Advertisement

Datenschutz und Datensicherheit - DuD

, Volume 35, Issue 11, pp 786–790 | Cite as

Seitenkanalanalyse kontaktloser SmartCards

  • Timo Kasper
  • David Oswald
  • Christof Paar
Schwerpunkt
  • 148 Downloads

Zusammenfassung

Berührungslose RFID-Technologie wird weltweit für verschiedenste sicherheitsrelevante Anwendungen wie den Identitätsnachweis oder Bezahlvorgänge eingesetzt. Nach der Aufdeckung von Schwachstellen im kryptografischen Schutz der „ersten Generation“ kontaktloser SmartCards hoffte man auf die mit sicheren Chiffren versehenen Nachfolger. Der Beitrag zeigt die Anfälligkeit kontaktloser SmartCards für Seitenkanalangriffe am Beispiel der Mifare DESFire MF3ICD40.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [BSI08]
    Bundesamt für Sicherheit in der Informationstechnik. Messung der Abstrahleigenschaften von RFID-Systemen, Version 2.05. Technical report, 2008. https://www.bsi.bund.de/ContentBSI/Themen/Elekausweise/rfid/MarsStudie/marsstudie.html
  2. [BSI10]
    Bundesamt für Sicherheit in der Informationstechnik. TR-03110 Advanced Security Mechanisms for Machine Readable Travel Documents. Technical Guideline TR-03110, V. 2.05 https://www.bsi.bund.de/DE/Themen/ElektronischeAusweise/elektronischeausweise_node.html
  3. [Cou09]
    Nicolas Courtois. The Dark Side of Security by Obscurity - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime. In SECRYPT, pages 331–338. INSTICC, 2009.Google Scholar
  4. [Eis08]
    T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. M. Shalmani. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme. In CRYPTO 2008, volume 5157 of LNCS, pages 203–220. Springer.Google Scholar
  5. [Fin03]
    Klaus Finkenzeller. RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification. John Wiley and Sons, 2nd edition, 2003.Google Scholar
  6. [Han06]
    Gerhard P. Hancke. Practical Attacks on Proximity Identification Systems (Short Paper). In IEEE Symposium on Security and Privacy 2006. http://www.cl.cam.ac.uk/~gh275/SPPractical.pdf
  7. [Int01]
    International Organization for Standardization (ISO). ISO/IEC 14443: Identification Cards — Contactless Integrated Circuit(s) Cards — Proximity Cards — Part 1–4, 2001. www.iso.ch
  8. [KJJ99]
    P. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In CRYPTO 99, volume 1666 of LNCS, pages 388–397. Springer, 1999.CrossRefGoogle Scholar
  9. [KOP10]
    Timo Kasper, David Oswald, and Christof Paar. A Versatile Framework for Implementation Attacks on Cryptographic RFIDs and Embedded Devices. Volume 10 of Transactions on Computational Science, LNCS 6340, pages 100–130. Springer, 2010.Google Scholar
  10. [KSP10]
    Timo Kasper, Michael Silbermann, and Christof Paar. All You Can Eat or Breaking a Real-World Contactless Payment System. In Financial Cryptography 2010, volume 6052 of Lecture Notes in Computer Science, pages 343–350. Springer.Google Scholar
  11. [NESP08]
    Karsten Nohl, David Evans, Starbug, and Henryk Plötz. Reverse-Engineering a Cryptographic RFID Tag. In USENIX Security Symposium, pages 185–194, 2008.Google Scholar
  12. [NPR10]
    Karsten Nohl, Henryk Plötz, and Andreas Rohr. Establishing Security Best Practices in Access Control. 2011. http://www.srlabs.de/pub/acs
  13. [NSA07]
    National Security Agency (NSA) TEMPEST: A Signal Problem. Declassified September 2007 http://www.nsa.gov/public_info/_files/cryptologic_spectrum/tempest.pdf
  14. [OP11]
    David Oswald and Christof Paar. Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World. In CHES 2011, to appear.Google Scholar
  15. [PN09]
    Henrik Plötz and Karsten Nohl. Legic Prime: Obscurity in Depth. 2009. http://events.ccc.de/congress/2009/Fahrplan/attachments/1506_legic-slides.pdf
  16. [ST]
    Adi Shamir and Eran Tromer. Acoustic cryptanalysis: On nosy people and noisy machines. http://cs.tau.ac.il/~tromer/acoustic/

Copyright information

© Springer Fachmedien Wiesbaden 2011

Authors and Affiliations

  • Timo Kasper
  • David Oswald
  • Christof Paar

There are no affiliations available

Personalised recommendations