×

Applying remote side-channel analysis attacks on a security-enabled NFC tag. (English) Zbl 1312.94065

Dawson, Ed (ed.), Topics in cryptology – CT-RSA 2013. The cryptographers’ track at the RSA conference 2013, San Francisco, CA, USA, February 25–March 1, 2013. Proceedings. Berlin: Springer (ISBN 978-3-642-36094-7/pbk). Lecture Notes in Computer Science 7779, 207-222 (2013).
Summary: The number of applications that rely on near-field communication (NFC) technology is significantly growing. Especially for security-related applications, short communication ranges as they are provided by NFC systems are advantageous to minimize the risk of eavesdropping. In this work we show that although the communication range of NFC systems is limited to several centimeters, side-channel information modulated on the reader signal can be measured at much larger distances. We name the side-channel information modulated on the reader signal parasitic load modulation. By measuring the parasitic load modulation of a tag, so-called remote side-channel analysis (SCA) attacks can be applied. We verify the practicability of such remote attacks by analyzing a security-enabled NFC tag with an integrated Advanced Encryption Standard (AES) module. The analyzed NFC tag operates at a carrier frequency of 13.56 MHz and uses the well known ISO 14443A communication standard. We were able to conduct successful remote SCA attacks at distances up to 1 m. No special measurement equipment is required, a self-made loop antenna, a broadband amplifier, and an oscilloscope are sufficient. We further formulate a relationship between attack performance and measurement distance that is confirmed by our practical results. These are the first remote SCA attacks on an NFC tag and on tags operating in the high-frequency range at 13.56 MHz at all. The results emphasize that the integration of suitable SCA countermeasures is inevitable.
For the entire collection see [Zbl 1258.94003].

MSC:

94A60 Cryptography

Software:

HiTag2
PDFBibTeX XMLCite
Full Text: DOI