We present a unified framework for advanced implementation attacks that allows for conducting automated side-channel analysis and fault injection targeting all kinds of embedded cryptographic devices including RFIDs. Our proposed low-cost... more
We present a unified framework for advanced implementation attacks that allows for conducting automated side-channel analysis and fault injection targeting all kinds of embedded cryptographic devices including RFIDs. Our proposed low-cost setup consists of modular functional units that can be interchanged, depending on the demands of a concrete attack scenario. We give details of customized modules for the communication with many types of embedded devices and other modules that allow to inject various types of faults. An FPGA-based approach enables very accurate timing and flexible adaption to any extension module. The corresponding data acquisition system for side-channel attacks makes precise power and EM analyses possible. Our setup facilitates the promising combination of active and passive techniques, which is known to render many established security countermeasures ineffective. We introduce several methods for the automatic profiling of cryptographic devices and model their behaviour both with respect to side-channel analysis and fault injection. To demonstrate the capabilities of our framework, we perform the first practical full key-recovery on a cryptographic contactless smartcard employing Triple-DES reported in the literature and inject multiple faults in a widespread microcontroller. We thereby disprove the common belief that highly sophisticated and expensive equipment is required to conduct such attacks. Rather, we illustrate a cost-effective setup that can be tailored to any desired type of security evaluation or penetration test.
Land is the habitat of man and its wide use is crucial for the economic, social, and environmental advancement of the country. Maintaining this vast land records data consisting of cadastral maps and alphanumeric data containing record of... more
Land is the habitat of man and its wide use is crucial for the economic, social, and environmental advancement of the country. Maintaining this vast land records data consisting of cadastral maps and alphanumeric data containing record of rights and crop statistics has always been a challenge to revenue department. Ministry of Rural Development and National Informatics Centre devised to use IT as a tool for maintaining this voluminous land records data. That will be a mammoth task as it envisages use of upcoming technologies such as GIS, Web, Open Source, smartcard and Data warehousing for the administration, distribution and analysis of land data, at all stages viz. recording, retrieving, disseminating & employing the data. Developing such Infrastructure, will lead to improving the effectiveness and efficiency of land management both from the perspective of the common man as well as that of managers implementing land based development activities. 1.0 Introduction: Although it is pa...
The performance of a distributed system is affected by the various functions of its components. The interaction between components such as network nodes, computer systems and system programs is examined with special interest accorded to... more
The performance of a distributed system is affected by the various functions of its components. The interaction between components such as network nodes, computer systems and system programs is examined with special interest accorded to its effect on system reliability. At affordable time and space costs, the analytic hierarchy process (AHP) is used to determine how the reliability of a distributed system may be controlled by appropriately assigning weights to its components. Illustrative case studies, that display the system structure, the assignment of weights and the AHP handling are presented.
Abstract Electronic Commerce (e-Commerce) and ease in the onsite transactions have led to the exponential growth in the acceptance of credit cards among consumers of all the sections. But despite their remarkable advantages, consumers... more
Abstract Electronic Commerce (e-Commerce) and ease in the onsite transactions have led to the exponential growth in the acceptance of credit cards among consumers of all the sections. But despite their remarkable advantages, consumers are still reluctant in their ...
A novel protocol is proposed to address the problem of user authentication to smartcards using devices that are currently inexpen- sive. The protocol emulates expensive Match On Card (MOC) smart- cards, which can compute a biometric... more
A novel protocol is proposed to address the problem of user authentication to smartcards using devices that are currently inexpen- sive. The protocol emulates expensive Match On Card (MOC) smart- cards, which can compute a biometric match, by cheap Template on Card (TOC) smartcards, which only store a biometric template. The actual match is delegated to an extension of the
A contactless smartcard is a smartcard that can communicate with other devices without any physical connection, using Radio-Frequency Identifier (RFID) technology. Contactless smartcards are becoming in-creasingly popular, with... more
A contactless smartcard is a smartcard that can communicate with other devices without any physical connection, using Radio-Frequency Identifier (RFID) technology. Contactless smartcards are becoming in-creasingly popular, with applications like credit-cards, national-ID, ...
Abstract. ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other at-tacks are feasible,... more
Abstract. ISO 14443 compliant smartcards are widely-used in privacy and security sensitive applications. Due to the contactless interface, they can be activated and read out from a distance. Thus, relay and other at-tacks are feasible, even without the owner noticing it. ...
Sebenarnya smartcard bukan barang baru. Industri smartcard dimulai ketika Bull (perusahaan komputer dari Perancis) dan Motorola (perusahaan chip dari Amerika Serikat) merancang dan mengembangkan smartcard untuk pertama kalinya pada tahun... more
Sebenarnya smartcard bukan barang baru. Industri smartcard dimulai ketika Bull (perusahaan komputer dari Perancis) dan Motorola (perusahaan chip dari Amerika Serikat) merancang dan mengembangkan smartcard untuk pertama kalinya pada tahun 1977 untuk perusahaan perbankan Perancis, Cartes Bancaires. Perusahaan perbankan ini selalu mengalami kerugian yang disebabkan adanya penipuan dan pemalsuan kartu kredit. Kartu palsu itu dapat digunakan untuk membayar atau untuk mendapatkan layanan.
We present new attacks against the EMV financial transaction security system (known in Europe as "Chip and PIN"), specifically on the back-end API support for sending secure mes- sages to EMV smartcards. We examine how secure... more
We present new attacks against the EMV financial transaction security system (known in Europe as "Chip and PIN"), specifically on the back-end API support for sending secure mes- sages to EMV smartcards. We examine how secure messaging is implemented in two major Hardware Security Modules (HSMs). We show how to inject chosen plaintext into encrypted trac between HSM and smartcard. In the case of IBM's implementation, we further show how to retrieve confidential data from within messages by combining the injection ability with a partial dictionary attack. Such attacks could compromise secret key update of a banking smartcard, permitting construction of a perfect counterfeit, or could change the card's PIN to a value chosen by the adversary. We discuss the issues underlying such security holes: the unwieldy primitive of cipher block chaining (CBC) has much to answer for, as does an ever-present tension between defining API functionality too specifically or too generi...
A new Italian law regarding the recruitment of university researchers and teaching staff provides for election on a national basis of the members of the selection committees. In order to handle such a process, an electronic voting system... more
A new Italian law regarding the recruitment of university researchers and teaching staff provides for election on a national basis of the members of the selection committees. In order to handle such a process, an electronic voting system has been developed which offers the necessary guarantees in terms of legitimacy, security, anonymity and secrecy both in the voting process and in the scrutiny. The system presented, based on standard cryptographic algorithms, is the one in use by all the Italian university since
Faults attacks are a powerful tool to break some implementations of robust cryptographic algorithms such as AES and DES. Various methods of faults attack on cryptographic systems have been discovered and researched. However, to the... more
Faults attacks are a powerful tool to break some implementations of robust cryptographic algorithms such as AES and DES. Various methods of faults attack on cryptographic systems have been discovered and researched. However, to the authors' knowledge, all the attacks published so far use a theoretical model of faults. In this paper we prove that we are able to reproduce
Information integration is one of the most important aspects of a Data Warehouse. When data passes from the sources of the application-oriented operational environment to the Data Warehouse, possible inconsistencies and redundancies... more
Information integration is one of the most important aspects of a Data Warehouse. When data passes from the sources of the application-oriented operational environment to the Data Warehouse, possible inconsistencies and redundancies should be resolved, so that the warehouse is able to provide an integrated and reconciled view of data of the organization. We describe a novel approach to data integration in Data Warehousing. Our approach is based on a conceptual representation of the Data Warehouse application ...