Abstract
Atmel’s CryptoMemory devices are non-volatile memories with cryptographically secured access control. Recently, the authentication mechanism of these devices have been shown to be severely vulnerable. More precisely, to recover the secret key the published attack requires only two to six days of computation on a cluster involving 200 CPU cores. In this work, we identified and applied theoretical improvements to this attack and mapped it to a reconfigurable computing cluster, known as RIVYERA. Our solution provides significantly higher performance exceeding the previous implementation by a factor of 7.27, revealing the secret key obtained from the internal state in 0.55 days on average using only 30 authentication frames.
Chapter PDF
Similar content being viewed by others
References
Atmel Corporation. CryptoMemory for Removable Storage Devices and Reprogrammable Keys, http://www.cryptomemorykey.com/pdfs/AtmelCryptoMemoryFlier.pdf (retrieved April 15, 2013)
Atmel Corporation. CryptoMemory specification (2007), http://www.atmel.com/Images/doc5211.pdf (retrieved April 15, 2013)
Balasch, J., Gierlichs, B., Verdult, R., Batina, L., Verbauwhede, I.: Power Analysis of Atmel CryptoMemory – Recovering Keys from Secure EEPROMs. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 19–34. Springer, Heidelberg (2012)
Biryukov, A., Kizhvatov, I., Zhang, B.: Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 91–109. Springer, Heidelberg (2011)
Biryukov, A., Kizhvatov, I., Zhang, B.: Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF. IACR Cryptology ePrint Archive, p. 22 (2011)
Digitrade GmbH, http://www.digittrade.de/shop/index.php/cat/c66_HS256S-High-Security.html (April 15, 2013)
Dipert, B.: The Zune HD: more than an iPod touch wanna-be? In: EDN (2009)
Garcia, F., van Rossum, P., Verdult, R., Wichers Schreur, R.: Dismantling SecureMemory, CryptoMemory and CryptoRF. In: CCS 2010, pp. 250–259. ACM (2010)
Giacomelli, M.: SanDisk Sansa Connect, http://www.rockbox.org/wiki/SansaConnect
Güneysu, T., Kasper, T., Novotný, M., Paar, C., Rupp, A.: Cryptanalysis with COPACOBANA. IEEE Transactions on Computers 57(11), 1498–1513 (2008)
Güneysu, T., Pfeiffer, G., Paar, C., Schimmler, M.: Three Years of Evolution: Cryptanalysis with COPACOBANA. In: SHARCS 2009, pp. 9–10 (2009)
Intel. Intel Xeon Processor 5600 Series: Product Brief, http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/xeon-5600-brief.pdf (April 15, 2013)
Jarboe, M.: Introduction to CryptoMemory. Atmel Applications Journal 3, 28 (2004)
József, S.: AT88SC0204 ChipResetter, http://chipreset.atw.hu/6/index61.html (April 15, 2013)
Labgear. Labgear HDSR300 High Definition Satellite Receiver. User Guide, http://www.free-instruction-manuals.com/pdf/p4789564.pdf (April 15, 2013)
NVIDIA Corporation. Checklist for Building a PC that Plays HD DVD or Blue-ray Movies, ftp://download.nvidia.com/downloads/pvzone/Checklist_for_Building_a_HDPC.pdf (retrieved April 15, 2013)
SciEngines GmbH, http://www.sciengines.com
Xilinx. Spartan-3 FPGA Family: Complete Data Sheet. Product Documentation (November 2005)
Xilinx. Spartan-3 Generation FPGA User Guide. Product Documentation (June 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wild, A., Güneysu, T., Moradi, A. (2013). Attacking Atmel’s CryptoMemory EEPROM with Special-Purpose Hardware. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds) Applied Cryptography and Network Security. ACNS 2013. Lecture Notes in Computer Science, vol 7954. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38980-1_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-38980-1_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38979-5
Online ISBN: 978-3-642-38980-1
eBook Packages: Computer ScienceComputer Science (R0)