Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF
SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS’2010, it was shown that given 1 keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in 239.4 cipher ticks and if 2640 keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in 258 cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in 229.8 cipher ticks given 1 keystream frame; for CM, we can recover the secret key in 250 cipher ticks with around 24 frames. Practical implementation of the full attack confirms our results.
KeywordsStream ciphers RFID Frame SecureMemory CryptoMemory
Unable to display preview. Download preview PDF.
- 1.Aerts, W., Biham, E., de Moitie, D., de Mulder, E., Dunkelman, O., Indesteege, S., Keller, N., Preneel, B., Vandenbosch, G., Verbauwhede, I.: A practical attack on KeeLoq. Journal of Cryptology (to appear)Google Scholar
- 2.Atmel. CryptoMemory specification, 5211A-SMIC-04/07 (2007)Google Scholar
- 3.Benhammou, J.P., Colnot, V.C., Moore, D.J.: Secure memory device for smart cards, US Patent 7395435 B2 (July 2008)Google Scholar
- 4.Benhammou, J.P., Jarboe, M.: Security at an affordable price. Atmel Applications Journal 3, 29–30 (2004)Google Scholar
- 6.Dinur, I., Shamir, A.: Breaking Grain-128 with Dynamic Cube Attacks. In: Fast Software Encryption-FSE 2011. Springer, Heidelberg (2011) (to appear)Google Scholar
- 7.Dipert, B.: The Zune HD: more than an iPod touch wanna-be? EDN, p. 20 (October 2009)Google Scholar
- 9.Garcia, F.D.: Private communicationGoogle Scholar
- 10.Jarboe, M.: Introduction to CryptoMemory. Atmel Applications Journal 3, 28 (2004)Google Scholar
- 11.Meier, W., Staffelbach, O.: Fast correlation attacks on certain stream ciphers. Journal of Cryptology, 159–176 (1989)Google Scholar
- 15.Amazon Elastic Compute Cloud (Amazon EC2), http://aws.amazon.com/ec2/#pricing (accessed January 22, 2010)