Skip to main content
SpringerLink
Log in

EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment

  • Conference paper
Information Security Applications (WISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5932))

Included in the following conference series:

Abstract

We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequency Identification Devices (RFID) and develop techniques for facilitating a correlation power analysis (CPA) in the presence of the field of an RFID reader. We practically verify the effectiveness of the developed methods by analysing the security of commercial contactless smartcards employing strong cryptography, pinpointing weaknesses in the protocol and revealing a vulnerability towards side-channel attacks. Employing the developed hardware, we present the first successful key-recovery attack on commercially available contactless smartcards based on the Data Encryption Standard (DES) or Triple-DES (3DES) cipher that are widely used for security-sensitive applications, e.g., payment purposes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Advanced Security Mechanisms for Machine Readable Travel Documents - Extended Access Control (EAC), Password Authenticated Connection Establishment (PACE), and Restricted Identification (RI)., http://www.bsi.de/english/publications/techguidelines/tr03110/TR-03110_v200.pdf

  2. FIPS 46-3 Data Encryption Standard (DES), http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

  3. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM Side-Channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)

    Google Scholar 

  5. Carluccio, D.: Electromagnetic Side Channel Analysis for Embedded Crypto Devices. Master’s thesis, Ruhr Universität Bochum (2005)

    Google Scholar 

  6. Carluccio, D., Lemke, K., Paar, C.: Electromagnetic Side Channel Analysis of a Contactless Smart Card: First Results. In: RFIDSec 2005 Workshop on RFID and Lightweight Crypto (July 2005), http://events.iaik.tugraz.at/RFIDandLightweightCrypto05/RFID-SlidesandProceedings/Carluccio-EMSideChannel.pdf

  7. Courtois, N.T., Nohl, K., O’Neil, S.: Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive, Report 2008/166 (2008)

    Google Scholar 

  8. Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008)

    Google Scholar 

  9. Finkenzeller, K.: RFID-Handbuch, 3rd edn. Hanser Fachbuchverlag (October 2002)

    Google Scholar 

  10. Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE Classic. In: Jajodia, S., López, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Haykin, S.: Communications Systems, 2nd edn., ch. 8. Wiley, Chichester (1983)

    Google Scholar 

  12. Hutter, M., Mangard, S., Feldhofer, M.: Power and EM Attacks on Passive 13.56 MHz RFID Devices. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 320–330. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. International Organization for Standardization. ISO/IEC 14443-3: Identification cards - Contactless integrated circuit(s) cards - Proximity cards - Part 3: Initialization and anticollision, 1st edn. (February 2001)

    Google Scholar 

  14. International Organization for Standardization. ISO/IEC 14443-4: Identification cards - Contactless integrated circuit(s) cards - Proximity cards - Part 4: Transmission protocol, 1st edn. (February 2001)

    Google Scholar 

  15. Kasper, T., Carluccio, D., Paar, C.: An Embedded System for Practical Security Analysis of Contactless Smartcards. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 150–160. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Knuth, D.E.: The Art of Computer Programming, 3rd edn., ch. 2. Seminumerical Algorithms. Addison-Wesley, Boston (1998)

    Google Scholar 

  17. Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  18. Langer EMV-Technik. Details of Near Field Probe Set RF 2, http://www.langer-emv.de/en/produkte/prod_rf2.htm

  19. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: Revealing the secrets of smart cards. Springer, Secaucus (2007)

    MATH  Google Scholar 

  20. Microchip. HCS410, KeeLoq Code Hopping Encoder and Transponder Data Sheet, http://ww1.microchip.com/downloads/en/DeviceDoc/40158e.pdf

  21. NXP. Data Sheet of Mifare Classic 4k chip MF1ICS70 (2008)

    Google Scholar 

  22. Oren, Y., Shamir, A.: Remote Password Extraction from RFID Tags. IEEE Transactions on Computers 56(9), 1292–1296 (2007), http://iss.oy.ne.ro/RemotePowerAnalysisOfRFIDTags

    Article  MathSciNet  Google Scholar 

  23. Pico Technology. PicoScope 5200 USB PC Oscilloscopes (2008)

    Google Scholar 

  24. Plos, T., Hutter, M., Feldhofer, M.: Evaluation of Side-Channel Preprocessing Techniques on Cryptographic-Enabled HF and UHF RFID-Tag Prototypes. In: Dominikus, S. (ed.) Workshop on RFID Security 2008, pp. 114–127 (2008)

    Google Scholar 

  25. Plötz, H.: Mifare Classic - Eine Analyse der Implementierung. Master’s thesis, Humboldt-Universität zu Berlin (2008)

    Google Scholar 

  26. Shanmugam, K.S.: Digital & Analog Communication Systems, ch. 8.3.2. Wiley-India, Chichester (2006)

    Google Scholar 

  27. Tiu, C.C.: A New Frequency-Based Side Channel Attack for Embedded Systems. Master’s thesis, University of Waterloo (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT Security, Ruhr University Bochum, Germany

    Timo Kasper, David Oswald & Christof Paar

Authors
  1. Timo Kasper
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Oswald
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christof Paar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, 646, Eupnae-ri, Shinchang-myun, Asan-si, Chungnam-do, 336-745, Korea

    Heung Youl Youm

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kasper, T., Oswald, D., Paar, C. (2009). EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment. In: Youm, H.Y., Yung, M. (eds) Information Security Applications. WISA 2009. Lecture Notes in Computer Science, vol 5932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10838-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10838-9_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10837-2

  • Online ISBN: 978-3-642-10838-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation