Michael Hutter (#624)
Topic of his/her doctorate.
Secure and Efficient Implementation of RFID Tags Supporting Cryptography
Implementation Attacks, Side-Channel Attacks, Fault Analysis, RFID, Elliptic Curves, VLSI
Year of completion
Radio Frequency Identification (RFID) is a wireless communication technology that has gained a lot of importance in the last decade. This thesis focuses on security aspects of the RFID technology and has been structured into two main parts. The first part analyzes the susceptibility of RFID devices against different implementation attacks. Such attacks make use of physical properties and behavior of electronic devices to extract secret information. We evaluate their vulnerability by presenting results of successful side-channel attacks as well as fault-analysis attacks. Furthermore, we investigate public-key enabled RFID devices that provide cryptographic services like proof-of-origin authentication by digitally signing of data. We present practical attacks on such devices that reveal the private key by power and electromagnetic analysis.
The second part makes use of the findings in part one in order to design a low-resource cryptographic processor for passive RFID tags. The design meets fierce requirements concerning chip area (costs), power consumption (contactless operation), and security. First, we introduce new formulae for Elliptic Curve Cryptography (ECC) that allow an efficient implementation on resource-constraint devices using Co-Z coordinate representation over prime fields. Thereafter, we present the design of a hardware processor that applies the new formulae together with several optimization techniques to implement an efficient and secure RFID processor resistant to most of the presented attacks. We combine both symmetric as well as asymmetric primitives into one piece of silicon by implementing AES-128 and ECDSA using the recommended NIST elliptic curve over GFp192.
The outcomes of the thesis are as follows. First, we show that passive RFID devices are vulnerable to side-channel attacks as well as fault attacks. Most of our experiments can be performed with low cost and simple measurement setups. By evaluating the vulnerability of such devices, we emphasize the need of appropriate countermeasures for passive RFID devices that prevent impersonation through cloning of tags, forging of digital signatures, or the ability of adversaries to provide a proof of origin of RFID-labeled counterfeited goods, for instance. Second, we present a cryptographic processor for passive RFID devices that implements strong cryptography. We apply new formulae for ECC over GFp that improve the state of the art in low-resource implementations in terms of both memory and speed.
michael.hutter (at) iaik.tugraz.at