EM Side-Channel Attacks on Commercial Contactless Smartcards using Low-Cost Equipment
Timo Kasper, David Oswald, Christof Paar
10th International Workshop on Information Security Applications, WISA 2009, Busan, Korea. August 25-27, 2009.
We introduce low-cost hardware for performing non-invasive side-channel attacks on Radio Frequency Identi cation Devices (RFID) and develop techniques for facilitating a correlation power analysis (CPA) in the presence of the eld of an RFID reader. We practically verify the eectiveness of the developed methods by analysing the security of commercial contactless smartcards employing strong cryptography, pinpointing weaknesses in the protocol and revealing a vulnerability towards side-channel attacks. Employing the developed hardware, we present the
rst successful key-recovery attack on commercially available contactless smartcards based on the Data Encryption Standard (DES) or Triple- DES (3DES) cipher that are widely used for security-sensitive applications, e.g., payment purposes.[pdf] [bib]