CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Power-Analysis Attack on an ASIC AES implementation
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
Picking Virtual Pockets using Relay Attacks on Contactless Smartcard
SECURECOMM '05 Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
Security analysis of a cryptographically-enabled RFID device
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Remote Password Extraction from RFID Tags
IEEE Transactions on Computers
Power and EM Attacks on Passive $13.56\,\textrm{MHz}$ RFID Devices
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Practical Algebraic Attacks on the Hitag2 Stream Cipher
ISC '09 Proceedings of the 12th International Conference on Information Security
EM Side-Channel Attacks on Commercial Contactless Smartcards Using Low-Cost Equipment
Information Security Applications
Susceptibility of UHF RFID tags to electromagnetic analysis
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
A comprehensive evaluation of mutual information analysis using a fair evaluation framework
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Breaking mifare DESFire MF3ICD40: power analysis and templates in the real world
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Differential power analysis on block cipher ARIA
HPCC'05 Proceedings of the First international conference on High Performance Computing and Communications
Attacking an AES-Enabled NFC tag: implications from design to a real-world scenario
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
On Measuring the Parasitic Backscatter of Sensor-Enabled UHF RFID Tags
ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security
| Hi-index | 0.00 |
The number of applications that rely on near-field communication (NFC) technology is significantly growing. Especially for security-related applications, short communication ranges as they are provided by NFC systems are advantageous to minimize the risk of eavesdropping. In this work we show that although the communication range of NFC systems is limited to several centimeters, side-channel information modulated on the reader signal can be measured at much larger distances. We name the side-channel information modulated on the reader signal parasitic load modulation. By measuring the parasitic load modulation of a tag, so-called remote side-channel analysis (SCA) attacks can be applied. We verify the practicability of such remote attacks by analyzing a security-enabled NFC tag with an integrated Advanced Encryption Standard (AES) module. The analyzed NFC tag operates at a carrier frequency of 13.56 MHz and uses the well known ISO 14443A communication standard. We were able to conduct successful remote SCA attacks at distances up to 1 m. No special measurement equipment is required, a self-made loop antenna, a broadband amplifier, and an oscilloscope are sufficient. We further formulate a relationship between attack performance and measurement distance that is confirmed by our practical results. These are the first remote SCA attacks on an NFC tag and on tags operating in the high-frequency range at 13.56 MHz at all. The results emphasize that the integration of suitable SCA countermeasures is inevitable.