Global ETD Search

51	Smart card fault attacks on public key and elliptic curve cryptography Ling, Jie January 2014 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key. Smart Card RSA ECC Fault Attack Smart Card Security Public Key NAF wNAF Counter Fault Attack Bit Flip Attack Doubling Attack Attack Simulation Data encryption (Computer science) Curves, Elliptic -- Data processing Cryptography -- Mathematics Public key cryptography -- Research Data protection -- Research Computer engineering -- Research Coding theory Computer security Data structures (Computer science) Embedded computer systems Smart card industry Computer networks -- Security measures Computers -- Access control
52	論現金儲值卡之法律架構及問題分析謝馥薇 Unknown Date (has links) 支付系統是經濟體系中經濟金融交易的基礎，隨著電子資金移轉技術的成熟，以及消費者消費習慣之改變，在可預見的未來，電子貨幣將代領人類邁入無現金的社會。由於電子支付系統的快速發展，若未針對相關制度事先做好配套措施，可能危及整體支付系統及金融體系的穩定。本文建議應仿效歐盟之方式，採事先管制之方式，在電子貨幣的發展初期，即擬定完善管理架構，以期在促進經濟效率的同時，維持一穩定之金融環境。我國目前對於硬體式電子貨幣僅有「銀行發行現金儲值卡許可及管理辦法」可資規範，且適用上產生許多疑義，因此，本文針對電子貨幣之定義、現金儲值卡之定義，現金儲值卡交易關係中各個當事人之角色定位及法律關係，以及我國目前發展現金儲值卡及現行「銀行發行現金儲值卡許可及管理辦法」產生之疑義作一分析。就我國現行法規適用上之疑義，本文建議應釐清現金儲值卡之本質、規範現金儲值卡之發行機構、並應釐清現行「銀行發行現金儲值卡許可及管理辦法」所謂「多用途」之定義、修正現金儲值卡之法律定義、明定結算及清算機構、釐清儲值卡內之資金之性質、提昇「非銀行不得發行現金儲值卡」規範之法律位階、針對發卡機構之資產品質控管、加強消費者保護之相關規範並訂定現金儲值卡定型化契約範本，以完善我國現行之管理規範。儲值卡智慧卡電子錢電子貨幣現金儲值卡 stored value card smart card electronic money
53	Side Channel Analysis of a Java-based Contactless Smart Card Mateos Santillan, Edgar January 2012 (has links) Smart cards are widely used in different areas of modern life including identification, banking, and transportation cards. Some types of cards are able to store data and process information as well. A number of them can run cryptographic algorithms to enhance the security of their transactions and it is usually believed that the information and values stored in them are completely safe. However, this is generally not the case due to the threat of the side channel. Side channel analysis is the process of obtaining additional information from the internal activity of a physical device beyond that allowed by its specifications. There exist different techniques to attempt to obtain information from a cryptosystem using other ways than the normally permitted. This thesis presents a series of experiments intended to study the side channel from a particular type of smart card, known as Java Cards. This investigation uses the well known technique, Correlation Analysis, and a new type of side channel attack called fast correlation in the frequency domain to study the side channel of Java Cards. This research presents a giant magnetoresistor (GMR) probe and for the first time, this type of sensor is used to investigate the side channel. A novel setup designed for studying the side channel of smart cards is described and two metrics used to evaluate the analysis results are presented. After testing the GMR probe and methodology on electronic devices executing the Advanced Encryption Standard (AES), such as 8 bit microcontrollers and 128 bit AES implementations on FPGAs, these techniques were applied to analyse two different models of Java Cards working in the contactless mode. The results show that successful attacks on a software implementation of AES running on both models of Java Cards are possible. Side channel fast correlation in the frequency domain Correlation Analysis Java Card Giant magnetoresistance GMR EM analysis smart card Side Channel Analysis Electrical and Computer Engineering
54	多伺服器環境中基於智慧卡的身分認證機制之研究 / A Study on Smart Card Based User Authentication Mechanism for Multi-Server Environments 張詠詠, Chang, Yung Yung Unknown Date (has links) 隨著科技的進步，智慧卡的種類漸增，功能也愈趨完善，生活中需要使用到智慧卡的時機也愈來愈頻繁，與之相對的，其安全性也愈加受到重視，尤其在卡片遺失的情形下，必須做到卡片中留存的資料就算被有心人士竊取，也無法從中得出使用者密碼(password)，藉以偽冒成合法使用者，如此才能確保卡片使用者的安全。為了達到此一目的，許多學者在智慧卡的安全機制上做了許多的研究，如：2012年學者Cheng等人提出了一個基於智慧卡的遠端使用者登錄認證機制。同一時期，學者Li等人也提出了多伺服器網路中，基於密碼驗證的智慧卡認證機制。本研究中，我們發現Cheng等人及Li等人所自訂之智慧卡認證協議，在智慧卡遺失的情況下，並未提供完整的保密環境，導致其使用者與伺服器雙方所建立的秘鑰與會議金鑰可能被破解而無法得知。因此，我們提出了改良版的基於邏輯運算的智慧卡身分驗證機制，加入Diffie-Hellman密鑰交換，以達到更具安全性的目標。 / With advances in technology, different types and functions of smart cards have become more popular and perfect in recent years. We use smart cards in daily life more and more frequent, so smart card security has become a very important issue, especially in the case of smart-card-loss. We have to ensure that if our card is lost and someone steals the sensitive data in our card, he/she cannot use it to guess or get user’s password. To achieve the goal, many researchers have done a lot of work in smart card security. In 2012 Cheng et al. proposed a smart card based authentication scheme for remote user login and verification. During the same period, Li et al. proposed a password and smart card based user authentication mechanism for multi-server environments. In this thesis, we first pointed out the security flaws of Cheng et al.’s and Li et al.’s mechanism. We found that Cheng et al.’s and Li et al.’s mechanism cannot be secure under offline-dictionary attack in the smart-card-loss case. This enables adversaries to guess user’s password and session keys. Secondly, we introduced an improved version of smart card based authentication mechanism using Diffie-Hellman key exchange to overcome the above mentioned problems 智慧卡身分驗證機制 Diffie-Hellman密鑰交換 Smart card Authentication mechanism Diffie-Hellman key exchange
55	Side Channel Analysis of a Java-based Contactless Smart Card Mateos Santillan, Edgar January 2012 (has links) Smart cards are widely used in different areas of modern life including identification, banking, and transportation cards. Some types of cards are able to store data and process information as well. A number of them can run cryptographic algorithms to enhance the security of their transactions and it is usually believed that the information and values stored in them are completely safe. However, this is generally not the case due to the threat of the side channel. Side channel analysis is the process of obtaining additional information from the internal activity of a physical device beyond that allowed by its specifications. There exist different techniques to attempt to obtain information from a cryptosystem using other ways than the normally permitted. This thesis presents a series of experiments intended to study the side channel from a particular type of smart card, known as Java Cards. This investigation uses the well known technique, Correlation Analysis, and a new type of side channel attack called fast correlation in the frequency domain to study the side channel of Java Cards. This research presents a giant magnetoresistor (GMR) probe and for the first time, this type of sensor is used to investigate the side channel. A novel setup designed for studying the side channel of smart cards is described and two metrics used to evaluate the analysis results are presented. After testing the GMR probe and methodology on electronic devices executing the Advanced Encryption Standard (AES), such as 8 bit microcontrollers and 128 bit AES implementations on FPGAs, these techniques were applied to analyse two different models of Java Cards working in the contactless mode. The results show that successful attacks on a software implementation of AES running on both models of Java Cards are possible. Side channel fast correlation in the frequency domain Correlation Analysis Java Card Giant magnetoresistance GMR EM analysis smart card Side Channel Analysis Electrical and Computer Engineering
56	Analyses sécuritaires de code de carte à puce sous attaques physiques simulées / Security analysis of smart card C code using simulated physical attacks Kauffmann-Tourkestansky, Xavier 28 November 2012 (has links) Cette thèse s’intéresse aux effets des attaques par fautes physiques sur le code d’un système embarqué en particulier la carte à puce. De telles attaques peuvent compromettre la sécurité du système en donnant accès à des informations confidentielles, en compromettant l’intégrité de données sensibles ou en perturbant le fonctionnement pendant l’exécution. Dans cette thèse, nous décrivons des propriétés de sécurité permettant d’exprimer les garanties du système et établissons un modèle d’attaque de haut niveau définissant les capacités d’un attaquant à modifier le système. Ces propriétés et ce modèle nous servent à vérifier la sécurité du code par analyse statique ou test dynamique, combinés avec l’injection d’attaques, simulant les conséquences logicielles des fautes physiques. Deux méthodologies sont ainsi développées afin de vérifier le comportement fonctionnel du code sous attaques, tester le fonctionnement des sécurités implémentées et identifier de nouvelles attaques. Ces méthodologies ont été mises en oeuvre dans un cadre industriel afin de faciliter le travail du développeur chargé de sécuriser un code de carte à puce. / This thesis focuses on the effects of attacks by physical faults on embedded source code specifically for smart cards. Such attacks can compromise the security of the system by providing access to confidential information, compromising the integrity of sensitive data or disrupting the execution flow. In this thesis, we describe security properties to express security guarantees on the system. We also offer an attack model defining at high level an attacker’s ability to disrupt the system. With these properties and model, we check the source code security against physical attacks. We use static analysis and dynamic testing, combined with attack injection to simulate the consequences of physical faults at software level. Two techniques are created to stress the functional behavior of the code under attack, test the reliability of built-in security countermeasures and identify new threats. These techniques were implemented in a framework to help developers secure their source code in an industrial environment. Code Sécurité Attaques physiques Carte à puce Confidentialité Intégrité Injection de faute Simulation logicielle Code Security Physical attacks Smart card Confidentiality Integrity Fault injection Software simulation
57	Etudes cryptographiques et statistiques de signaux compromettants / Cryptographic and statistical side channel analysis Linge, Yanis 22 November 2013 (has links) Cette thèse porte sur les attaques par observations. Ces attaques étudient les variations d'émanation d'un composant pour retrouver une clé secrète. Ces émanations peuvent être multiples, par exemple, la consommation de courant électrique, le rayonnement électromagnétique, etc. Généralement, ces attaques font appel à des méthodes statistiques pour examiner la relation entre les émanations du composant et des modèles de consommation imaginés par l'attaquant. Trois axes sont développés dans cette thèse. Dans un premier temps, nous avons implémenté différentes attaques par observations sur des cartes graphiques en utilisant l'API OpenCL. Ces implémentations sont plus performantes que les implémentations classiques, ce qui permet à un attaquant de pouvoir traiter plus de données. Dans un second temps, nous avons proposé l'utilisation du MIC dans le cadre des attaques par observations. L'avantage du MIC, par rapport à l'information mutuelle, est sa facilité de calcul, ne dépendant pas de choix de noyau ou de taille de fenêtre. Son utilisation dans une attaque par observations est donc aisée, même si, la complexité des calculs à effectuer est souvent très importante. Enfin, nous avons introduit une nouvelle attaque, basée sur la distribution jointe de l'entrée et de la sortie de fonction cryptographique. Si cette distribution varie en fonction de la valeur de la clé impliquée par la fonction, on est capable de retrouver la clé secrète utilisée par le composant. Cette nouvelle attaque a la particularité de ne nécessiter ni la connaissance du texte clair, ni la connaissance du texte chiffré, ce qui lui permet d'être efficace même en présence de certaines contre-mesures. / The main subject of this manuscript is the Side Channel Attacks. These attacks investigate the variation of device emanations to retrieve a secret key. These emanations can be the power consumption, the electromagnetic radiation, etc. Most of the time, those attacks use statistical methods to examine the relationship between the emanations and some leakage models supposed by the attacker. Three main axis are developed here. First, we have implemented many side channel attacks on GPGPU using the API OpenCL. These implementations are more effective than the classical ones, so an attacker can exploit more data. Then, in order to provide a new side channel attack, we have suggested the use of a new dependency measurement proposed by Reshef et al., the MIC. The MIC is more advantageous than the mutual information, because its computation does not depend of a kernel choice nor a windows size. So, its use in side channel analysis is simple, even if the time complexity is large. Finally, we have introduced a new attack based on the join distribution of the input and the output of a cryptographic sub-function. If the distribution depends on the key used in the function, we can retrieve the secret key. This attack can be efficient even in presence of some countermeasures because it does not required the knowledge of both plain text or cipher text. Cryptographie Carte à puce Attaques par canaux cachés Cryptanalyse Statistique Cryptography Smart card Compromising signals Side channel attack Cryptanalysis Statistical 004
58	SIM cards for cellular networks : An introduction to SIM card application development Edsbäcker, Peter January 2011 (has links) A SIM, Subscriber Identity Module, is the removable circuit board found in a modern cellular phone. It carries the network identity information and is a type of smart card which can also be found on payment cards (EMV), ID cards and so on. A smart card is basically a small computer, providing a safe and controlled execution environment. Historically smart card software was very hardware dependent and mostly developed by the manufacturers themselves. With the introduction of the open Java Card standard created by Sun Microsystems (Oracle) this was meant to change. However, information still remains scattered and is hard to obtain. This paper is meant to serve both as an introduction to the field and also as a good foundation for future studies. It begins with a theoretical discussion about smart card hardware and software architectures, network standards in the context of SIM cards, typical applications, coming trends and technologies and ends off with an overview of the Java Card standard. The following section discusses the supplied example SIM card application coupled with an introduction how to use the Gemalto Developer Suite for application development and testing. The paper ends with an extensive appendix section going in depth about some of the more important subjects. SIM Smart card GSM 3G LTE SIM Toolkit Java Card Global Platform TPDU APDU Gemalto Developer Suite Information Systems
59	Využití čipových karet v oblasti elektronického podpisu / The Usage of Smart Cards in the Area of Digital Signature Jirovský, Tomáš January 2008 (has links) This master thesis deals with the usage of smart cards in the area of digital signature. The descriptive part of this work outlines the basic principles of digital signature, smart cards typology and current most important application areas of smart cards. The first aim of the analytic part of this work is to evaluate actual situation on the smart cards market and to estimate future market trends. The second aim is to provide summary of new technological trends and areas, in which the usage of smart cards can be expected. These new technological trends and areas are described on the basis of survey, which was realized in the company OKsystem. Part of this work serves information about practical solution OKsmart and the analysis of its future development trends.
60	Contribution à la sécurite physique des cryptosystèmes embarqués / On the physical security of embedded cryptosystems Venelli, Alexandre 31 January 2011 (has links) Ces travaux de thèse se concentrent sur l'étude des attaques par canaux cachés et les implications sur les mesures à prendre pour un concepteur de circuits sécurisés. Nous nous intéressons d'abord aux différentes attaques par canaux cachés en proposant une amélioration pour un type d'attaque générique particulièrement intéressante : l'attaque par analyse d'information mutuelle. Nous étudions l'effet des différentes techniques d'estimation d'entropie sur les résultats de l'attaque. Nous proposons l'utilisation de fonctions B-splines comme estimateurs étant donné qu'elles sont bien adaptées à notre scénario d'attaques par canaux cachés. Nous étudions aussi l'impact que peut avoir ce type d'attaques sur un cryptosystème symétrique connu, l'Advanced Encryption Standard (AES), en proposant une contre-mesure basée sur la structure algébrique de l'AES. L'opération principale de la majorité des systèmes ECC est la multiplication scalaire qui consiste à additionner un certain nombre de fois un point de courbe elliptique avec lui-même. Dans une deuxième partie, nous nous intéressons à la sécurisation de cette opération. Nous proposons un algorithme de multiplication scalaire à la fois efficace et résistant face aux principales attaques par canaux cachés. Nous étudions enfin les couplages, une construction mathématique basée sur les courbes elliptiques, qui possède des propriétés intéressantes pour la création de nouveaux protocoles cryptographiques. Nous évaluons finalement la résistance aux attaques par canaux cachés de ces constructions. / This thesis focuses on the study of side-channel attacks as well as their consequences on the secure implementation of cryptographic algorithms. We first analyze different side-channel attacks and we propose an improvement of a particularly interesting generic attack: the mutual information analysis. We study the effect of state of the art entropy estimation techniques on the results of the attack. We propose the use of B-spline funtions as estimators as they are well suited to the side-channel attack scenario. We also investigate the consequences of this kind of attack on a well known symmetric cryptosystem, the Advanced Encryption Standard (AES), and we propose a countermeasure based on the algebraic structure of AES. The main operation of ECC is the scalar multiplication that consists of adding an elliptic curve point to itself a certain number of times. In the second part, we investigate how to secure this operation. We propose a scalar multiplication algorithm that is both efficient and secure against main side-channel attacks. We then study pairings, a mathematical construction based on elliptic curves. Pairings have many interesting properties that allow the creation of new cryptographic protocols. We finally evaluate the side-channel resistance of pairings. Carte à puce Environnement embarqué Cryptographie Attaque par canaux cachés Aes Courbe elliptique Couplage Smart card Embedded environment Cryptography Side-channel attack Aes Elliptic curve Pairing

Search results