения: 02.05.2016).
11. Oswald D., Paar C. Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World // Cryptographic Hardware and Embedded Systems – CHES 2011. Lecture Notes in Computer Science. Nara, Japan, 28 Sept. – 1 Oct. 2011. V. 6917. P. 207 – 222. doi: 10.1007/978-3-642-23951-9_1

Eng

1. Identification cards. Integrated circuit contactless cards. Vicinity card. Part 1. Physical characteristics. (2014). Ru Standard No. GOST R ISO/MEK 14443-1–2013. Russian Federation. Moscow: Standartinform. [in Russian language]
2. Identification cards. Integrated circuit contactless cards. Vicinity card. Part 2. RF energy and signal interface. (2015). Ru Standard No. GOST R ISO/MEK 14443-2–2013. Russian Federation. Moscow: Standartinform. [in Russian language]
3. Identification cards. Integrated circuit contactless cards. Vicinity card. Part 3. Initialization and anticollision. (2015). Ru Standard No. GOST R ISO/MEK 14443-3–2013. Russian Federation. Moscow: Standartinform. [in Russian language]
4. Identification cards. Integrated circuit contactless cards. Vicinity card. Part 4. Transfer protocol. (2015). Ru Standard No. GOST R ISO/MEK 14443-4–2013. Russian Federation. Moscow: Standartinform. [in Russian language]
5. Genkin D., Shamir A., Tromer E. (2013). RSA key extraction via low-bandwidth acoustic cryptanalysis (extended version). IACR Cryptology ePrint Archive: Report 2013/857.
6. Plos T. (2008). Susceptibility of UHF RFID tags to electromagnetic analysis. The Cryptographers’ Track at the RSA Conf. Lecture Notes in Computer Science. San Francisco, CA, USA, 8-11 Apr. 2008, 4964, pp. 288-300. doi: 10.1007/978-3-540-79263-5_18
7. Hutter M., Mangard S., Feldhofer M. (2007). Power and EM attacks on passive 13.56MHz RFID devices. Cryptographic Hardware and Embedded Systems – CHES 2007. Lecture Notes in Computer Science. Vienna, Austria, 10-13 Sept. 2007, 4727, pp. 320-333. doi: 10.1007/978-3-540-74735-2_22
8. Hutter M., Schmidt J.-M., Plos T. (2009). Contactbased fault injections and power analysis on RFID tags. European Conf. on Circuit Theory and Design. Antalya, 23-27 Aug. 2009, pp. 409-412. doi: 10.1109/ECCTD.2009.5275012
9. Hutter M., Schmidt J.-M., Plos T. (2008). RFID and its vulnerability to faults. Cryptographic Hardware and Embedded Systems – CHES 2008. Lecture Notes in Computer Science. Washington, D.C., USA, 10-13 Aug. 2008, 5154, pp. 363-379. doi: 10.1007/978-3-540-85053-3_23
10. NXP Semiconductors: official site. Available at: www. nxp.com (Accessed: 02.05.2016).
11. Oswald D., Paar C. (2011). Breaking Mifare DESFire MF3ICD40: power analysis and templates in the real world. Cryptographic Hardware and Embedded Systems – CHES 2011. Lecture Notes in Computer Science. Nara, Japan, 28 Sept. – 1 Oct. 2011, 6917, pp. 207 – 222. doi: 10.1007/978-3-642-23951-9_1

Рус

Статью можно приобрести в электронном виде (PDF формат).

Стоимость статьи 350 руб. (в том числе НДС 18%). После оформления заказа, в течение нескольких дней, на указанный вами e-mail придут счет и квитанция для оплаты в банке.

После поступления денег на счет издательства, вам будет выслан электронный вариант статьи.

Для заказа статьи заполните форму:

{jform=1,doi=10.14489/vkit.2016.07.pp.030-033}

.

Eng

This article  is available in electronic format (PDF).

The cost of a single article is 350 rubles. (including VAT 18%). After you place an order within a few days, you will receive following documents to your specified e-mail: account on payment and receipt to pay in the bank.

After depositing your payment on our bank account we send you file of the article by e-mail.

To order articles please fill out the form below:

{jform=2,doi=10.14489/vkit.2016.07.pp.030-033}

 

 

 

 

 

.

.

 

 

 
Search
Журнал КОНТРОЛЬ. ДИАГНОСТИКА
Баннер
Баннер
Баннер
Rambler's Top100 Яндекс цитирования