A Template Attack Against VERIFY PIN Algorithms

Hélène Le Bouder, Thierno Barry, Damien Couroussé, Jean-Louis Lanet, Ronan Lashermes

Abstract

This paper presents the first side channel analysis from electromagnetic emissions on VERIFY PIN algorithms. To enter a PIN code, a user has a limited number of trials. Therefore the main difficulty of the attack is to succeed with very few traces. More precisely, this work implements a template attack and experimentally verifies its success rate. It becomes a new real threat, and it is feasible on a low cost and portable platform. Moreover, this paper shows that some protections for VERIFY PIN algorithms against fault attacks introduce new vulnerabilities with respect to side channel analysis.

References

  1. Andriotis, P., Tryfonas, T., Oikonomou, G., and Yildiz, C. (2013). A pilot study on the security of pattern screenlock methods and soft side channel attacks. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks, pages 1-6.
  2. Archambeau, C., Eric Peeters, Standaert, F.-X., and Quisquater, J.-J. Template attacks in principal subspaces. In Cryptographic Hardware and Embedded Systems-CHES 2006, pages 1-14. Springer.
  3. Brier, E., Clavier, C., and Olivier, F. (2004). Correlation Power Analysis with a Leakage Model. In Cryptographic Hardware and Embedded Systems-CHES, pages 16-29.
  4. Chari, S., Rao, J. R., and Rohatgi, P. (2003). Template attacks. In Cryptographic Hardware and Embedded Systems-CHES 2002, pages 13-28. Springer.
  5. Choudary, O. and Kuhn, M. G. (2014). Efficient template attacks. In Smart Card Research and Advanced Applications, pages 253-270. Springer.
  6. Elaabid, M. A., Guilley, S., and Hoogvorst, P. (2007). Template Attacks with a Power Model. IACR Cryptology ePrint Archive, 2007:443.
  7. Folkman, L. (2007). The use of a power analysis for influencing PIN verification on cryptographic smart card. Bakalásk práce, Masarykova univerzita, Fakulta informatiky.
  8. Foo Kune, D. and Kim, Y. (2010). Timing attacks on pin input devices. In Proceedings of the 17th ACM conference on Computer and communications security, pages 678-680. ACM.
  9. Kocher, P. C. (1996). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. InAdvances in Cryptology-CRYPTO'96 , pages 104-113. Springer.
  10. Linge, Y., Dumas, C., and Lambert Lacroix, S. Using the Joint Distributions of a Cryptographic Function in Side Channel Analysis. In Constructive Side-Channel Analysis and Secure Design - COSADE 2014, pages 199-213. Springer.
  11. Mangard, S. A simple power-analysis (SPA) attack on implementations of the AES key expansion. In Information Security and Cryptology-ICISC 2002 , pages 343-358. Springer.
  12. Mangard, S., Oswald, E., and Popp, T. (2008a). Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media.
  13. Mangard, S., Oswald, E., and Popp, T. (2008b). Power analysis attacks: Revealing the secrets of smart cards, volume 31. Springer Science & Business Media.
  14. Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., and Encrenaz, E. Electromagnetic fault injection: towards a fault model on a 32-bit microcontroller. In Fault Diagnosis and Tolerance in Cryptography (FDTC), 2013 Workshop on, pages 77-88. IEEE.
  15. Oswald, E. and Mangard, S. (2006). Template attacks on masking-resistance is futile. In Topics in Cryptology-CT-RSA 2007, pages 243-256. Springer.
  16. Quisquater, J.-J. and Samyde, D. (2001). Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In Smart Card Programming and Security, pages 200-210. Springer.
  17. Rechberger, C. and Oswald, E. (2005). Practical template attacks. In Information Security Applications, pages 440-456. Springer.
  18. Riviere, L. (2015). Sécurité des implémentations logicielles face aux attaques par injection de faute sur systemes embarqués. PhD thesis, Telecom Paris Tech.
  19. Riviere, L., Najm, Z., Rauzy, P., Danger, J.-L., Bringer, J., and Sauvage, L. High precision fault injections on the instruction cache of ARMv7-M architectures. In Hardware Oriented Security and Trust (HOST), 2015 IEEE International Symposium on, pages 62-67. IEEE.
Download


Paper Citation


in Harvard Style

Le Bouder H., Barry T., Couroussé D., Lanet J. and Lashermes R. (2016). A Template Attack Against VERIFY PIN Algorithms . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 231-238. DOI: 10.5220/0005955102310238


in Bibtex Style

@conference{secrypt16,
author={Hélène Le Bouder and Thierno Barry and Damien Couroussé and Jean-Louis Lanet and Ronan Lashermes},
title={A Template Attack Against VERIFY PIN Algorithms},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},
year={2016},
pages={231-238},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005955102310238},
isbn={978-989-758-196-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - A Template Attack Against VERIFY PIN Algorithms
SN - 978-989-758-196-0
AU - Le Bouder H.
AU - Barry T.
AU - Couroussé D.
AU - Lanet J.
AU - Lashermes R.
PY - 2016
SP - 231
EP - 238
DO - 10.5220/0005955102310238