CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Linear Slide Attacks on the KeeLoq Block Cipher
Information Security and Cryptology
On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoq Code Hopping Scheme
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Reverse-engineering a cryptographic RFID tag
SS'08 Proceedings of the 17th conference on Security symposium
Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Dismantling SecureMemory, CryptoMemory and CryptoRF
Proceedings of the 17th ACM conference on Computer and communications security
Cryptanalysis of the atmel cipher in secure memory, cryptoMemory and crypto RF
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Proceedings of the 18th ACM conference on Computer and communications security
Gone in 360 seconds: Hijacking with Hitag2
Security'12 Proceedings of the 21st USENIX conference on Security symposium
ECML PKDD'12 Proceedings of the 2012 European conference on Machine Learning and Knowledge Discovery in Databases - Volume Part I
Attacking atmel's cryptomemory EEPROM with special-purpose hardware
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
Atmel CryptoMemory devices offer non-volatile memory with access control and authenticated encryption. They are used in commercial and military applications e.g. to prevent counterfeiting, to store secrets such as biometric data and cryptographic keys, and in electronic payment systems. Atmel advertises the devices as "secure against all the most sophisticated attacks, [...] including physical attacks". We developed a successful power analysis attack on the authentication step of CryptoMemory devices. Despite the physical security claims by Atmel we found that the devices are not protected against power analysis attacks, except for counters that limit the number of (failed) authentication attempts, and thus power traces, to at most three. We examined the handling of these counters and discovered a flaw that allows us to bypass them, and to obtain power traces from an unlimited number of failed authentication attempts. Our attacks need as few as 100 power traces to recover the secret 64-bit authentication keys. From measurements to full key extraction, the attacks can be carried out in less than 20 minutes on a standard laptop. Once the keys are known, an adversary can read protected contents, clone devices, and manipulate the memory at will, e.g. to set the balance of an electronic wallet. To our knowledge, this is the first power analysis attack on Atmel CryptoMemory products reported in the literature.