Mifare Classic的旁通道攻擊

Yun Chin; 金蘊

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63426

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	鄭振牟(Chen-Mou Cheng)
dc.contributor.author	Yun Chin	en
dc.contributor.author	金蘊	zh_TW
dc.date.accessioned	2021-06-16T16:40:58Z	-
dc.date.available	2013-09-07
dc.date.copyright	2012-09-07
dc.date.issued	2012
dc.date.submitted	2012-09-06
dc.identifier.citation	[1] D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi. The EM side- channel(s). In Revised Papers from the 4th International Workshop on Cryp- tographic Hardware and Embedded Systems, CHES '02, pages 29{45, London, UK, UK, 2003. Springer-Verlag. [2] E. Brier, C. Clavier, and F. Olivier. Correlation power analysis with a leak- age model. In M. Joye and J.-J. Quisquater, editors, Cryptographic Hardware and Embedded Systems - CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11-13, 2004. Proceedings, volume 3156 of Lecture Notes in Computer Science, pages 16{29. Springer, 2004. [3] S. Burman, D. Mukhopadhyay, and K. Veezhinathan. LFSR based stream ci- phers are vulnerable to power attacks. In Proceedings of the cryptology 8th inter- national conference on Progress in cryptology, INDOCRYPT'07, pages 384{392, Berlin, Heidelberg, 2007. Springer-Verlag. [4] S. Chari, J. R. Rao, and P. Rohatgi. Template attacks. In CHES, pages 13{28, 2002. [5] EasyCard Corporation. EASYCARD CORPORATION. http://www. easycard.com.tw, January 2012. [6] T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. Shalmani. On the power of power analysis in the real world: A complete break of the KeeLoq code hopping scheme. In Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology, CRYPTO 2008, pages 203{220, Berlin, Heidelberg, 2008. Springer-Verlag. [7] F. D. Garcia, G. Koning Gans, R. Muijrers, P. Rossum, R. Verdult, R. W. Schreur, and B. Jacobs. Dismantling mifare classic. In Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security, ESORICS '08, pages 97{114, Berlin, Heidelberg, 2008. Springer-Verlag. [8] F. D. Garcia, P. v. Rossum, R. Verdult, and R. W. Schreur. Wirelessly pick- pocketing a mifare classic card. In Proceedings of the 2009 30th IEEE Sympo- sium on Security and Privacy, pages 3{15, Washington, DC, USA, 2009. IEEE Computer Society. [9] B. Gierlichs, L. Batina, P. Tuyls, and B. Preneel. Mutual information analysis - a generic side-channel distinguisher. In E. Oswald and P. Rohatgi, editors, Cryptographic Hardware and Embedded Systems - CHES 2008, volume 5154 of Lecture Notes in Computer Science, pages 426{442, Washington DC,US, 2008. Springer-Verlag. [10] M. Hutter, S. Mangard, and M. Feldhofer. Power and EM attacks on passive 13:56MHz RFID devices. In Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems, CHES '07, pages 320{333, Berlin, Heidelberg, 2007. Springer-Verlag. [11] T. Kasper, D. Oswald, and C. Paar. EM side-channel attacks on commercial contactless smartcards using low-cost equipment. In WISA, pages 79{93, 2009. [12] T. Kasper, D. Oswald, and C. Paar. Side-channel analysis of cryptographic RFIDs with analog demodulation. In RFIDSec, 2011. [13] P. C. Kocher, J. Ja e, and B. Jun. Di erential power analysis. In Proceed- ings of the 19th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO '99, pages 388{397, London, UK, 1999. Springer-Verlag. [14] Langer EMV-Technik. LF1 :: LANGER EMV-Technik GmbH. http://www.langer-emv.de/en/products/disturbance-emission/ near-field-probes/lf-1/, January 2012. [15] Massachusetts Bay Transportation Authority. The Charlie Card Reusable Ticket System. http://www.mbta.com/fares_and_passes/charlie, January 2012. [16] D. Oswald and C. Paar. Breaking mifare des re mf3icd40: power analysis and templates in the real world. In Proceedings of the 13th international conference on Cryptographic hardware and embedded systems, CHES'11, pages 207{222, Berlin, Heidelberg, 2011. Springer-Verlag. [17] T. Plos, M. Hutter, and M. Feldhofer. Evaluation of side-channel preprocessing techniques on cryptographic-enabled HF and UHF RFID-tag prototypes. In S. Dominikus, editor, Workshop on RFID Security 2008, Budapest, Hungary, July 9-11, 2008, pages 114 { 127, 2008. [18] Tektronix, Inc. MSO4000 / DPO4000 \| Tektronix. http://www.tek.com/ oscilloscope/mso4000-dpo4000, January 2012. [19] Trans Link Systems. OV-chipkaart - Home. http://www.ov-chipkaart.nl, January 2012. [20] Transperth. Transperth Homepage. http://www.transperth.wa.gov.au, Jan- uary 2012. [21] Transport for London. Oyster online - Transport for London Buy or top up your Oyster card. http://oyster.tfl.gov.uk/oyster/entry.do, January 2012. [22] Vishay Semiconductors, Inc. BAT42 Schottky Diode Datasheet.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/63426	-
dc.description.abstract	旁通道攻擊對密碼硬體有著威脅。這種攻擊能藉由測量和分析密碼裝置的物理特性（例如時間、耗電量、或是電磁輻射）破解內含的秘密資訊，即使它使用像AES或Triple-DES（3DES）這些在理論分析上沒有有效破解方式的演算法。雖然自從旁通道攻擊被提出之後，有很多相關的研究，大部分的文獻都著重在區塊式密碼的演算法，例如DES、AES、或3DES，少有針對串流式密碼的研究。而因為高效率和低硬體需求，串流式密碼在非接觸式智慧卡上很受歡迎。加上大多數的研究需要測量耗電量，表示需要直接觸碰到目標裝置。但對非接觸式智慧卡而言，這樣的攻擊方式必定會是侵入式的（會對卡片造成損傷）而將會輕易地被發現與預防。基於LFSR的密碼演算法因為對硬體空間的消耗極小，在串流式密碼領域中很被看好。這種密碼系統藉由推移LFSR產生加密串流。然而，LFSR本身卻有著一些有利於旁通道攻擊的特性而有可能對許多基於LFSR的密碼系統造成嚴重的安全問題。在這篇論文中，我們提出了一個成功的旁通道攻擊，可以讓攻擊者透過非侵入式，因此也無法偵測及預防的方法，獲取一張商業非接觸式智慧卡的密鑰。我們的攻擊更進一步意味著對其他基於LFSR的密碼系統的威脅。	zh_TW
dc.description.abstract	Side-Channel Analysis (SCA) poses a serious threat to cryptographic implementa- tions. By measuring and analyzing the physical characteristics (e.g. timing infor- mation, power consumption, or electro-magnetic (EM) emanation) of a hardware device, such attacks can even reveal secret information from implementations of al- gorithms such as AES and Triple-DES (3DES), for which no e cient analytical or brute-force attacks exist. Although SCA has been extensively studied ever since it was proposed, most publications were conducted focusing on block cipher algorithms such as DES, AES, and 3DES but few aiming at stream cipher algorithms, which are welcome to con- tactless smartcards because of their e ciency and low costs of hardware resources. In addition, most researches require measuring power consumption, which implies direct contact to the target device. However, for contactless smartcards, such at- tacks would be invasive (i.e. causing damage to the card) and hence is easy to detect and to prevent. With one the smallest hardware footprints among all available cryptographic algorithms, LFSR-based stream ciphers are one of the promising candidates into cryptographic primitives. A cipher like this generates key stream by shifting its LFSR. However, LFSR itself has some features which are susceptible to SCA and may cause serious security issues to many LFSR-based ciphers. In this thesis, we present a successful side-channel attack which allows an adver- sary to extract the secret key of an LFSR-based commercial contactless smartcard in a way which is non-invasive and hence is undetectable and unpreventable. Moreover, our attack implies a potential threat to other LFSR-based implementations.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T16:40:58Z (GMT). No. of bitstreams: 1 ntu-101-R98921072-1.pdf: 1225404 bytes, checksum: e14cd4f19a2b808efd49350091a21cfe (MD5) Previous issue date: 2012	en
dc.description.tableofcontents	Abstract 1 Contents 2 List of Figures 4 List of Tables 5 1 Introduction 6 1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.3 Structure of Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2 Literature Survey 9 3 Side-Channel Analysis 11 3.1 Side-Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Hamming-Distance Model . . . . . . . . . . . . . . . . . . . . . . . . 11 4 Side-Channel Leakage of the Mifare Classic 13 4.1 Linear Feedback Shift Register . . . . . . . . . . . . . . . . . . . . . . 13 4.2 Crypto-1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.3 LFSR Leakage during Initialization . . . . . . . . . . . . . . . . . . . 15 5 Signal Processing for SCA of the Mifare Classic 18 6 Measurement Setup 20 7 Experiment Results 23 8 Conclusion 25 Bibliography 26
dc.language.iso	en
dc.subject	Mifare Classic	zh_TW
dc.subject	旁通道攻擊	zh_TW
dc.subject	Crypto-1	zh_TW
dc.subject	RFID	zh_TW
dc.subject	LFSR	zh_TW
dc.subject	LFSR	en
dc.subject	SCA	en
dc.subject	Mifare Classic	en
dc.subject	Crypto-1	en
dc.subject	RFID	en
dc.title	Mifare Classic的旁通道攻擊	zh_TW
dc.title	Side-Channel Analysis on Mifare Classic	en
dc.type	Thesis
dc.date.schoolyear	100-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	楊柏因(Bo-Yin Yang),周立平,陳君明
dc.subject.keyword	Mifare Classic,旁通道攻擊,Crypto-1,RFID,LFSR,	zh_TW
dc.subject.keyword	Mifare Classic,SCA,Crypto-1,RFID,LFSR,	en
dc.relation.page	28
dc.rights.note	有償授權
dc.date.accepted	2012-09-06
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
ntu-101-1.pdf 未授權公開取用	1.2 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。