Integrated circuit (IC) chip cards are commonly used in payment system applications since they can provide security and convenience simultaneously. More precisely, Europay, MasterCard, and VISA (EMV) are widely known to be well equipped with security frameworks that can defend against malicious attacks. On the other hand, there are other payment system applications at the national level. In the case of the Republic of Korea, standards for financial IC card specifications are established by the Korea Financial Telecommunications and Clearings Institute. Furthermore, security features defending against timing analysis, power analysis, electromagnetic analysis, and TEMPEST are required. This paper identifies side channel leakages in the financial IC cards of the Republic of Korea, although there may be side channel countermeasures. Side channel leakages in the financial IC cards of the Republic of Korea are identified for the first time since the side channel countermeasures were included in the standards. The countermeasure that is applied to the IC card from a black box perspective is estimated to measure security features against power analysis. Then, in order to investigate whether an underlying countermeasure is applied, first-order and second-order power analyses are performed on the main target, e.g., a S-box of the block cipher SEED that is employed in the financial system. Furthermore, the latest proposal in ICISC 2017 is examined to apply block cipher SEED to the financial IC card protocol. As a result, it is possible to identify some side channel leakages while expanding the lemma of the paper accepted in ICISC 2017. Algebraic logic is also constructed to recover the master key from some round keys. Finally, it is found that only 20,000 traces are required to find the master key.
Read full abstract