Eindhoven University of Technology MASTER Fault Attacks on Java

Eindhoven University of Technology MASTER Fault Attacks on Java

Eindhoven University of Technology MASTER Fault attacks on Java Card an overview of the vulnerabilities of Java Card enabled Smart Cards against fault attacks Gadellaa, K.O. Award date: 2005 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain TECHNISCHE UNIVERSITEIT EINDHOVEN Department of Mathematics and Computing Science MASTER'S THESIS Fault Attacks on Java Card An overview of the vulnerabilities of Java Card enabled Smart Cards against fault attacks by K.O. Gadellaa Supervisors: dr. E.P. de Vink Eindhoven, August 2005 Abstract This thesis gives a wide overview of the problems of the Java Card technology regarding fault attacks. It uses fault attacks on RSA as an example, and shows how RSA can be broken in various ways. It then gives an overview of the di®erent defense strategies against fault attacks, and how these are applicable against the various means of fault injection. Preface This document presents my master thesis for Technische Informatica at the Eindhoven University of Technology. The research and work was done between november 2004 and august 2005 within the Formal Methods group of the De- partment of Mathematics and Computer Science. My supervisor was Dr. Erik de Vink. Other members of the committee were Dr. Jerry den Hartog, and Dr. Rudolf Mak. ii Contents 1 Introduction 1 1.1 Goal de¯nition . 1 1.2 Structure . 2 2 Smart Cards 3 2.1 Smart Card technology . 3 2.2 Writing programs which use Smart Cards . 4 2.3 Writing programs on Smart Cards . 5 2.3.1 Java Card . 5 2.3.2 MultOS . 9 2.4 Summary . 10 3 Weakness: Inducing Faults 11 3.1 Attacking the Application . 12 3.1.1 O®-card Attacks . 13 3.1.2 Modifying the on-card code . 14 3.2 Attacking the Java Card Runtime Environment . 14 3.2.1 Java Card Runtime Environment issues . 14 3.3 Attacking the Smart Card Processor . 15 3.3.1 Spike Attacks . 16 3.3.2 Glitch Attacks . 16 3.3.3 Optical Attacks . 16 3.3.4 Electromagnetic Perturbation Attacks . 16 3.4 Classi¯cation of di®erent attacks . 17 4 Using Faults: Fault Analysis 19 4.1 RSA . 19 4.2 Fault Analysis . 20 4.2.1 Fault Attack on RSA + CRT . 20 4.2.2 Fault Attack on RSA with Squaring . 21 4.3 Di®erential Fault Analysis . 23 4.3.1 DFA attack on a simple signing protocol . 23 4.3.2 A bit of both | A di®erent attack . 24 4.4 How to use Fault Injection . 24 4.4.1 Attacking the Application . 25 4.4.2 Other methods . 26 iii 5 Prevention and hardening 27 5.1 Hardware Measures . 27 5.1.1 Passive protection . 27 5.1.2 Active Protection . 28 5.2 Software Measures . 28 5.2.1 Checking the outcome . 28 5.2.2 Shamir's countermeasure . 29 5.3 Fault Cryptanalysis hardened algorithms . 29 5.3.1 Threat Classi¯cation . 29 5.3.2 Infective Computation . 30 5.4 Global Platform . 31 5.4.1 Structure . 32 5.4.2 Additional Security . 32 5.5 Overview . 33 5.6 Quality of protection . 33 5.6.1 Software protection . 34 5.6.2 Hardware Protection . 34 5.6.3 Hardened Algorithms . 35 5.6.4 Global Platform . 35 6 Conclusion 36 6.1 Programming in Java Card . 36 6.2 Java Card Security . 37 6.2.1 Open vs. closed source security . 37 6.2.2 Fault attack risk analysis . 37 A Installing OCF and the Chipdrive 39 A.1 Installing the chipdrive . 39 A.2 Getting OCF and using it . 39 A.2.1 Error codes . 40 A.3 Communication between components . 40 A.3.1 APDU's . 40 A.3.2 TLV's . 41 A.4 Working with Smart Cards and OCF . 42 A.4.1 Communicating with the Smart Card . 42 A.4.2 Implementation of the stock-broker example . 43 B Installing Eclipse and the Java Card API 44 B.1 Eclipse . 44 B.2 JCOP . 44 B.3 Error codes . 45 B.3.1 Error codes in Eclipse . 45 B.3.2 Debuggin JavaCard in Eclipse . 45 B.3.3 Error codes in the Simulation . 46 B.3.4 Error codes communicating with the on-card program . 46 iv C Java Card 47 C.1 Working with Java Cards . 47 C.1.1 On-card Applications . 47 C.1.2 Cash Pay . 48 C.2 Cash Pay Code . 49 D Implementation of fault attacks 50 D.1 Implementation of DFA on RSA+CRT . 50 D.2 Implementation of DFA on RSA with squaring . 51 D.3 Implementation of DFA on a simple signing protocol . 55 D.4 Implementation of DFA on RSA by flipping bits . 56 E Java Card Bytecode Converter 58 E.1 PHP code . 58 E.2 Sample . 62 E.2.1 Actual program . 62 E.2.2 output of method.cap . 63 v List of Tables 3.1 Characterization of the di®erent forms of physical attacks . 17 3.2 Overview of requirements and impact of attacks . 18 5.1 Overview of di®erent types of errors . 30 5.2 Overview of the protection given by various defenses . 33 vi List of Figures 2.1 Sample Smart Card . 4 2.2 Java Card Architecture . 7 2.3 MultOS Architecture . 10 3.1 layers on a Java Card enabled Smart Card . 12 3.2 Sample code which can circumvent the ¯rewall . 15 4.1 Exponentiation by squaring and multiplying . 22 4.2 Sample simple RSA implementation . 25 A.1 Schematic display of a Command APDU . 41 A.2 Schematic display of a Response APDU . 41 A.3 Sample code to get data from a smartcard . 42 C.1 Sample Java Card On-Card Application . 48 C.2 The Cash Pay protocol . 49 vii Chapter 1 Introduction This chapter discusses the goals as were set out when starting this research, and the structure of the document. 1.1 Goal de¯nition The goal of this project is to identify vulnerabilities of Java Card applications with respect to di®erential fault attacks. This concerns both the reconstruction of fault attacks reported in the literature, as well as the simulation of di®erential fault attacks. The project results in a Master thesis and a demonstrator. The planning of the project distinguishes ¯ve phases: ² Obtaining hands-on experience with the OCF Framework. Deliverable: working Internet Broker Demo (or similar). ² Getting acquainted with Java Card and the JCOP Toolset by implement- ing small Java Card programs. Deliverable: running generic purse appli- cation (or similar). ² Literature study on fault attacks, including di®erential fault attacks, electro- magnetic side-channels and fault injection, power glitching. Deliverable: discussion of fault attacks in general and description of fault attack vul- nerabilities of Smart Card in particular. ² Vulnerability analysis of Java Card applications regarding di®erential fault attacks based on the reconstruction of known fault attacks. Deliverable: report on the reconstruction and simulation of known fault attacks for Java Card. ² Identi¯cation and validation of countermeasures and robustness of Java Card regarding di®erential fault attacks. Deliverable: report on possibili- ties for DFA hardening. Apart from a discussion of the above issues the ¯nal report will include an overview of the fault attacks that are relevant to Java Card and the implications thereof for the Java Card platform. Also a demonstrator or simulation will be built that illustrates the fault attack vulnerabilities discussed. Java Cards, and fault analysis, and a discussion whether it is actually viable to do fault injection on a Java Card will be presented 1 1.2 Structure To apply to the stated goals, this document document is set up as follows: First, in chapter 2, an introduction to Smart Cards is given which flows into the general principles of programming software which uses a Smart Card, and then into programming software which can reside on a Smart Card. From there, it discusses the vulnerabilities Java Cards have with respect to fault injection in chapter 3, and then shows a few practical fault attacks on RSA in chapter 4. The next chapter then discusses the countermeasures and their quality, and the document ¯nishes with a small chapter in which the experiences with Java Card are discussed, and the security of Java Card. 2 Chapter 2 Smart Cards Smart Cards are said to be used for new, advanced appliances. Everyone should have one, it is said. This chapter digs into what Smart Cards essentially are, how they function, how it is possible to program applications using them, and what options exist for writing applications which can run on Smart Cards. 2.1 Smart Card technology A Smart Card is a chip put on a piece of plastic.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    75 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us