Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World

David Oswald, Chris­tof Paar

Work­shop on Cryp­to­gra­phic Hard­ware and Em­bed­ded Sys­tems, CHES 2011, Nara, Japan, Sep­tem­ber 28-Oc­to­ber 1, 2011, pages 207-222


Abstract

With the advent of side-channel analysis, implementations of mathematically secure ciphers face a new threat: by exploiting the physical characteristics of a device, adversaries are able to break algorithms such as AES or Triple-DES (3DES), for which no efficient analytical or brute-force attacks exist. In this paper, we demonstrate practical, noninvasive side-channel attacks on the Mifare DESFire MF3ICD40 contactless smartcard, a 3DES-based alternative to the cryptanalytically weak Mifare Classic [9,25]. We detail on how to recover the complete 112-bit secret key of the employed 3DES algorithm, using non-invasive power analysis and template attacks. Our methods can be put into practice at a low cost with standard equipment, thus posing a severe threat to many real-world applications that employ the DESFire MF3ICD40 smartcard.

[pdf] [extended version]

Tags: