Abstract
In this paper we discuss the difficulties of mounting successful attacks against crypto implementations if essential information is missing. We start with a detailed description of our attack against our own design, to highlight which information is needed to increase the success of an attack, i.e. we use it as a blueprint to the following attack against commercially available crypto chips. We would like to stress that our attack against our own design is very similar to what happens during certification e.g. according to the Common Criteria Standard as in those cases the manufacturer needs to provide detailed information. If attacking commercial designs without signing NDAs, we were forced to intensively search the Internet for information about the designs. We were able to reveal information on the processing sequence during the authentication process even as detailed as identifying the clock cycles in which the individual key bits are processed. But we could not reveal the private keys used by the attacked commercial authentication chips 100% correctly. Moreover, as we did not knew the used keys we could not evaluate the success of our attack. To summarize, the effort of such an attack is significantly higher than the one of attacking a well-known implementation.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.