Side-Channel Attack on a Protected RFID Card

Side-channel attack is a known security risk to smart cards, and there have been efforts by smart card manufacturers to incorporate side-channel attack countermeasures. In this paper, we study a widely used smart card that uses the 3DES algorithm. First, a platform is setup to extract the power cons...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2018-01, Vol.6, p.58395-58404
Hauptverfasser:	Xu, Rixin, Zhu, Liehuang, Wang, An, Du, Xiaojiang, Choo, Kim-Kwang Raymond, Zhang, Guoshuang, Gai, Keke
Format:	Artikel
Sprache:	eng
Schlagworte:	Algorithms Complexity Cryptoanalysis Electromagnetic radiation Encryption power analysis Power consumption Probes Security side-channel analysis Side-channel attacks Slicing smart card attack Smart cards Three-dimensional displays
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	58404
container_issue
container_start_page	58395
container_title	IEEE access
container_volume	6
creator	Xu, Rixin Zhu, Liehuang Wang, An Du, Xiaojiang Choo, Kim-Kwang Raymond Zhang, Guoshuang Gai, Keke
description	Side-channel attack is a known security risk to smart cards, and there have been efforts by smart card manufacturers to incorporate side-channel attack countermeasures. In this paper, we study a widely used smart card that uses the 3DES algorithm. First, a platform is setup to extract the power consumption information from the electromagnetic wave. Based on the findings from the initial analysis, we determine that the card is equipped with a "head and tail protection" mechanism. Second, a chosen-plaintext power analysis with a complexity of 2 16 is proposed, which is designed to recover the second round key from the power leakage in the third round. Then, a slicing-collision-algebraic attack is presented, which decreases the complexity to 2 6 rapidly. The experiments show that after collecting 20000 power traces (in approximately 200 s), only 2^{6} \times 8 key guesses and another 177 searches (about 300 seconds) are sufficient in recovering the 56-bit source keys of DES successfully. In other words, we demonstrate how the security of the 3DES card can be easily compromised, using side-channel attacks. Finally, we recommend that the head and tail protection should extend to the first and last four rounds, at the minimal, in order to be side-channel attack resilience.
doi_str_mv	10.1109/ACCESS.2018.2870663
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2455886016</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8466941</ieee_id><doaj_id>oai_doaj_org_article_2860075af09f4910a99a292cde15a6c1</doaj_id><sourcerecordid>2455886016</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-8b4caad9bb99c3b04e3dab9c5a4447c7a5221df1eeb114c9750149927eee9fad3</originalsourceid><addsrcrecordid>eNpNUMtOwzAQtBBIVKVf0EskrqT4HftYhQKVKoEonK2N7UBKiYuTHvh7XFJV7GVXo5nZ0SA0JXhGCNa387JcrNcziomaUVVgKdkZGlEidc4Ek-f_7ks06boNTqMSJIoRulk3zuflB7St32bzvgf7mYU2g-w5ht7b3rvs5X55l5UQ3RW6qGHb-clxj9Hb_eK1fMxXTw_Lcr7KLceqz1XFLYDTVaW1ZRXmnjmotBXAOS9sAYJS4mrifUUIt7oQmHCtaeG91zU4NkbLwdcF2JhdbL4g_pgAjfkDQnw3EPvGbr2hSmJcCKixrrkmGLQGqql1ngiQliSv68FrF8P33ne92YR9bFN8Q7kQKumJTCw2sGwMXRd9ffpKsDm0bIaWzaFlc2w5qaaDqknJTwrFpdScsF8hl3WB</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455886016</pqid></control><display><type>article</type><title>Side-Channel Attack on a Protected RFID Card</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Xu, Rixin ; Zhu, Liehuang ; Wang, An ; Du, Xiaojiang ; Choo, Kim-Kwang Raymond ; Zhang, Guoshuang ; Gai, Keke</creator><creatorcontrib>Xu, Rixin ; Zhu, Liehuang ; Wang, An ; Du, Xiaojiang ; Choo, Kim-Kwang Raymond ; Zhang, Guoshuang ; Gai, Keke</creatorcontrib><description>Side-channel attack is a known security risk to smart cards, and there have been efforts by smart card manufacturers to incorporate side-channel attack countermeasures. In this paper, we study a widely used smart card that uses the 3DES algorithm. First, a platform is setup to extract the power consumption information from the electromagnetic wave. Based on the findings from the initial analysis, we determine that the card is equipped with a "head and tail protection" mechanism. Second, a chosen-plaintext power analysis with a complexity of 2 16 is proposed, which is designed to recover the second round key from the power leakage in the third round. Then, a slicing-collision-algebraic attack is presented, which decreases the complexity to 2 6 rapidly. The experiments show that after collecting 20000 power traces (in approximately 200 s), only <inline-formula> <tex-math notation="LaTeX">2^{6} \times 8 </tex-math></inline-formula> key guesses and another 177 searches (about 300 seconds) are sufficient in recovering the 56-bit source keys of DES successfully. In other words, we demonstrate how the security of the 3DES card can be easily compromised, using side-channel attacks. Finally, we recommend that the head and tail protection should extend to the first and last four rounds, at the minimal, in order to be side-channel attack resilience.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2018.2870663</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Algorithms ; Complexity ; Cryptoanalysis ; Electromagnetic radiation ; Encryption ; power analysis ; Power consumption ; Probes ; Security ; side-channel analysis ; Side-channel attacks ; Slicing ; smart card attack ; Smart cards ; Three-dimensional displays</subject><ispartof>IEEE access, 2018-01, Vol.6, p.58395-58404</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-8b4caad9bb99c3b04e3dab9c5a4447c7a5221df1eeb114c9750149927eee9fad3</citedby><cites>FETCH-LOGICAL-c408t-8b4caad9bb99c3b04e3dab9c5a4447c7a5221df1eeb114c9750149927eee9fad3</cites><orcidid>0000-0002-9873-1308 ; 0000-0001-9208-5336 ; 0000-0003-3277-3887 ; 0000-0001-6784-0221</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8466941$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,777,781,861,2096,27614,27905,27906,54914</link.rule.ids></links><search><creatorcontrib>Xu, Rixin</creatorcontrib><creatorcontrib>Zhu, Liehuang</creatorcontrib><creatorcontrib>Wang, An</creatorcontrib><creatorcontrib>Du, Xiaojiang</creatorcontrib><creatorcontrib>Choo, Kim-Kwang Raymond</creatorcontrib><creatorcontrib>Zhang, Guoshuang</creatorcontrib><creatorcontrib>Gai, Keke</creatorcontrib><title>Side-Channel Attack on a Protected RFID Card</title><title>IEEE access</title><addtitle>Access</addtitle><description>Side-channel attack is a known security risk to smart cards, and there have been efforts by smart card manufacturers to incorporate side-channel attack countermeasures. In this paper, we study a widely used smart card that uses the 3DES algorithm. First, a platform is setup to extract the power consumption information from the electromagnetic wave. Based on the findings from the initial analysis, we determine that the card is equipped with a "head and tail protection" mechanism. Second, a chosen-plaintext power analysis with a complexity of 2 16 is proposed, which is designed to recover the second round key from the power leakage in the third round. Then, a slicing-collision-algebraic attack is presented, which decreases the complexity to 2 6 rapidly. The experiments show that after collecting 20000 power traces (in approximately 200 s), only <inline-formula> <tex-math notation="LaTeX">2^{6} \times 8 </tex-math></inline-formula> key guesses and another 177 searches (about 300 seconds) are sufficient in recovering the 56-bit source keys of DES successfully. In other words, we demonstrate how the security of the 3DES card can be easily compromised, using side-channel attacks. Finally, we recommend that the head and tail protection should extend to the first and last four rounds, at the minimal, in order to be side-channel attack resilience.</description><subject>Algorithms</subject><subject>Complexity</subject><subject>Cryptoanalysis</subject><subject>Electromagnetic radiation</subject><subject>Encryption</subject><subject>power analysis</subject><subject>Power consumption</subject><subject>Probes</subject><subject>Security</subject><subject>side-channel analysis</subject><subject>Side-channel attacks</subject><subject>Slicing</subject><subject>smart card attack</subject><subject>Smart cards</subject><subject>Three-dimensional displays</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUMtOwzAQtBBIVKVf0EskrqT4HftYhQKVKoEonK2N7UBKiYuTHvh7XFJV7GVXo5nZ0SA0JXhGCNa387JcrNcziomaUVVgKdkZGlEidc4Ek-f_7ks06boNTqMSJIoRulk3zuflB7St32bzvgf7mYU2g-w5ht7b3rvs5X55l5UQ3RW6qGHb-clxj9Hb_eK1fMxXTw_Lcr7KLceqz1XFLYDTVaW1ZRXmnjmotBXAOS9sAYJS4mrifUUIt7oQmHCtaeG91zU4NkbLwdcF2JhdbL4g_pgAjfkDQnw3EPvGbr2hSmJcCKixrrkmGLQGqql1ngiQliSv68FrF8P33ne92YR9bFN8Q7kQKumJTCw2sGwMXRd9ffpKsDm0bIaWzaFlc2w5qaaDqknJTwrFpdScsF8hl3WB</recordid><startdate>20180101</startdate><enddate>20180101</enddate><creator>Xu, Rixin</creator><creator>Zhu, Liehuang</creator><creator>Wang, An</creator><creator>Du, Xiaojiang</creator><creator>Choo, Kim-Kwang Raymond</creator><creator>Zhang, Guoshuang</creator><creator>Gai, Keke</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-9873-1308</orcidid><orcidid>https://orcid.org/0000-0001-9208-5336</orcidid><orcidid>https://orcid.org/0000-0003-3277-3887</orcidid><orcidid>https://orcid.org/0000-0001-6784-0221</orcidid></search><sort><creationdate>20180101</creationdate><title>Side-Channel Attack on a Protected RFID Card</title><author>Xu, Rixin ; Zhu, Liehuang ; Wang, An ; Du, Xiaojiang ; Choo, Kim-Kwang Raymond ; Zhang, Guoshuang ; Gai, Keke</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-8b4caad9bb99c3b04e3dab9c5a4447c7a5221df1eeb114c9750149927eee9fad3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Algorithms</topic><topic>Complexity</topic><topic>Cryptoanalysis</topic><topic>Electromagnetic radiation</topic><topic>Encryption</topic><topic>power analysis</topic><topic>Power consumption</topic><topic>Probes</topic><topic>Security</topic><topic>side-channel analysis</topic><topic>Side-channel attacks</topic><topic>Slicing</topic><topic>smart card attack</topic><topic>Smart cards</topic><topic>Three-dimensional displays</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Xu, Rixin</creatorcontrib><creatorcontrib>Zhu, Liehuang</creatorcontrib><creatorcontrib>Wang, An</creatorcontrib><creatorcontrib>Du, Xiaojiang</creatorcontrib><creatorcontrib>Choo, Kim-Kwang Raymond</creatorcontrib><creatorcontrib>Zhang, Guoshuang</creatorcontrib><creatorcontrib>Gai, Keke</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Xu, Rixin</au><au>Zhu, Liehuang</au><au>Wang, An</au><au>Du, Xiaojiang</au><au>Choo, Kim-Kwang Raymond</au><au>Zhang, Guoshuang</au><au>Gai, Keke</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Side-Channel Attack on a Protected RFID Card</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2018-01-01</date><risdate>2018</risdate><volume>6</volume><spage>58395</spage><epage>58404</epage><pages>58395-58404</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Side-channel attack is a known security risk to smart cards, and there have been efforts by smart card manufacturers to incorporate side-channel attack countermeasures. In this paper, we study a widely used smart card that uses the 3DES algorithm. First, a platform is setup to extract the power consumption information from the electromagnetic wave. Based on the findings from the initial analysis, we determine that the card is equipped with a "head and tail protection" mechanism. Second, a chosen-plaintext power analysis with a complexity of 2 16 is proposed, which is designed to recover the second round key from the power leakage in the third round. Then, a slicing-collision-algebraic attack is presented, which decreases the complexity to 2 6 rapidly. The experiments show that after collecting 20000 power traces (in approximately 200 s), only <inline-formula> <tex-math notation="LaTeX">2^{6} \times 8 </tex-math></inline-formula> key guesses and another 177 searches (about 300 seconds) are sufficient in recovering the 56-bit source keys of DES successfully. In other words, we demonstrate how the security of the 3DES card can be easily compromised, using side-channel attacks. Finally, we recommend that the head and tail protection should extend to the first and last four rounds, at the minimal, in order to be side-channel attack resilience.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2018.2870663</doi><tpages>10</tpages><orcidid>https://orcid.org/0000-0002-9873-1308</orcidid><orcidid>https://orcid.org/0000-0001-9208-5336</orcidid><orcidid>https://orcid.org/0000-0003-3277-3887</orcidid><orcidid>https://orcid.org/0000-0001-6784-0221</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2018-01, Vol.6, p.58395-58404
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2455886016
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects	Algorithms Complexity Cryptoanalysis Electromagnetic radiation Encryption power analysis Power consumption Probes Security side-channel analysis Side-channel attacks Slicing smart card attack Smart cards Three-dimensional displays
title	Side-Channel Attack on a Protected RFID Card
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-19T03%3A28%3A36IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Side-Channel%20Attack%20on%20a%20Protected%20RFID%20Card&rft.jtitle=IEEE%20access&rft.au=Xu,%20Rixin&rft.date=2018-01-01&rft.volume=6&rft.spage=58395&rft.epage=58404&rft.pages=58395-58404&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2018.2870663&rft_dat=%3Cproquest_cross%3E2455886016%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2455886016&rft_id=info:pmid/&rft_ieee_id=8466941&rft_doaj_id=oai_doaj_org_article_2860075af09f4910a99a292cde15a6c1&rfr_iscdi=true