Abstract
The number of applications that rely on near-field communication (NFC) technology is significantly growing. Especially for security-related applications, short communication ranges as they are provided by NFC systems are advantageous to minimize the risk of eavesdropping. In this work we show that although the communication range of NFC systems is limited to several centimeters, side-channel information modulated on the reader signal can be measured at much larger distances. We name the side-channel information modulated on the reader signal parasitic load modulation. By measuring the parasitic load modulation of a tag, so-called remote side-channel analysis (SCA) attacks can be applied. We verify the practicability of such remote attacks by analyzing a security-enabled NFC tag with an integrated Advanced Encryption Standard (AES) module. The analyzed NFC tag operates at a carrier frequency of 13.56 MHz and uses the well known ISO 14443A communication standard. We were able to conduct successful remote SCA attacks at distances up to 1 m. No special measurement equipment is required, a self-made loop antenna, a broadband amplifier, and an oscilloscope are sufficient. We further formulate a relationship between attack performance and measurement distance that is confirmed by our practical results. These are the first remote SCA attacks on an NFC tag and on tags operating in the high-frequency range at 13.56 MHz at all. The results emphasize that the integration of suitable SCA countermeasures is inevitable.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)
Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., Szydlo, M.: Security Analysis of a Cryptographically-Enabled RFID Device. In: Proceedings of USENIX Security Symposium, Baltimore, Maryland, USA, pp. 1–16 (July-August 2005)
Carluccio, D., Lemke, K., Paar, C.: Electromagnetic Side Channel Analysis of a Contactless Smart Card: First Results. In: Oswald, E. (ed.) RFIDSec 2005, Graz, Austria, July 13-15, pp. 44–51 (2005)
Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards. In: Second Advanced Encryption Standard (AES) Candidate Conference, Rome, Italy (1999)
Courtois, N.T., O’Neil, S., Quisquater, J.-J.: Practical Algebraic Attacks on the Hitag2 Stream Cipher. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 167–176. Springer, Heidelberg (2009)
Finkenzeller, K.: RFID-Handbook, 2nd edn. Carl Hanser Verlag (April 2003) ISBN 0-470-84402-7
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)
Ha, J.C., Kim, C., Moon, S.-J., Park, I., Yoo, H.: Differential Power Analysis on Block Cipher ARIA. In: Yang, L.T., Rana, O.F., Di Martino, B., Dongarra, J. (eds.) HPCC 2005. LNCS, vol. 3726, pp. 541–548. Springer, Heidelberg (2005)
Hutter, M., Mangard, S., Feldhofer, M.: Power and EM Attacks on Passive 13.56 MHz RFID Devices. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 320–333. Springer, Heidelberg (2007)
International Organisation for Standardization (ISO). ISO/IEC 7816-4: Information technology - Identification cards - Integrated circuit(s) cards with contacts - Part 4: Interindustry commands for interchange (1995), http://www.iso.org
International Organisation for Standardization (ISO). ISO/IEC 15693-3: Identification cards - Contactless integrated circuit(s) cards - Vicinity cards – Part 3: Anticollision and transmission protocol (2001)
International Organization for Standardization (ISO). ISO/IEC 14443-3: Identification Cards - Contactless Integrated Circuit(s) Cards - Proximity Cards - Part3: Initialization and Anticollision(2001), http://www.iso.org
International Organization for Standardization (ISO). ISO/IEC 14443-4: Identification Cards - Contactless Integrated Circuit(s) Cards - Proximity Cards - Part4: Transmission Protocol (2008), http://www.iso.org
Jaffe, J.: More Differential Power Analysis: Selected DPA Attacks. Presented at ECRYPT Summerschool on Cryptographic Hardware, Side Channel and Fault Analysis (June 2006)
Kasper, T., Oswald, D., Paar, C.: EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 79–93. Springer, Heidelberg (2009)
Kfir, Z., Wool, A.: Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems. In: Proceedings SecureComm 2005, Athens, Greece, September 5-9, pp. 47–58. IEEE Computer Society (2005)
Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Korak, T., Plos, T., Hutter, M.: Attacking an AES-Enabled NFC Tag: Implications from Design to a Real-World Scenario. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 17–32. Springer, Heidelberg (2012)
Lemke, K., Schramm, K., Paar, C.: DPA on n-Bit Sized Boolean and Arithmetic Operations and Its Application to IDEA, RC6, and the HMAC-Construction. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 205–219. Springer, Heidelberg (2004)
Mangard, S.: Exploiting Radiated Emissions - EM Attacks on Cryptographic ICs. In: Ostermann, T., Lackner, C. (eds.) Proceedings of Austrochip 2003, October 3, pp. 13–16 (2003) ISBN 3-200-00021-X
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer (2007) ISBN 978-0-387-30857-9
National Institute of Standards and Technology (NIST). FIPS-197: Advanced Encryption Standard (November 2001), http://www.itl.nist.gov/fipspubs/
NFC Forum. NFC Forum Type 4 Tag Operation - Technical Specification (March 2007)
Nohl, K.: Cryptanalysis of Crypto-1. Computer Science Department University of Virginia, White Paper (2008)
Oren, Y., Shamir, A.: Remote Password Extraction from RFID Tags. IEEE Transactions on Computers 56(9), 1292–1296 (2007)
Örs, S.B., Gürkaynak, F.K., Oswald, E., Preneel, B.: Power-Analysis Attack on an ASIC AES Implementation. In: Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 2004), Las Vegas, Nevada, USA, April 5-7, vol. 2, IEEE Computer Society (2004) ISBN 0-7695-2108-8
Oswald, D., Paar, C.: Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 207–222. Springer, Heidelberg (2011)
Plos, T.: Susceptibility of UHF RFID Tags to Electromagnetic Analysis. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 288–300. Springer, Heidelberg (2008)
Plos, T., Maierhofer, C.: On Measuring the Parasitic Backscatter of Sensor-enabled UHF RFID Tags. In: Proceedings of ARES 2012, Prague, Czech Republic, pp. 38–46. IEEE (August 2012)
Whitnall, C., Oswald, E.: A Comprehensive Evaluation of Mutual Information Analysis Using a Fair Evaluation Framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 316–334. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Korak, T., Plos, T. (2013). Applying Remote Side-Channel Analysis Attacks on a Security-Enabled NFC Tag. In: Dawson, E. (eds) Topics in Cryptology – CT-RSA 2013. CT-RSA 2013. Lecture Notes in Computer Science, vol 7779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36095-4_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-36095-4_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36094-7
Online ISBN: 978-3-642-36095-4
eBook Packages: Computer ScienceComputer Science (R0)