TY - GEN
T1 - On the need of physical security for small embedded devices
T2 - 17th International Conference on Financial Cryptography and Data Security, FC 2013
AU - Zhou, Yuanyuan
AU - Yu, Yu
AU - Standaert, François Xavier
AU - Quisquater, Jean Jacques
PY - 2013
Y1 - 2013
N2 - Ensuring the physical security of small embedded devices is challenging. Such devices have to be produced under strong cost constraints, and generally operate with limited power and energy budget. However, they may also be deployed in applications where physical access is indeed possible for adversaries. In this paper, we consider the case of SIM cards to discuss these issues, and report on successful side-channel attacks against several (old but still deployed) implementations of the COMP128-1 algorithm. Such attacks are able to recover cryptographic keys with limited time and data, by measuring the power consumption of the devices manipulating them, hence allowing cards cloning and communications eavesdropping. This study allows us to put forward the long term issues raised by the deployment of cryptographic implementations. It provides a motivation for improving the physical security of small embedded devices early in their development. We also use it to argue that public standards for cryptographic algorithms and transparent physical security evaluation methodologies are important tools for this purpose.
AB - Ensuring the physical security of small embedded devices is challenging. Such devices have to be produced under strong cost constraints, and generally operate with limited power and energy budget. However, they may also be deployed in applications where physical access is indeed possible for adversaries. In this paper, we consider the case of SIM cards to discuss these issues, and report on successful side-channel attacks against several (old but still deployed) implementations of the COMP128-1 algorithm. Such attacks are able to recover cryptographic keys with limited time and data, by measuring the power consumption of the devices manipulating them, hence allowing cards cloning and communications eavesdropping. This study allows us to put forward the long term issues raised by the deployment of cryptographic implementations. It provides a motivation for improving the physical security of small embedded devices early in their development. We also use it to argue that public standards for cryptographic algorithms and transparent physical security evaluation methodologies are important tools for this purpose.
KW - embedded devices
KW - hardware security
KW - side-channel analysis
UR - https://www.scopus.com/pages/publications/84883282434
U2 - 10.1007/978-3-642-39884-1_20
DO - 10.1007/978-3-642-39884-1_20
M3 - 会议稿件
AN - SCOPUS:84883282434
SN - 9783642398834
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 230
EP - 238
BT - Financial Cryptography and Data Security - 17th International Conference, FC 2013, Revised Selected Papers
Y2 - 1 April 2013 through 5 April 2013
ER -