Mifare Classic的旁通道攻擊

Abstract

旁通道攻擊對密碼硬體有著威脅。這種攻擊能藉由測量和分析密碼裝置的物 理特性（例如時間、耗電量、或是電磁輻射）破解內含的秘密資訊，即使它使用 像AES或Triple-DES（3DES）這些在理論分析上沒有有效破解方式的演算法。 雖然自從旁通道攻擊被提出之後，有很多相關的研究，大部分的文獻都著重在 區塊式密碼的演算法，例如DES、AES、或3DES，少有針對串流式密碼的研究。 而因為高效率和低硬體需求，串流式密碼在非接觸式智慧卡上很受歡迎。加上大 多數的研究需要測量耗電量，表示需要直接觸碰到目標裝置。但對非接觸式智慧 卡而言，這樣的攻擊方式必定會是侵入式的（會對卡片造成損傷）而將會輕易地 被發現與預防。 基於LFSR的密碼演算法因為對硬體空間的消耗極小，在串流式密碼領域中很 被看好。這種密碼系統藉由推移LFSR產生加密串流。然而，LFSR本身卻有著一 些有利於旁通道攻擊的特性而有可能對許多基於LFSR的密碼系統造成嚴重的安全 問題。 在這篇論文中，我們提出了一個成功的旁通道攻擊，可以讓攻擊者透過非侵入 式，因此也無法偵測及預防的方法，獲取一張商業非接觸式智慧卡的密鑰。我們 的攻擊更進一步意味著對其他基於LFSR的密碼系統的威脅。

Side-Channel Analysis (SCA) poses a serious threat to cryptographic implementa- tions. By measuring and analyzing the physical characteristics (e.g. timing infor- mation, power consumption, or electro-magnetic (EM) emanation) of a hardware device, such attacks can even reveal secret information from implementations of al- gorithms such as AES and Triple-DES (3DES), for which no e cient analytical or brute-force attacks exist. Although SCA has been extensively studied ever since it was proposed, most publications were conducted focusing on block cipher algorithms such as DES, AES, and 3DES but few aiming at stream cipher algorithms, which are welcome to con- tactless smartcards because of their e ciency and low costs of hardware resources. In addition, most researches require measuring power consumption, which implies direct contact to the target device. However, for contactless smartcards, such at- tacks would be invasive (i.e. causing damage to the card) and hence is easy to detect and to prevent. With one the smallest hardware footprints among all available cryptographic algorithms, LFSR-based stream ciphers are one of the promising candidates into cryptographic primitives. A cipher like this generates key stream by shifting its LFSR. However, LFSR itself has some features which are susceptible to SCA and may cause serious security issues to many LFSR-based ciphers. In this thesis, we present a successful side-channel attack which allows an adver- sary to extract the secret key of an LFSR-based commercial contactless smartcard in a way which is non-invasive and hence is undetectable and unpreventable. Moreover, our attack implies a potential threat to other LFSR-based implementations.